dsgsdgdsdgsdw.pad und andere Schädlinge gefunden und bereinigt, System jetzt OK?

charles_b · 24.12.2012, 14:06

Habe auf dem PC meiner Eltern mit Malwarebytes folgendes gefunden:

1. Exploit.Drop.GSA \\ Datei: dsgsdgdsgdsgw.pad(leider mit malw. gelöscht)
2. Trojan.Delf \\ Datei ProgrammData\Isass.exe (leider mit malw. gelöscht)
3. Trojan.Ransom.Gen Datei:AppData\Roaming\Micros.\StartM\Programm\Startup.\ctfmon.Ink (leider mit malw. gelöscht)

Wie gesagt wurden alle Funde mit Malwarebytes gelöscht, sorry, hab erst danach die Forumshinweise gelesen.

Vor der Löschung habe ich mit OTL gemäß Anleitung gescannt, die Logfiles poste ich unten, erst danach hab ich mit MB gescannt und gelöscht.

Probleme sind an dem PC nicht aufgetreten, vermutlich hat Avast was verhindert? Mein Vater hat da wahrscheinlich die dsgsdgdsgdsgw.exe gelöscht, denn ein entsprechender Hinweis, dass die Datei nicht gefunden werden könne kam stets beim Starten, kommt nun aber nicht mehr.

Ich frage mich, ob das System nun sauber ist oder ob es neu aufgesetzt werden muss (bitte nicht, will Weihnachten nicht so viel am PC sitzen).

Vielen Dank im Voraus! Echt toll, dass sich hier so viele Menschen engagieren!

cosinus · 24.12.2012, 17:10

Hallo und

Hast du noch weitere Logs? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon etwaig vorhandene Logs posten

Zitat:

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.

Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].

Setze den Curser zwischen die CODE-Tags und drücke STRG+V.

Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

charles_b · 25.12.2012, 11:44

Code:

ATTFilter

OTL logfile created on: 23.12.2012 13:55:33 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 61,69% Memory free
7,99 Gb Paging File | 6,37 Gb Available in Paging File | 79,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,00 Gb Total Space | 128,51 Gb Free Space | 64,26% Space Free | Partition Type: NTFS
Drive D: | 498,54 Gb Total Space | 448,82 Gb Free Space | 90,03% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TryAndDecideService) -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4263804264-3590198319-1170865667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-4263804264-3590198319-1170865667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4263804264-3590198319-1170865667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4263804264-3590198319-1170865667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 B0 7D F6 0B C6 CC 01  [binary data]
IE - HKU\S-1-5-21-4263804264-3590198319-1170865667-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4263804264-3590198319-1170865667-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={87598307-B483-4EB4-B8BB-D6641836C1DE}&mid=2a10281db45d47d0b6dc854de043f808-8b5b677eb767195b167096b59f7762bb6e9201db&lang=de&ds=od011&pr=sa&d=2012-04-09 15:22:30&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4263804264-3590198319-1170865667-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.18 10:18:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 19:19:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.22 19:09:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 19:19:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.04.11 10:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.10.24 19:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f3hyj714.default\extensions
[2012.12.08 19:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.08 19:19:18 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.14 19:57:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4263804264-3590198319-1170865667-1000..\Run: [dradio-Recorder] C:\Program Files (x86)\dradio-Recorder\phonostarStarter.exe ()
O4 - HKU\S-1-5-21-4263804264-3590198319-1170865667-1000..\Run: [dradio-RecorderTimer] C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
O4 - HKU\S-1-5-21-4263804264-3590198319-1170865667-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4263804264-3590198319-1170865667-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3536E806-A427-4FBA-AA23-973A4480392A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e3e0cc00-3491-11e1-8e75-5404a6a711fb}\Shell - "" = AutoRun
O33 - MountPoints2\{e3e0cc00-3491-11e1-8e75-5404a6a711fb}\Shell\AutoRun\command - "" = I:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.23 13:29:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.12.23 13:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.12.23 13:06:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner (2)
[2012.12.23 12:01:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.23 12:00:43 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.23 12:00:33 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.12.23 12:00:33 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.12.23 12:00:33 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.23 12:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.12.23 11:59:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.12.23 11:22:08 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012.12.23 11:22:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.12.23 11:22:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012.12.23 11:22:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012.12.23 11:22:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2012.12.23 11:22:05 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012.12.23 11:22:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.12.23 11:22:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012.12.23 11:22:01 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012.12.23 11:22:00 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012.12.23 11:22:00 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.12.23 11:22:00 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012.12.23 11:22:00 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012.12.23 11:22:00 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012.12.23 11:22:00 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012.12.23 11:22:00 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012.12.23 11:22:00 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012.12.23 11:22:00 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012.12.23 11:22:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012.12.23 11:22:00 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012.12.23 11:21:59 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012.12.23 11:21:59 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.12.23 11:21:59 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012.12.23 11:21:59 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012.12.23 11:21:58 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012.12.23 11:21:17 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.12.23 11:21:17 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.12.23 11:21:15 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.12.23 11:21:15 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.12.21 23:57:01 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.21 23:57:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.21 23:57:00 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.21 23:56:59 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.13 20:17:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 20:17:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 20:17:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 20:17:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.13 20:17:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.13 20:17:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 20:17:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 20:17:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.13 20:17:16 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.13 20:17:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.13 20:17:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.13 20:17:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 20:17:13 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.13 20:17:13 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.13 20:17:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.13 19:55:45 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.13 19:55:44 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.13 19:55:44 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.13 19:55:44 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.13 19:55:43 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.13 19:55:43 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.13 19:55:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.13 19:55:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.13 19:55:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.13 19:55:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.13 19:55:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.13 19:55:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 19:55:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 19:55:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.13 19:55:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 19:55:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 19:55:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 19:55:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 19:55:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 19:55:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 19:55:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 19:55:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 19:55:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 19:55:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 19:55:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 19:55:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 19:55:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 19:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 19:55:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 19:55:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 19:55:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 19:55:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 19:55:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 19:55:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 19:55:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 19:55:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.13 19:55:28 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 19:55:28 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.08 19:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.20 16:58:53 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.23 13:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.23 13:48:02 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.23 13:48:02 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.23 13:45:51 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.23 13:45:51 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.23 13:45:51 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.23 13:45:51 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.23 13:45:51 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.23 13:40:59 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.23 13:40:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.23 13:40:28 | 3219,742,720 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.23 13:29:38 | 404,327,106 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.23 13:06:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.23 12:00:28 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.23 12:00:23 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.23 12:00:23 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.12.23 12:00:22 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.12.23 12:00:20 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.12.23 12:00:20 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.12.23 11:59:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.12.23 11:35:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.12.22 16:29:24 | 000,421,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.11 20:53:17 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.11 20:53:17 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.12.23 13:29:38 | 404,327,106 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.09.20 16:59:01 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.04.10 09:22:56 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.04.10 09:22:56 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.04.10 09:22:53 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.04.10 09:22:53 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.12.29 20:49:21 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.12.29 20:49:21 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.12.28 13:48:06 | 000,046,056 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.12.28 13:47:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.12.28 13:47:17 | 000,036,877 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.01 16:54:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.01.01 14:35:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.01.01 13:36:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.07.08 16:23:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar GmbH
[2011.12.29 20:15:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.04.08 09:21:32 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\IrfanView
[2012.04.09 14:12:04 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\OpenCandy
[2012.04.09 14:12:05 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\pdfforge
[2011.12.30 14:10:10 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 23.12.2012 13:55:33 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 61,69% Memory free
7,99 Gb Paging File | 6,37 Gb Available in Paging File | 79,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,00 Gb Total Space | 128,51 Gb Free Space | 64,26% Space Free | Partition Type: NTFS
Drive D: | 498,54 Gb Total Space | 448,82 Gb Free Space | 90,03% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4263804264-3590198319-1170865667-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061D7C79-D3A9-4180-96C3-4FEAE1E5322F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0C4D4BD0-D4DE-4FE3-972E-7554F2C505F8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1032D360-6FD3-4A31-A987-A1F54AE6B619}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{121B43D5-B5A2-405A-9F68-C232A8351DF6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{191B8740-A42D-4E81-99FD-98F2A91FB403}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{19A70207-D7D4-4163-8EE2-64D483F8A6D5}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1BBED089-4906-49BA-AC46-D6BE416EE6FE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1F2DFB69-4522-4116-8529-08C9AC50C564}" = lport=445 | protocol=6 | dir=in | app=system | 
"{20F737CF-8BAD-4CFE-9C12-2BEFE63392A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{27CCA8B1-8771-48FF-B924-091E19581BE9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{28FEDD79-4699-4B66-837D-05DCA86D74A7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2D241A76-7125-4788-A6D6-7C312EDEB75D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{32C372B3-7073-44F1-8535-8B6549617699}" = lport=138 | protocol=17 | dir=in | app=system | 
"{366DE184-E81C-46DD-BA20-18039E44B873}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{367628D4-378D-43D1-8760-0B2ABCAFA572}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4F0609F9-A5C4-4B93-BF31-53AAE2E046F9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{602DB5CD-732B-4039-87A4-28076B9B4BD6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6C2C1711-1F26-4DC9-BB28-8EDF71359201}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{77DCA2F9-2C45-44EE-927E-0B99A9015324}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{7B486397-AE3B-4318-96CB-A7772C3BB057}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7CC08B86-8556-471A-BEE9-CA8478A26053}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8BA13856-4001-46E3-A884-C3053D12A836}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{998B1452-F187-4E5F-8C5A-02568BD676A4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A23E1BB9-8BCE-4547-845B-BE3214BE1EBB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A5CABF7B-7473-406D-84F6-913CAE9155AF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B323B954-FCB4-410E-825B-CA6B4B100B70}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B6201738-5F1F-492B-9E2A-FF560040A034}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BD44C41A-05C7-4D0F-8B68-086F4BEFF7BD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BDC31F07-4C9E-4670-950C-B4237DFF6CB9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BDFD9CBE-F90F-4EF8-8BF3-6713A66AC0D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C12ADA7A-6711-43E5-A32F-D4CF75433DBC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C5BCCE52-14C1-47E6-8929-82D3D4FE6368}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C5C01458-B331-4DBB-B478-332DB5C5CD50}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CA8D91C6-251A-4A92-8217-CFC7E4B27AB6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CDA57A58-07AD-4E65-92F4-DE58C8B4700F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D390C16B-D41E-45D4-9EBA-4330312F9F64}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DFDBDCA7-8546-40EA-B2EC-8BAB772318FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E7F21EAD-EFD8-4906-9304-C0556C93DD7F}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{EC7DA35C-5881-416B-9118-9C4AF548231D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F6C3235C-6665-48E3-9DCA-0643DA70DA82}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0283AFD5-E299-482B-897D-E4D89CA79FAE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0A1A6EB9-1725-46EF-A0F8-F737D7F870C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1098E77D-B606-4EBF-8FEF-B14E6CC1A528}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{1F9DE0F3-E527-4651-BD08-846ECD7BEA36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2175A975-C72F-401E-B108-C0E47628566A}" = protocol=6 | dir=out | app=system | 
"{32CB7724-F615-4B46-8FAB-D133C5428409}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3472E0C1-68A7-4D52-A1E6-EC54F03FF492}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3F267E4A-371B-405D-86C7-4F5DF1699434}" = protocol=6 | dir=in | app=e:\alicesetup.exe | 
"{419897F3-BDFE-497F-BF35-C5B0958E19A8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4295B80F-C357-4FA0-BA0D-305334039210}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{446F3F5F-EF4B-4D98-8C10-B398EF9C1190}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{45644087-5B23-4E98-BA8F-1F8D41ADE1AC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{57772CDE-41F6-45BD-860A-AB3E6F9941E4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5F5B4766-C774-43FA-B321-6A39217ECBC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{64D88BB6-68C3-47DC-96E6-B8B2BF47ADFE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{68D64CBE-F97B-4910-9FE0-0362C67A0D18}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{70954A4C-426E-47EB-A3B0-F4911DE84F14}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{768A05B0-8FA7-4718-87B8-42C2B1F5D7A3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8ABEB3E5-AB65-4929-9097-F4D8B4AEDB30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{95A4EFDE-6B66-43DF-8E12-A101F92C1ECE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A11C5B8F-6775-4AE2-A9EF-6419A70EDEEF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A1C2487F-D4F0-4DE5-B00D-8E9B4F7B6246}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D21D518B-CD6F-474C-8DED-B1B85727FC08}" = protocol=17 | dir=in | app=e:\alicesetup.exe | 
"{DE879FBB-EBA4-4277-8DB0-8348E1982A30}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E0FD880F-EAFC-4146-A657-6A2EBF504EC2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E3F7A75C-9C23-4F88-BAD0-04101B8B16C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB06E094-E27B-4F6E-BF85-863FC5EEF801}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F2EE7A5B-7033-4971-B59C-8F13CCA9B24B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F6516BB7-CE41-42FB-95B1-FCC0AB712BA7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{F8D7F564-FF81-4887-A098-62EB2F5C23BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FF8FD815-4DC5-493D-8CFC-2DC4415BCFEC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"TCP Query User{373D7F54-4E73-4EF6-985B-616A62524618}C:\program files (x86)\dradio-recorder\phonostar.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dradio-recorder\phonostar.exe | 
"UDP Query User{F4EEFA88-D96F-4A27-8BA0-0B6EAC657BEF}C:\program files (x86)\dradio-recorder\phonostar.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dradio-recorder\phonostar.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62140B07-129A-2BD0-81D2-2A1A7408ADC8}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite DCP-585CW
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis*True*Image*Home
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"avast" = avast! Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.6
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.12.2012 11:18:32 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/12/17 16:18:32.311]: [00002428]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.12.2012 11:18:33 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/12/17 16:18:33.855]: [00002428]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.12.2012 11:18:35 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/12/17 16:18:35.399]: [00002428]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.12.2012 11:18:36 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/12/17 16:18:36.944]: [00002428]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.12.2012 11:18:38 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/12/17 16:18:38.488]: [00002428]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.12.2012 11:18:40 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/12/17 16:18:40.033]: [00002428]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.12.2012 11:18:41 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/12/17 16:18:41.577]: [00002428]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.12.2012 11:18:43 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/12/17 16:18:43.121]: [00002428]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.12.2012 11:18:44 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/12/17 16:18:44.666]: [00002428]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.12.2012 11:18:46 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/12/17 16:18:46.210]: [00002428]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
[ System Events ]
Error - 23.12.2012 08:30:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.12.2012 08:30:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.12.2012 08:30:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.12.2012 08:30:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.12.2012 08:30:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.12.2012 08:30:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.12.2012 08:30:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.12.2012 08:30:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.12.2012 08:40:56 | Computer Name = ***-PC | Source = ipnathlp | ID = 34001
Description = 
 
Error - 23.12.2012 08:40:56 | Computer Name = ***-PC | Source = ipnathlp | ID = 30013
Description = 
 
 
< End of report >

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.23.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Aktiviert

23.12.2012 14:01:45
mbam-log-2012-12-23 (17-12-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 466405
Laufzeit: 46 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.23.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Aktiviert

23.12.2012 17:27:42
mbam-log-2012-12-23 (17-27-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 466017
Laufzeit: 48 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.24.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Aktiviert

24.12.2012 13:42:12
mbam-log-2012-12-24 (13-42-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 461660
Laufzeit: 48 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

1. OTL
2. Malwb.
3.Malwb. nach Löschung
4.Malwb. nach Systemneustart

Sorry für das falsche Posten der Logfiles.

1. +2 OTL
3. Malwb.
4. Malwb. nach Löschung
5. Malwb. nach Systemneustart

Sorry für das falsche Posten der Logfiles.

cosinus · 26.12.2012, 21:35

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

charles_b · 28.12.2012, 20:59

Code:

ATTFilter

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.28.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [administrator]

28.12.2012 11:29:04
mbar-log-2012-12-28 (11-29-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29794
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hallo und vielen Dank für die schnelle Hilfe,

leider oder zum Glück hat der Suchvorgang keinen Fund geliefert.

