Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 06.01.2013, 00:55   #1
korox
 
Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM - Standard

Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM



Nabend,

Hab mir anscheinend einen Trojaner aus welchem Grund auch immer eingefangen.

Die Datei, die infiziert wurde lautet "ravmon.exe und der Trojaner "TR/Agent.aeim".

Laut Avira wurde der Zugriff dieser Datei verweigert und nachdem ich jetzt einmal einen Quickscan mit Avira und MBAM durchführte und dann nochmal einen "aktiven Malwarescan" wird auch nichts mehr von beiden Programmen gefunden.

Ist mein System nun sicher? Dadurch das der Zugriff verweigert wurde ist ja daraus zu schließen,dass die Datei nicht aktiv war und mein System nicht beschädigt wurde.

Laut Avira kopiert sich die Datei hierhin • %WINDIR%\SVCHOST.EXE
• %Laufwerk%\RavMon.exe

Um diese Dateien zu erstellen – %WINDIR%\SVCHOST.INI
– %WINDIR%\MDM.EXE

Könnte ich nicht theoretisch,falls mein System noch infiziert sein sollte,einfach in diesen Dateinpfad gehen und die jeweiligen datein manuell löschen? Habs zwar schon versucht,finde aber nichts wenn ich in die Windows Suchleiste den Dateienpfad eingebe.

Danke schonmal für die Hilfe und Ich wünsch euch nochmal verspätet,ein schönes neues Jahr

Alt 06.01.2013, 03:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM - Standard

Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM



Hallo und

Zitat:
Die Datei, die infiziert wurde lautet "ravmon.exe und der Trojaner "TR/Agent.aeim".
Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 06.01.2013, 13:29   #3
korox
 
Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM - Standard

Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM



Code:
ATTFilter
In der Datei '\Device\HarddiskVolume1\RavMon.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.aeim' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigert.
         
Halt der Echtzeitscanner..In allen anderen Logs wurde nichts gefunden.
__________________

Alt 06.01.2013, 16:24   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM - Standard

Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.01.2013, 17:15   #5
korox
 
Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM - Standard

Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM



Ich hatte bereits einen Scan mit Malwarebytes Anti-Rootkit gemacht. Es wurde auch nichts gefunden,wobei bei mir immer die Appinits_dll Warnung kommt.

Hier der Log
Code:
ATTFilter
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2013.01.06.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Koro :: KORO-PC [administrator]

06.01.2013 03:47:58
mbar-log-2013-01-06 (03-47-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28527
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         


Alt 07.01.2013, 20:22   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM - Standard

Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
--> Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM

Alt 07.01.2013, 23:29   #7
korox
 
Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM - Standard

Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM



TDSS KILLER LOG :