Ansonsten wurde alles nach Anleitung erledigt.

cosinus · 28.12.2012, 22:05

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

charles_b · 29.12.2012, 15:14

aswMBR
stürzt schon mal ab mit dem Hinweis, AV-Anti-Rootkit funktioniere nicht richtig.

Mit der Auswahl "None" kommt als Ergebnis:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-29 15:15:06
-----------------------------
15:15:06.686    OS Version: Windows x64 6.1.7601 Service Pack 1
15:15:06.686    Number of processors: 2 586 0x603
15:15:06.686    ComputerName: ***-PC  UserName: ***
15:15:07.755    Initialize success
15:15:07.833    AVAST engine defs: 12122900
15:15:14.837    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:15:14.837    Disk 0 Vendor: ST3750525AS JC45 Size: 715404MB BusType: 11
15:15:14.868    Disk 0 MBR read successfully
15:15:14.868    Disk 0 MBR scan
15:15:14.884    Disk 0 Windows 7 default MBR code
15:15:14.884    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:15:14.900    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       204799 MB offset 206848
15:15:14.915    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       510503 MB offset 419635200
15:15:14.946    Disk 0 scanning C:\Windows\system32\drivers
15:15:23.261    Service scanning
15:15:34.025    Modules scanning
15:15:34.025    Disk 0 trace - called modules:
15:15:34.041    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
15:15:34.540    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a84060]
15:15:34.540    3 CLASSPNP.SYS[fffff8800146643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a3a060]
15:15:34.556    Scan finished successfully
15:16:24.242    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
15:16:24.242    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

TDSS ergibt:

Code:

ATTFilter

15:18:23.0503 2532  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:18:23.0733 2532  ============================================================
15:18:23.0733 2532  Current date / time: 2012/12/29 15:18:23.0733
15:18:23.0733 2532  SystemInfo:
15:18:23.0733 2532  
15:18:23.0733 2532  OS Version: 6.1.7601 ServicePack: 1.0
15:18:23.0733 2532  Product type: Workstation
15:18:23.0733 2532  ComputerName: ***-PC
15:18:23.0733 2532  UserName: ***
15:18:23.0733 2532  Windows directory: C:\Windows
15:18:23.0733 2532  System windows directory: C:\Windows
15:18:23.0733 2532  Running under WOW64
15:18:23.0733 2532  Processor architecture: Intel x64
15:18:23.0733 2532  Number of processors: 2
15:18:23.0733 2532  Page size: 0x1000
15:18:23.0733 2532  Boot type: Normal boot
15:18:23.0733 2532  ============================================================
15:18:24.0543 2532  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:18:24.0563 2532  ============================================================
15:18:24.0563 2532  \Device\Harddisk0\DR0:
15:18:24.0563 2532  MBR partitions:
15:18:24.0563 2532  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:18:24.0563 2532  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x18FFF800
15:18:24.0563 2532  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x19032000, BlocksNum 0x3E513800
15:18:24.0563 2532  ============================================================
15:18:24.0663 2532  C: <-> \Device\Harddisk0\DR0\Partition2
15:18:24.0743 2532  D: <-> \Device\Harddisk0\DR0\Partition3
15:18:24.0743 2532  ============================================================
15:18:24.0743 2532  Initialize success
15:18:24.0743 2532  ============================================================
15:19:06.0586 1484  ============================================================
15:19:06.0586 1484  Scan started
15:19:06.0586 1484  Mode: Manual; SigCheck; TDLFS; 
15:19:06.0586 1484  ============================================================
15:19:06.0976 1484  ================ Scan system memory ========================
15:19:06.0976 1484  System memory - ok
15:19:06.0976 1484  ================ Scan services =============================
15:19:07.0101 1484  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:19:07.0194 1484  1394ohci - ok
15:19:07.0210 1484  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:19:07.0226 1484  ACPI - ok
15:19:07.0241 1484  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:19:07.0257 1484  AcpiPmi - ok
15:19:07.0319 1484  [ 4C096D550B6BC71D9D9A8716995C1879 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
15:19:07.0366 1484  AcrSch2Svc - ok
15:19:07.0428 1484  [ 4451CC2275B04043EC2BCC757AF97291 ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
15:19:07.0460 1484  AdobeActiveFileMonitor8.0 - ok
15:19:07.0506 1484  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:19:07.0538 1484  AdobeARMservice - ok
15:19:07.0772 1484  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:19:07.0803 1484  AdobeFlashPlayerUpdateSvc - ok
15:19:07.0818 1484  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:19:07.0834 1484  adp94xx - ok
15:19:07.0865 1484  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:19:07.0881 1484  adpahci - ok
15:19:07.0896 1484  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:19:07.0912 1484  adpu320 - ok
15:19:07.0943 1484  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:19:08.0052 1484  AeLookupSvc - ok
15:19:08.0099 1484  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:19:08.0130 1484  AFD - ok
15:19:08.0162 1484  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:19:08.0162 1484  agp440 - ok
15:19:08.0193 1484  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:19:08.0240 1484  ALG - ok
15:19:08.0255 1484  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:19:08.0271 1484  aliide - ok
15:19:08.0286 1484  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:19:08.0302 1484  amdide - ok
15:19:08.0302 1484  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:19:08.0318 1484  AmdK8 - ok
15:19:08.0349 1484  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:19:08.0364 1484  AmdPPM - ok
15:19:08.0396 1484  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:19:08.0396 1484  amdsata - ok
15:19:08.0411 1484  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:19:08.0427 1484  amdsbs - ok
15:19:08.0442 1484  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:19:08.0442 1484  amdxata - ok
15:19:08.0474 1484  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
15:19:08.0505 1484  androidusb - ok
15:19:08.0505 1484  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:19:08.0552 1484  AppID - ok
15:19:08.0567 1484  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:19:08.0598 1484  AppIDSvc - ok
15:19:08.0614 1484  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:19:08.0661 1484  Appinfo - ok
15:19:08.0676 1484  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
15:19:08.0676 1484  arc - ok
15:19:08.0692 1484  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:19:08.0692 1484  arcsas - ok
15:19:08.0739 1484  [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
15:19:08.0754 1484  AsIO - ok
15:19:08.0801 1484  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
15:19:08.0801 1484  aswFsBlk - ok
15:19:08.0832 1484  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
15:19:08.0848 1484  aswMonFlt - ok
15:19:08.0848 1484  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
15:19:08.0864 1484  aswRdr - ok
15:19:08.0895 1484  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
15:19:08.0926 1484  aswSnx - ok
15:19:08.0973 1484  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
15:19:09.0004 1484  aswSP - ok
15:19:09.0035 1484  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
15:19:09.0051 1484  aswTdi - ok
15:19:09.0066 1484  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:19:09.0113 1484  AsyncMac - ok
15:19:09.0129 1484  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:19:09.0129 1484  atapi - ok
15:19:09.0160 1484  [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
15:19:09.0160 1484  AtiPcie - ok
15:19:09.0191 1484  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:19:09.0222 1484  AudioEndpointBuilder - ok
15:19:09.0222 1484  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:19:09.0254 1484  AudioSrv - ok
15:19:09.0316 1484  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:19:09.0347 1484  avast! Antivirus - ok
15:19:09.0363 1484  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:19:09.0394 1484  AxInstSV - ok
15:19:09.0441 1484  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:19:09.0488 1484  b06bdrv - ok
15:19:09.0503 1484  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:19:09.0534 1484  b57nd60a - ok
15:19:09.0566 1484  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:19:09.0581 1484  BDESVC - ok
15:19:09.0597 1484  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:19:09.0628 1484  Beep - ok
15:19:09.0659 1484  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:19:09.0706 1484  BFE - ok
15:19:09.0737 1484  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:19:09.0800 1484  BITS - ok
15:19:09.0815 1484  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:19:09.0831 1484  blbdrive - ok
15:19:09.0862 1484  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:19:09.0893 1484  bowser - ok
15:19:09.0893 1484  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:19:09.0893 1484  BrFiltLo - ok
15:19:09.0909 1484  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:19:09.0924 1484  BrFiltUp - ok
15:19:09.0940 1484  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:19:09.0971 1484  Browser - ok
15:19:09.0987 1484  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:19:10.0002 1484  Brserid - ok
15:19:10.0002 1484  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:19:10.0018 1484  BrSerWdm - ok
15:19:10.0018 1484  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:19:10.0034 1484  BrUsbMdm - ok
15:19:10.0034 1484  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:19:10.0049 1484  BrUsbSer - ok
15:19:10.0049 1484  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:19:10.0080 1484  BTHMODEM - ok
15:19:10.0096 1484  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:19:10.0127 1484  bthserv - ok
15:19:10.0143 1484  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:19:10.0174 1484  cdfs - ok
15:19:10.0190 1484  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:19:10.0190 1484  cdrom - ok
15:19:10.0205 1484  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:19:10.0236 1484  CertPropSvc - ok
15:19:10.0252 1484  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
15:19:10.0252 1484  circlass - ok
15:19:10.0283 1484  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:19:10.0299 1484  CLFS - ok
15:19:10.0330 1484  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:19:10.0346 1484  clr_optimization_v2.0.50727_32 - ok
15:19:10.0377 1484  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:19:10.0377 1484  clr_optimization_v2.0.50727_64 - ok
15:19:10.0439 1484  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:19:10.0470 1484  clr_optimization_v4.0.30319_32 - ok
15:19:10.0502 1484  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:19:10.0502 1484  clr_optimization_v4.0.30319_64 - ok
15:19:10.0517 1484  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:19:10.0533 1484  CmBatt - ok
15:19:10.0548 1484  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:19:10.0564 1484  cmdide - ok
15:19:10.0595 1484  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
15:19:10.0626 1484  CNG - ok
15:19:10.0642 1484  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:19:10.0642 1484  Compbatt - ok
15:19:10.0673 1484  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:19:10.0689 1484  CompositeBus - ok
15:19:10.0704 1484  COMSysApp - ok
15:19:10.0720 1484  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:19:10.0736 1484  crcdisk - ok
15:19:10.0767 1484  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:19:10.0798 1484  CryptSvc - ok
15:19:10.0829 1484  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:19:10.0876 1484  DcomLaunch - ok
15:19:10.0892 1484  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:19:10.0923 1484  defragsvc - ok
15:19:10.0954 1484  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:19:10.0985 1484  DfsC - ok
15:19:11.0016 1484  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:19:11.0048 1484  Dhcp - ok
15:19:11.0048 1484  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:19:11.0079 1484  discache - ok
15:19:11.0094 1484  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
15:19:11.0110 1484  Disk - ok
15:19:11.0141 1484  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:19:11.0172 1484  Dnscache - ok
15:19:11.0188 1484  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:19:11.0219 1484  dot3svc - ok
15:19:11.0219 1484  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:19:11.0266 1484  DPS - ok
15:19:11.0297 1484  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:19:11.0344 1484  drmkaud - ok
15:19:11.0375 1484  [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:19:11.0391 1484  dtsoftbus01 - ok
15:19:11.0422 1484  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:19:11.0438 1484  DXGKrnl - ok
15:19:11.0469 1484  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:19:11.0484 1484  EapHost - ok
15:19:11.0547 1484  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:19:11.0609 1484  ebdrv - ok
15:19:11.0640 1484  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:19:11.0672 1484  EFS - ok
15:19:11.0734 1484  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:19:11.0765 1484  ehRecvr - ok
15:19:11.0781 1484  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:19:11.0796 1484  ehSched - ok