Code:
ATTFilter
23:24:09.0824 4908  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:24:09.0834 4908  ============================================================
23:24:09.0834 4908  Current date / time: 2013/01/07 23:24:09.0834
23:24:09.0834 4908  SystemInfo:
23:24:09.0834 4908  
23:24:09.0834 4908  OS Version: 6.1.7601 ServicePack: 1.0
23:24:09.0834 4908  Product type: Workstation
23:24:09.0834 4908  ComputerName: KORO-PC
23:24:09.0834 4908  UserName: Koro
23:24:09.0834 4908  Windows directory: C:\Windows
23:24:09.0834 4908  System windows directory: C:\Windows
23:24:09.0834 4908  Running under WOW64
23:24:09.0834 4908  Processor architecture: Intel x64
23:24:09.0834 4908  Number of processors: 4
23:24:09.0834 4908  Page size: 0x1000
23:24:09.0834 4908  Boot type: Normal boot
23:24:09.0834 4908  ============================================================
23:24:10.0584 4908  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:24:10.0604 4908  ============================================================
23:24:10.0604 4908  \Device\Harddisk0\DR0:
23:24:10.0604 4908  MBR partitions:
23:24:10.0604 4908  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:24:10.0604 4908  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
23:24:10.0604 4908  ============================================================
23:24:10.0614 4908  C: <-> \Device\Harddisk0\DR0\Partition2
23:24:10.0614 4908  ============================================================
23:24:10.0614 4908  Initialize success
23:24:10.0614 4908  ============================================================
23:24:47.0904 5172  ============================================================
23:24:47.0904 5172  Scan started
23:24:47.0904 5172  Mode: Manual; SigCheck; TDLFS; 
23:24:47.0904 5172  ============================================================
23:24:48.0274 5172  ================ Scan system memory ========================
23:24:48.0274 5172  System memory - ok
23:24:48.0274 5172  ================ Scan services =============================
23:24:48.0354 5172  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:24:48.0434 5172  1394ohci - ok
23:24:48.0444 5172  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:24:48.0454 5172  ACPI - ok
23:24:48.0464 5172  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:24:48.0514 5172  AcpiPmi - ok
23:24:48.0544 5172  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:24:48.0554 5172  AdobeARMservice - ok
23:24:48.0624 5172  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:24:48.0634 5172  AdobeFlashPlayerUpdateSvc - ok
23:24:48.0664 5172  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:24:48.0674 5172  adp94xx - ok
23:24:48.0684 5172  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:24:48.0694 5172  adpahci - ok
23:24:48.0714 5172  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:24:48.0714 5172  adpu320 - ok
23:24:48.0724 5172  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:24:48.0814 5172  AeLookupSvc - ok
23:24:48.0864 5172  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
23:24:48.0904 5172  AFD - ok
23:24:48.0914 5172  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:24:48.0924 5172  agp440 - ok
23:24:48.0934 5172  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
23:24:48.0984 5172  ALG - ok
23:24:48.0994 5172  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:24:48.0994 5172  aliide - ok
23:24:49.0054 5172  ALSysIO - ok
23:24:49.0074 5172  [ 603358D65A9ABF0DA21BB99A32D14C44 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:24:49.0124 5172  AMD External Events Utility - ok
23:24:49.0134 5172  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
23:24:49.0134 5172  amdide - ok
23:24:49.0154 5172  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:24:49.0194 5172  AmdK8 - ok
23:24:49.0584 5172  [ 2FE0FD18358C4F58B70BC008324A971D ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:24:49.0734 5172  amdkmdag - ok
23:24:49.0764 5172  [ A28AA0D1F6B7D5FB1932A0D72B492BFF ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:24:49.0784 5172  amdkmdap - ok
23:24:49.0784 5172  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:24:49.0794 5172  AmdPPM - ok
23:24:49.0824 5172  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:24:49.0834 5172  amdsata - ok
23:24:49.0854 5172  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:24:49.0854 5172  amdsbs - ok
23:24:49.0874 5172  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:24:49.0874 5172  amdxata - ok
23:24:49.0914 5172  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:24:49.0924 5172  AntiVirSchedulerService - ok
23:24:49.0944 5172  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:24:49.0954 5172  AntiVirService - ok
23:24:49.0984 5172  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
23:24:50.0094 5172  AppID - ok
23:24:50.0114 5172  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:24:50.0154 5172  AppIDSvc - ok
23:24:50.0174 5172  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