15:19:11.0828 1484  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:19:11.0843 1484  elxstor - ok
15:19:11.0859 1484  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:19:11.0874 1484  ErrDev - ok
15:19:11.0890 1484  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:19:11.0937 1484  EventSystem - ok
15:19:11.0952 1484  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:19:11.0984 1484  exfat - ok
15:19:12.0015 1484  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:19:12.0046 1484  fastfat - ok
15:19:12.0077 1484  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:19:12.0108 1484  Fax - ok
15:19:12.0124 1484  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
15:19:12.0155 1484  fdc - ok
15:19:12.0171 1484  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:19:12.0202 1484  fdPHost - ok
15:19:12.0218 1484  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:19:12.0249 1484  FDResPub - ok
15:19:12.0264 1484  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:19:12.0264 1484  FileInfo - ok
15:19:12.0264 1484  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:19:12.0311 1484  Filetrace - ok
15:19:12.0327 1484  [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:19:12.0342 1484  FLEXnet Licensing Service - ok
15:19:12.0358 1484  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:19:12.0358 1484  flpydisk - ok
15:19:12.0374 1484  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:19:12.0389 1484  FltMgr - ok
15:19:12.0420 1484  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
15:19:12.0452 1484  FontCache - ok
15:19:12.0483 1484  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:19:12.0514 1484  FontCache3.0.0.0 - ok
15:19:12.0530 1484  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:19:12.0545 1484  FsDepends - ok
15:19:12.0561 1484  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:19:12.0561 1484  Fs_Rec - ok
15:19:12.0576 1484  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:19:12.0592 1484  fvevol - ok
15:19:12.0608 1484  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:19:12.0623 1484  gagp30kx - ok
15:19:12.0639 1484  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:19:12.0686 1484  gpsvc - ok
15:19:12.0779 1484  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:19:12.0810 1484  gupdate - ok
15:19:12.0810 1484  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:19:12.0826 1484  gupdatem - ok
15:19:12.0857 1484  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:19:12.0888 1484  hcw85cir - ok
15:19:12.0920 1484  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:19:12.0951 1484  HdAudAddService - ok
15:19:12.0966 1484  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:19:12.0998 1484  HDAudBus - ok
15:19:12.0998 1484  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:19:13.0029 1484  HidBatt - ok
15:19:13.0029 1484  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:19:13.0060 1484  HidBth - ok
15:19:13.0060 1484  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:19:13.0076 1484  HidIr - ok
15:19:13.0091 1484  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:19:13.0122 1484  hidserv - ok
15:19:13.0122 1484  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:19:13.0138 1484  HidUsb - ok
15:19:13.0154 1484  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:19:13.0185 1484  hkmsvc - ok
15:19:13.0200 1484  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:19:13.0232 1484  HomeGroupListener - ok
15:19:13.0263 1484  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:19:13.0310 1484  HomeGroupProvider - ok
15:19:13.0325 1484  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:19:13.0341 1484  HpSAMD - ok
15:19:13.0372 1484  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:19:13.0419 1484  HTTP - ok
15:19:13.0419 1484  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:19:13.0434 1484  hwpolicy - ok
15:19:13.0466 1484  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:19:13.0466 1484  i8042prt - ok
15:19:13.0512 1484  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:19:13.0544 1484  iaStorV - ok
15:19:13.0590 1484  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:19:13.0606 1484  idsvc - ok
15:19:13.0622 1484  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:19:13.0637 1484  iirsp - ok
15:19:13.0700 1484  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:19:13.0762 1484  IKEEXT - ok
15:19:13.0871 1484  [ EB5FA493A4B6EA290200AE39EBA2FBC6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:19:13.0965 1484  IntcAzAudAddService - ok
15:19:13.0996 1484  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:19:13.0996 1484  intelide - ok
15:19:14.0027 1484  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
15:19:14.0043 1484  intelppm - ok
15:19:14.0058 1484  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:19:14.0090 1484  IPBusEnum - ok
15:19:14.0105 1484  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:19:14.0152 1484  IpFilterDriver - ok
15:19:14.0183 1484  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:19:14.0230 1484  iphlpsvc - ok
15:19:14.0230 1484  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:19:14.0261 1484  IPMIDRV - ok
15:19:14.0292 1484  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:19:14.0339 1484  IPNAT - ok
15:19:14.0370 1484  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:19:14.0402 1484  IRENUM - ok
15:19:14.0417 1484  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:19:14.0417 1484  isapnp - ok
15:19:14.0433 1484  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:19:14.0448 1484  iScsiPrt - ok
15:19:14.0480 1484  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:19:14.0480 1484  kbdclass - ok
15:19:14.0495 1484  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:19:14.0511 1484  kbdhid - ok
15:19:14.0511 1484  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:19:14.0526 1484  KeyIso - ok
15:19:14.0558 1484  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:19:14.0558 1484  KSecDD - ok
15:19:14.0573 1484  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:19:14.0589 1484  KSecPkg - ok
15:19:14.0604 1484  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:19:14.0636 1484  ksthunk - ok
15:19:14.0682 1484  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:19:14.0745 1484  KtmRm - ok
15:19:14.0760 1484  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:19:14.0807 1484  LanmanServer - ok
15:19:14.0823 1484  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:19:14.0854 1484  LanmanWorkstation - ok
15:19:14.0870 1484  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:19:14.0901 1484  lltdio - ok
15:19:14.0916 1484  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:19:14.0963 1484  lltdsvc - ok
15:19:14.0979 1484  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:19:15.0010 1484  lmhosts - ok
15:19:15.0041 1484  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:19:15.0041 1484  LSI_FC - ok
15:19:15.0057 1484  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:19:15.0072 1484  LSI_SAS - ok
15:19:15.0072 1484  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:19:15.0088 1484  LSI_SAS2 - ok
15:19:15.0104 1484  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:19:15.0104 1484  LSI_SCSI - ok
15:19:15.0119 1484  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:19:15.0150 1484  luafv - ok
15:19:15.0182 1484  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:19:15.0197 1484  MBAMProtector - ok
15:19:15.0244 1484  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:19:15.0275 1484  MBAMScheduler - ok
15:19:15.0291 1484  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:19:15.0322 1484  MBAMService - ok
15:19:15.0369 1484  [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
15:19:15.0400 1484  McComponentHostService - ok
15:19:15.0416 1484  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:19:15.0447 1484  Mcx2Svc - ok
15:19:15.0447 1484  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:19:15.0462 1484  megasas - ok
15:19:15.0478 1484  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:19:15.0509 1484  MegaSR - ok
15:19:15.0540 1484  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:19:15.0603 1484  MMCSS - ok
15:19:15.0634 1484  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:19:15.0665 1484  Modem - ok
15:19:15.0681 1484  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:19:15.0712 1484  monitor - ok
15:19:15.0728 1484  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:19:15.0743 1484  mouclass - ok
15:19:15.0774 1484  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:19:15.0774 1484  mouhid - ok
15:19:15.0790 1484  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:19:15.0806 1484  mountmgr - ok
15:19:15.0837 1484  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:19:15.0852 1484  MozillaMaintenance - ok
15:19:15.0852 1484  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:19:15.0868 1484  mpio - ok
15:19:15.0884 1484  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:19:15.0915 1484  mpsdrv - ok
15:19:15.0930 1484  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:19:15.0962 1484  MpsSvc - ok
15:19:15.0977 1484  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:19:16.0008 1484  MRxDAV - ok
15:19:16.0024 1484  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:19:16.0055 1484  mrxsmb - ok
15:19:16.0055 1484  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:19:16.0086 1484  mrxsmb10 - ok
15:19:16.0102 1484  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:19:16.0102 1484  mrxsmb20 - ok
15:19:16.0118 1484  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:19:16.0118 1484  msahci - ok
15:19:16.0149 1484  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:19:16.0149 1484  msdsm - ok
15:19:16.0164 1484  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:19:16.0196 1484  MSDTC - ok
15:19:16.0211 1484  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:19:16.0242 1484  Msfs - ok
15:19:16.0258 1484  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:19:16.0289 1484  mshidkmdf - ok
15:19:16.0305 1484  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:19:16.0320 1484  msisadrv - ok
15:19:16.0336 1484  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:19:16.0383 1484  MSiSCSI - ok
15:19:16.0383 1484  msiserver - ok
15:19:16.0414 1484  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:19:16.0445 1484  MSKSSRV - ok
15:19:16.0461 1484  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:19:16.0508 1484  MSPCLOCK - ok
15:19:16.0508 1484  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:19:16.0539 1484  MSPQM - ok
15:19:16.0554 1484  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:19:16.0570 1484  MsRPC - ok
15:19:16.0586 1484  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:19:16.0586 1484  mssmbios - ok
15:19:16.0601 1484  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:19:16.0632 1484  MSTEE - ok
15:19:16.0632 1484  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:19:16.0648 1484  MTConfig - ok
15:19:16.0679 1484  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
15:19:16.0679 1484  MTsensor - ok
15:19:16.0695 1484  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:19:16.0695 1484  Mup - ok
15:19:16.0726 1484  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:19:16.0773 1484  napagent - ok
15:19:16.0788 1484  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:19:16.0820 1484  NativeWifiP - ok
15:19:16.0866 1484  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:19:16.0898 1484  NDIS - ok
15:19:16.0913 1484  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:19:16.0944 1484  NdisCap - ok
15:19:16.0944 1484  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:19:16.0976 1484  NdisTapi - ok
15:19:16.0991 1484  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:19:17.0007 1484  Ndisuio - ok
15:19:17.0022 1484  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:19:17.0069 1484  NdisWan - ok
15:19:17.0069 1484  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:19:17.0116 1484  NDProxy - ok
15:19:17.0132 1484  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:19:17.0163 1484  NetBIOS - ok
15:19:17.0178 1484  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:19:17.0210 1484  NetBT - ok
15:19:17.0210 1484  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:19:17.0225 1484  Netlogon - ok
15:19:17.0256 1484  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:19:17.0288 1484  Netman - ok
15:19:17.0303 1484  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:19:17.0350 1484  netprofm - ok
15:19:17.0381 1484  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:19:17.0397 1484  NetTcpPortSharing - ok
15:19:17.0412 1484  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:19:17.0428 1484  nfrd960 - ok
15:19:17.0444 1484  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:19:17.0459 1484  NlaSvc - ok
15:19:17.0490 1484  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:19:17.0522 1484  Npfs - ok
15:19:17.0522 1484  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:19:17.0615 1484  nsi - ok
15:19:17.0631 1484  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:19:17.0662 1484  nsiproxy - ok
15:19:17.0709 1484  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:19:17.0756 1484  Ntfs - ok
15:19:17.0787 1484  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:19:17.0880 1484  Null - ok
15:19:18.0021 1484  [ 10204955027011E08A9DC27737A48A54 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
15:19:18.0052 1484  NVHDA - ok
15:19:18.0270 1484  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:19:18.0567 1484  nvlddmkm - ok
15:19:18.0614 1484  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:19:18.0645 1484  nvraid - ok
15:19:18.0660 1484  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:19:18.0676 1484  nvstor - ok
15:19:18.0723 1484  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:19:18.0770 1484  nvsvc - ok
15:19:18.0801 1484  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:19:18.0832 1484  nvUpdatusService - ok
15:19:18.0848 1484  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:19:18.0848 1484  nv_agp - ok
15:19:18.0863 1484  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:19:18.0879 1484  ohci1394 - ok
15:19:18.0926 1484  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:19:18.0926 1484  ose - ok
15:19:19.0004 1484  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:19:19.0144 1484  osppsvc - ok
15:19:19.0175 1484  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:19:19.0222 1484  p2pimsvc - ok
15:19:19.0238 1484  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:19:19.0253 1484  p2psvc - ok
15:19:19.0269 1484  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:19:19.0284 1484  Parport - ok
15:19:19.0300 1484  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:19:19.0316 1484  partmgr - ok
15:19:19.0331 1484  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:19:19.0362 1484  PcaSvc - ok
15:19:19.0378 1484  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:19:19.0394 1484  pci - ok
15:19:19.0394 1484  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:19:19.0409 1484  pciide - ok
15:19:19.0425 1484  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:19:19.0425 1484  pcmcia - ok
15:19:19.0440 1484  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:19:19.0456 1484  pcw - ok
15:19:19.0472 1484  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:19:19.0503 1484  PEAUTH - ok
15:19:19.0596 1484  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:19:19.0628 1484  PerfHost - ok
15:19:19.0659 1484  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:19:19.0721 1484  pla - ok
15:19:19.0784 1484  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:19:19.0846 1484  PlugPlay - ok
15:19:19.0877 1484  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:19:19.0893 1484  PNRPAutoReg - ok
15:19:19.0924 1484  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:19:19.0940 1484  PNRPsvc - ok
15:19:19.0971 1484  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:19:20.0033 1484  PolicyAgent - ok
15:19:20.0049 1484  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:19:20.0096 1484  Power - ok
15:19:20.0127 1484  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:19:20.0158 1484  PptpMiniport - ok
15:19:20.0174 1484  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
15:19:20.0174 1484  Processor - ok
15:19:20.0205 1484  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:19:20.0220 1484  ProfSvc - ok
15:19:20.0236 1484  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:19:20.0236 1484  ProtectedStorage - ok
15:19:20.0252 1484  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:19:20.0298 1484  Psched - ok
15:19:20.0330 1484  [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
15:19:20.0330 1484  PxHlpa64 - ok
15:19:20.0361 1484  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:19:20.0408 1484  ql2300 - ok
15:19:20.0423 1484  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:19:20.0423 1484  ql40xx - ok
15:19:20.0454 1484  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:19:20.0470 1484  QWAVE - ok
15:19:20.0486 1484  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:19:20.0501 1484  QWAVEdrv - ok
15:19:20.0517 1484  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:19:20.0532 1484  RasAcd - ok
15:19:20.0564 1484  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:19:20.0595 1484  RasAgileVpn - ok
15:19:20.0610 1484  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:19:20.0642 1484  RasAuto - ok
15:19:20.0657 1484  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:19:20.0688 1484  Rasl2tp - ok
15:19:20.0704 1484  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:19:20.0735 1484  RasMan - ok
15:19:20.0751 1484  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:19:20.0798 1484  RasPppoe - ok
15:19:20.0798 1484  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:19:20.0829 1484  RasSstp - ok
15:19:20.0844 1484  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:19:20.0876 1484  rdbss - ok
15:19:20.0891 1484  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:19:20.0891 1484  rdpbus - ok
15:19:20.0907 1484  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:19:20.0938 1484  RDPCDD - ok
15:19:20.0954 1484  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:19:20.0985 1484  RDPENCDD - ok
15:19:21.0000 1484  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:19:21.0032 1484  RDPREFMP - ok
15:19:21.0063 1484  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:19:21.0094 1484  RdpVideoMiniport - ok
15:19:21.0110 1484  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:19:21.0125 1484  RDPWD - ok
15:19:21.0141 1484  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:19:21.0156 1484  rdyboost - ok
15:19:21.0172 1484  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:19:21.0203 1484  RemoteAccess - ok
15:19:21.0219 1484  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:19:21.0266 1484  RemoteRegistry - ok
15:19:21.0281 1484  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:19:21.0312 1484  RpcEptMapper - ok
15:19:21.0344 1484  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:19:21.0359 1484  RpcLocator - ok
15:19:21.0375 1484  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:19:21.0406 1484  RpcSs - ok
15:19:21.0422 1484  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:19:21.0437 1484  rspndr - ok
15:19:21.0484 1484  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:19:21.0500 1484  RTL8167 - ok
15:19:21.0500 1484  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:19:21.0515 1484  SamSs - ok
15:19:21.0515 1484  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:19:21.0531 1484  sbp2port - ok
15:19:21.0531 1484  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:19:21.0562 1484  SCardSvr - ok
15:19:21.0578 1484  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:19:21.0609 1484  scfilter - ok
15:19:21.0640 1484  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:19:21.0687 1484  Schedule - ok
15:19:21.0702 1484  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:19:21.0734 1484  SCPolicySvc - ok
15:19:21.0749 1484  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:19:21.0780 1484  SDRSVC - ok
15:19:21.0796 1484  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:19:21.0843 1484  secdrv - ok
15:19:21.0858 1484  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:19:21.0890 1484  seclogon - ok
15:19:21.0905 1484  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:19:21.0936 1484  SENS - ok
15:19:21.0952 1484  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:19:21.0983 1484  SensrSvc - ok
15:19:21.0999 1484  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:19:22.0014 1484  Serenum - ok
15:19:22.0030 1484  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:19:22.0046 1484  Serial - ok
15:19:22.0061 1484  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:19:22.0077 1484  sermouse - ok
15:19:22.0092 1484  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:19:22.0124 1484  SessionEnv - ok
15:19:22.0124 1484  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:19:22.0139 1484  sffdisk - ok
15:19:22.0139 1484  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:19:22.0155 1484  sffp_mmc - ok
15:19:22.0155 1484  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:19:22.0186 1484  sffp_sd - ok
15:19:22.0186 1484  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:19:22.0202 1484  sfloppy - ok
15:19:22.0233 1484  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:19:22.0280 1484  SharedAccess - ok
15:19:22.0342 1484  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:19:22.0389 1484  ShellHWDetection - ok
15:19:22.0404 1484  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:19:22.0420 1484  SiSRaid2 - ok
15:19:22.0436 1484  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:19:22.0436 1484  SiSRaid4 - ok
15:19:22.0451 1484  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:19:22.0514 1484  Smb - ok
15:19:22.0841 1484  [ D33F37DD403741982DBE99C7B6B6FF63 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
15:19:22.0872 1484  snapman - ok
15:19:22.0904 1484  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:19:22.0919 1484  SNMPTRAP - ok
15:19:22.0935 1484  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:19:22.0950 1484  spldr - ok
15:19:23.0044 1484  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:19:23.0091 1484  Spooler - ok
15:19:23.0231 1484  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:19:23.0340 1484  sppsvc - ok
15:19:23.0372 1484  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:19:23.0387 1484  sppuinotify - ok
15:19:23.0434 1484  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:19:23.0465 1484  srv - ok
15:19:23.0481 1484  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:19:23.0496 1484  srv2 - ok
15:19:23.0528 1484  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:19:23.0543 1484  srvnet - ok
15:19:23.0574 1484  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
15:19:23.0621 1484  ssadbus - ok
15:19:23.0652 1484  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:19:23.0668 1484  ssadmdfl - ok
15:19:23.0684 1484  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
15:19:23.0715 1484  ssadmdm - ok
15:19:23.0746 1484  [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
15:19:23.0762 1484  sscdbus - ok
15:19:23.0808 1484  [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:19:23.0824 1484  sscdmdfl - ok
15:19:23.0855 1484  [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
15:19:23.0871 1484  sscdmdm - ok
15:19:23.0918 1484  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:19:23.0949 1484  SSDPSRV - ok
15:19:23.0964 1484  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:19:23.0996 1484  SstpSvc - ok
15:19:24.0058 1484  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:19:24.0074 1484  Stereo Service - ok
15:19:24.0089 1484  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:19:24.0105 1484  stexstor - ok
15:19:24.0136 1484  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:19:24.0167 1484  stisvc - ok
15:19:24.0198 1484  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:19:24.0230 1484  swenum - ok
15:19:24.0276 1484  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:19:24.0339 1484  swprv - ok
15:19:24.0573 1484  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:19:24.0635 1484  SysMain - ok
15:19:24.0651 1484  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:19:24.0666 1484  TabletInputService - ok
15:19:24.0682 1484  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:19:24.0729 1484  TapiSrv - ok
15:19:24.0744 1484  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:19:24.0776 1484  TBS - ok
15:19:25.0056 1484  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:19:25.0197 1484  Tcpip - ok
15:19:25.0275 1484  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:19:25.0306 1484  TCPIP6 - ok
15:19:25.0337 1484  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:19:25.0337 1484  tcpipreg - ok
15:19:25.0400 1484  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:19:25.0462 1484  TDPIPE - ok
15:19:25.0556 1484  [ 0735948466EC4FD24AA4AD36448C6888 ] tdrpman         C:\Windows\system32\DRIVERS\tdrpman.sys
15:19:25.0602 1484  tdrpman - ok
15:19:25.0634 1484  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:19:25.0665 1484  TDTCP - ok
15:19:25.0696 1484  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:19:25.0727 1484  tdx - ok
15:19:26.0133 1484  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
15:19:26.0226 1484  TeamViewer7 - ok
15:19:26.0242 1484  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:19:26.0258 1484  TermDD - ok
15:19:26.0320 1484  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:19:26.0398 1484  TermService - ok
15:19:26.0429 1484  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:19:26.0429 1484  Themes - ok
15:19:26.0445 1484  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:19:26.0476 1484  THREADORDER - ok
15:19:26.0538 1484  [ 8FF7D3276F47938AD11FD15B4EB1ABF6 ] tifsfilter      C:\Windows\system32\DRIVERS\tifsfilt.sys
15:19:26.0585 1484  tifsfilter - ok
15:19:26.0710 1484  [ 5D21EC50C03387B9519E87A303D0850B ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
15:19:26.0804 1484  timounter - ok
15:19:26.0850 1484  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:19:26.0897 1484  TrkWks - ok
15:19:26.0960 1484  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:19:27.0022 1484  TrustedInstaller - ok
15:19:27.0194 1484  [ 7C9159A4647AC97CFA106BFB38789FB8 ] TryAndDecideService C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
15:19:27.0225 1484  TryAndDecideService - ok
15:19:27.0240 1484  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:19:27.0318 1484  tssecsrv - ok
15:19:27.0350 1484  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:19:27.0365 1484  TsUsbFlt - ok
15:19:27.0396 1484  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:19:27.0396 1484  TsUsbGD - ok
15:19:27.0459 1484  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:19:27.0521 1484  tunnel - ok
15:19:27.0537 1484  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:19:27.0537 1484  uagp35 - ok
15:19:27.0584 1484  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:19:27.0646 1484  udfs - ok
15:19:27.0693 1484  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:19:27.0708 1484  UI0Detect - ok
15:19:27.0724 1484  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:19:27.0724 1484  uliagpkx - ok
15:19:27.0771 1484  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:19:27.0786 1484  umbus - ok
15:19:27.0786 1484  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:19:27.0818 1484  UmPass - ok
15:19:27.0864 1484  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:19:27.0974 1484  upnphost - ok
15:19:27.0989 1484  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:19:28.0005 1484  usbaudio - ok
15:19:28.0067 1484  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:19:28.0098 1484  usbccgp - ok
15:19:28.0192 1484  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:19:28.0270 1484  usbcir - ok
15:19:28.0317 1484  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:19:28.0348 1484  usbehci - ok
15:19:28.0395 1484  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:19:28.0442 1484  usbhub - ok
15:19:28.0442 1484  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:19:28.0473 1484  usbohci - ok
15:19:28.0488 1484  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:19:28.0520 1484  usbprint - ok
15:19:28.0566 1484  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:19:28.0598 1484  usbscan - ok
15:19:28.0644 1484  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:19:28.0691 1484  USBSTOR - ok
15:19:28.0707 1484  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:19:28.0738 1484  usbuhci - ok
15:19:28.0785 1484  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:19:28.0847 1484  UxSms - ok
15:19:28.0863 1484  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:19:28.0878 1484  VaultSvc - ok
15:19:28.0894 1484  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:19:28.0910 1484  vdrvroot - ok
15:19:29.0003 1484  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:19:29.0097 1484  vds - ok
15:19:29.0112 1484  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:19:29.0128 1484  vga - ok
15:19:29.0190 1484  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:19:29.0253 1484  VgaSave - ok
15:19:29.0268 1484  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:19:29.0284 1484  vhdmp - ok
15:19:29.0300 1484  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:19:29.0300 1484  viaide - ok
15:19:29.0331 1484  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:19:29.0346 1484  volmgr - ok
15:19:29.0596 1484  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:19:29.0627 1484  volmgrx - ok
15:19:29.0690 1484  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:19:29.0705 1484  volsnap - ok
15:19:29.0752 1484  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:19:29.0752 1484  vsmraid - ok
15:19:30.0002 1484  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:19:30.0126 1484  VSS - ok
15:19:30.0142 1484  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:19:30.0173 1484  vwifibus - ok
15:19:30.0579 1484  [ 7959EA6EADC1AAF7FB40678F0BAB4C0E ] VX1000          C:\Windows\system32\DRIVERS\VX1000.sys
15:19:30.0657 1484  VX1000 - ok
15:19:30.0719 1484  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:19:30.0797 1484  W32Time - ok
15:19:30.0828 1484  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:19:30.0875 1484  WacomPen - ok
15:19:30.0906 1484  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:19:31.0000 1484  WANARP - ok
15:19:31.0000 1484  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:19:31.0016 1484  Wanarpv6 - ok
15:19:31.0250 1484  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:19:31.0359 1484  wbengine - ok
15:19:31.0390 1484  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:19:31.0421 1484  WbioSrvc - ok
15:19:31.0452 1484  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:19:31.0484 1484  wcncsvc - ok
15:19:31.0499 1484  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:19:31.0546 1484  WcsPlugInService - ok
15:19:31.0562 1484  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
15:19:31.0577 1484  Wd - ok
15:19:31.0718 1484  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:19:31.0780 1484  Wdf01000 - ok
15:19:31.0811 1484  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:19:32.0014 1484  WdiServiceHost - ok
15:19:32.0014 1484  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:19:32.0045 1484  WdiSystemHost - ok
15:19:32.0108 1484  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:19:32.0154 1484  WebClient - ok
15:19:32.0186 1484  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:19:32.0217 1484  Wecsvc - ok
15:19:32.0232 1484  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:19:32.0279 1484  wercplsupport - ok
15:19:32.0326 1484  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:19:32.0357 1484  WerSvc - ok
15:19:32.0404 1484  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:19:32.0435 1484  WfpLwf - ok
15:19:32.0451 1484  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:19:32.0466 1484  WIMMount - ok
15:19:32.0466 1484  WinDefend - ok
15:19:32.0466 1484  WinHttpAutoProxySvc - ok
15:19:32.0560 1484  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:19:32.0591 1484  Winmgmt - ok
15:19:32.0638 1484  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:19:32.0700 1484  WinRM - ok
15:19:32.0763 1484  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:19:32.0778 1484  WinUsb - ok
15:19:32.0810 1484  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:19:32.0856 1484  Wlansvc - ok
15:19:32.0888 1484  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:19:32.0888 1484  WmiAcpi - ok
15:19:32.0919 1484  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:19:32.0934 1484  wmiApSrv - ok
15:19:32.0950 1484  WMPNetworkSvc - ok
15:19:32.0966 1484  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:19:32.0997 1484  WPCSvc - ok
15:19:33.0012 1484  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:19:33.0028 1484  WPDBusEnum - ok
15:19:33.0044 1484  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:19:33.0075 1484  ws2ifsl - ok
15:19:33.0090 1484  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:19:33.0122 1484  wscsvc - ok
15:19:33.0122 1484  WSearch - ok
15:19:33.0168 1484  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:19:33.0246 1484  wuauserv - ok
15:19:33.0262 1484  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:19:33.0278 1484  WudfPf - ok
15:19:33.0288 1484  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:19:33.0308 1484  WUDFRd - ok
15:19:33.0338 1484  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:19:33.0398 1484  wudfsvc - ok
15:19:33.0468 1484  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:19:33.0488 1484  WwanSvc - ok
15:19:33.0488 1484  ================ Scan global ===============================
15:19:33.0518 1484  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:19:33.0528 1484  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:19:33.0538 1484  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:19:33.0568 1484  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:19:33.0588 1484  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:19:33.0588 1484  [Global] - ok
15:19:33.0588 1484  ================ Scan MBR ==================================
15:19:33.0598 1484  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:19:33.0948 1484  \Device\Harddisk0\DR0 - ok
15:19:33.0948 1484  ================ Scan VBR ==================================
15:19:33.0948 1484  [ 6156DB68499FBE0E4FF186295C94850F ] \Device\Harddisk0\DR0\Partition1
15:19:33.0958 1484  \Device\Harddisk0\DR0\Partition1 - ok
15:19:34.0028 1484  [ 7B68FAD360DAD43D5CE0CC79147E6B10 ] \Device\Harddisk0\DR0\Partition2
15:19:34.0028 1484  \Device\Harddisk0\DR0\Partition2 - ok
15:19:34.0048 1484  [ 596B9C014560A197933C475D2AB8189B ] \Device\Harddisk0\DR0\Partition3
15:19:34.0048 1484  \Device\Harddisk0\DR0\Partition3 - ok
15:19:34.0048 1484  ============================================================
15:19:34.0048 1484  Scan finished
15:19:34.0048 1484  ============================================================
15:19:34.0068 3576  Detected object count: 0
15:19:34.0068 3576  Actual detected object count: 0

charles_b · 29.12.2012, 15:38

anbei der Viruscontainer von Avast, hab leider keinen Plan, wie ich hier ein Bild posten kann, daher als Anhang.

cosinus · 30.12.2012, 00:20

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

charles_b · 30.12.2012, 10:49

combofix Log:

Code:

ATTFilter

ComboFix 12-12-30.01 - *** 30.12.2012  10:24:57.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4094.2564 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-28 bis 2012-12-30  ))))))))))))))))))))))))))))))
.
.
2012-12-30 09:33 . 2012-12-30 09:33	--------	d-----w-	c:\users\Verena\AppData\Local\temp
2012-12-30 09:33 . 2012-12-30 09:33	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-12-30 09:33 . 2012-12-30 09:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-30 09:25 . 2012-12-30 09:25	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF1868A3-CA5F-4755-8A07-DBD3ECB9828E}\offreg.dll
2012-12-28 16:52 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF1868A3-CA5F-4755-8A07-DBD3ECB9828E}\mpengine.dll
2012-12-28 16:41 . 2012-12-28 16:41	--------	d-----w-	c:\users\***\AppData\Local\Programs
2012-12-25 11:19 . 2012-12-25 11:19	--------	d-----w-	c:\users\***\AppData\Local\Samsung
2012-12-25 11:19 . 2012-12-25 11:19	--------	d-----w-	c:\users\***\AppData\Roaming\Samsung
2012-12-25 11:09 . 2012-12-18 09:06	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2012-12-25 11:09 . 2012-12-18 09:06	821824	----a-w-	c:\windows\SysWow64\dgderapi.dll
2012-12-25 11:08 . 2012-12-25 11:10	--------	d-----w-	c:\program files (x86)\Samsung
2012-12-25 11:08 . 2012-12-25 11:09	--------	d-----w-	c:\programdata\Samsung
2012-12-25 11:01 . 2012-12-25 11:01	--------	d-----w-	c:\users\***\AppData\Local\Downloaded Installations
2012-12-23 13:00 . 2012-12-23 13:00	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-12-23 12:57 . 2012-12-23 12:57	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-23 12:57 . 2012-12-23 12:57	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-23 12:57 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-23 12:24 . 2012-12-23 12:39	--------	d-----w-	c:\programdata\HitmanPro
2012-12-23 11:01 . 2012-12-23 11:01	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-12-23 11:00 . 2012-12-23 11:00	95184	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-23 11:00 . 2012-12-23 11:00	--------	d-----w-	c:\program files (x86)\Java
2012-12-23 10:21 . 2012-08-23 10:39	1048064	----a-w-	c:\windows\SysWow64\mstsc.exe
2012-12-21 22:57 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 22:57 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 22:57 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 22:56 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-13 19:17 . 2012-11-14 05:53	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-12-13 18:56 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-13 18:56 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-23 11:00 . 2012-07-11 16:17	859072	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-12-23 11:00 . 2011-12-29 09:34	779704	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-12-13 19:18 . 2011-12-28 13:15	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-11 19:53 . 2012-04-09 07:25	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 19:53 . 2011-12-29 09:28	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2011-12-29 19:12	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-12-29 19:12	370288	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-12-29 19:12	984144	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-12-29 19:11	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-12-29 19:12	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-12-29 19:11	41224	----a-w-	c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-12-29 19:11	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-12-29 19:11	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-11-27 18:46	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 18:46	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 18:46	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-03-23 20:10	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-10-10 20:23 . 2012-10-10 20:23	1867112	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23	18252136	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23	1482600	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23	6127464	----a-w-	c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23	2574696	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23	25256296	----a-w-	c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23	7414632	----a-w-	c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23	2731880	----a-w-	c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2012-10-10 20:23	14922600	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23	9146728	----a-w-	c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23	7697768	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23	2218344	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23	12501352	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22	2428776	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22	26331496	----a-w-	c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2011-12-29 09:43	1760104	----a-w-	c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2012-10-10 20:22	15309160	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22	2747240	----a-w-	c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22	19906920	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22	13443944	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22	17559912	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-10-09 18:17 . 2012-11-13 22:05	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-13 22:05	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-13 22:05	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-13 22:05	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 18:55	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-13 22:05	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-13 22:05	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-13 22:05	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-13 22:05	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-13 22:05	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-13 22:05	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-13 22:05	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-13 22:05	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-13 22:05	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-13 22:05	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-13 22:05	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 19:51 . 2011-12-28 13:11	3293544	----a-w-	c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-12-28 13:11	6200680	----a-w-	c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-12-28 13:11	891240	----a-w-	c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-12-28 13:11	63336	----a-w-	c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2011-12-28 13:11	2557800	----a-w-	c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-12-28 13:11	118120	----a-w-	c:\windows\system32\nvmctray.dll
2012-10-02 12:15 . 2012-10-02 12:15	430952	----a-w-	c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dradio-RecorderTimer"="c:\program files (x86)\dradio-Recorder\phonostarTimer.exe" [2012-04-03 41472]
"dradio-Recorder"="c:\program files (x86)\dradio-Recorder\phonostarStarter.exe" [2012-04-03 113152]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-08-31 2622232]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-08-31 907040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2012-06-27 36328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-01 279616]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 19:53]
.
2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 08:46]
.
2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 08:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-30 762224]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-08-31 140568]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3hyj714.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-30  10:47:14
ComboFix-quarantined-files.txt  2012-12-30 09:47
.
Vor Suchlauf: 8 Verzeichnis(se), 135.442.460.672 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 138.564.743.168 Bytes frei
.
- - End Of File - - 44D22B8144DA14289606DD4EF7959D5A

cosinus · 30.12.2012, 17:48

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

charles_b · 30.12.2012, 19:00

und hier das ADW Log:

Code:

ATTFilter

# AdwCleaner v2.104 - Datei am 30/12/2012 um 18:59:02 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\Verena\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\Verena\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKU\S-1-5-21-4263804264-3590198319-1170865667-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3hyj714.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\lbyz655j.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2387 octets] - [30/12/2012 18:59:02]

########## EOF - C:\AdwCleaner[R1].txt - [2447 octets] ##########

cosinus · 30.12.2012, 19:08

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

charles_b · 30.12.2012, 19:19

Code:

ATTFilter

# AdwCleaner v2.104 - Datei am 30/12/2012 um 19:16:04 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Verena\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Verena\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3hyj714.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\lbyz655j.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2500 octets] - [30/12/2012 18:59:02]
AdwCleaner[R2].txt - [2568 octets] - [30/12/2012 19:15:34]
AdwCleaner[S1].txt - [2347 octets] - [30/12/2012 19:16:04]

########## EOF - C:\AdwCleaner[S1].txt - [2407 octets] ##########

cosinus · 30.12.2012, 19:54

Was ist mit OTL?

30.12.2012, 19:54	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	dsgsdgdsdgsdw.pad und andere Schädlinge gefunden und bereinigt, System jetzt OK? Was ist mit OTL? __________________ Logfiles bitte immer in CODE-Tags posten

dsgsdgdsdgsdw.pad und andere Schädlinge gefunden und bereinigt, System jetzt OK?

Plagegeister aller Art und deren Bekämpfung: dsgsdgdsdgsdw.pad und andere Schädlinge gefunden und bereinigt, System jetzt OK?