23:24:50.0204 5172  Appinfo - ok
23:24:50.0244 5172  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
23:24:50.0284 5172  AppMgmt - ok
23:24:50.0284 5172  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:24:50.0284 5172  arc - ok
23:24:50.0294 5172  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:24:50.0294 5172  arcsas - ok
23:24:50.0324 5172  [ 954950D11ADA98AC1B7EE3C770E4622C ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
23:24:50.0354 5172  asmthub3 - ok
23:24:50.0374 5172  [ 01DBB05DB1DB95803E3C9F2B49AFE79C ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
23:24:50.0414 5172  asmtxhci - ok
23:24:50.0434 5172  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:24:50.0464 5172  AsyncMac - ok
23:24:50.0484 5172  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
23:24:50.0484 5172  atapi - ok
23:24:50.0504 5172  [ AAAE03F8EDA817EC28C5445193EA8BF3 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
23:24:50.0504 5172  AthBTPort - ok
23:24:50.0524 5172  [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU          C:\Windows\system32\Drivers\AthDfu.sys
23:24:50.0534 5172  ATHDFU - ok
23:24:50.0554 5172  [ C34B28D6285EAD94B3A2FABA84E90DA5 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
23:24:50.0554 5172  AtherosSvc - ok
23:24:50.0574 5172  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:24:50.0574 5172  AtiHDAudioService - ok
23:24:50.0604 5172  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:24:50.0634 5172  AudioEndpointBuilder - ok
23:24:50.0644 5172  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:24:50.0664 5172  AudioSrv - ok
23:24:50.0704 5172  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:24:50.0714 5172  avgntflt - ok
23:24:50.0724 5172  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:24:50.0734 5172  avipbb - ok
23:24:50.0734 5172  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:24:50.0744 5172  avkmgr - ok
23:24:50.0774 5172  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:24:50.0794 5172  AxInstSV - ok
23:24:50.0824 5172  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
23:24:50.0864 5172  b06bdrv - ok
23:24:50.0884 5172  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:24:50.0904 5172  b57nd60a - ok
23:24:50.0934 5172  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:24:50.0964 5172  BDESVC - ok
23:24:50.0994 5172  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:24:51.0034 5172  Beep - ok
23:24:51.0084 5172  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
23:24:51.0104 5172  BFE - ok
23:24:51.0144 5172  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
23:24:51.0184 5172  BITS - ok
23:24:51.0194 5172  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:24:51.0214 5172  blbdrive - ok
23:24:51.0244 5172  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:24:51.0264 5172  bowser - ok
23:24:51.0264 5172  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:24:51.0314 5172  BrFiltLo - ok
23:24:51.0314 5172  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:24:51.0324 5172  BrFiltUp - ok
23:24:51.0334 5172  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
23:24:51.0364 5172  Browser - ok
23:24:51.0464 5172  [ EBBA16A88F517BFB1B7681ABF006C8B0 ] Browser Manager C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
23:24:51.0494 5172  Browser Manager - ok
23:24:51.0504 5172  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:24:51.0524 5172  Brserid - ok
23:24:51.0534 5172  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:24:51.0544 5172  BrSerWdm - ok
23:24:51.0544 5172  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:24:51.0564 5172  BrUsbMdm - ok
23:24:51.0564 5172  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:24:51.0584 5172  BrUsbSer - ok
23:24:51.0624 5172  [ 3B1B573371B206D1D5F25E0EF5FCD6D6 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
23:24:51.0634 5172  BTATH_A2DP - ok
23:24:51.0644 5172  [ 2D0446336D9DB55A742B999EC16ADF15 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
23:24:51.0654 5172  BTATH_BUS - ok
23:24:51.0664 5172  [ 9A9694BBEB2849EAF95DFFCAE5DF02AD ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
23:24:51.0674 5172  BTATH_HCRP - ok
23:24:51.0684 5172  [ FC0A8075DDF2E9C66267AEC91E0676F9 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
23:24:51.0684 5172  BTATH_LWFLT - ok
23:24:51.0704 5172  [ 5EB4815CBDDBA4541F2380DAE6E269AB ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
23:24:51.0704 5172  BTATH_RCP - ok
23:24:51.0714 5172  [ 0ECEDE7B33CFD9A52A61220ABBD09A50 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
23:24:51.0724 5172  BtFilter - ok
23:24:51.0744 5172  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
23:24:51.0784 5172  BthEnum - ok
23:24:51.0794 5172  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:24:51.0804 5172  BTHMODEM - ok
23:24:51.0834 5172  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:24:51.0854 5172  BthPan - ok
23:24:51.0874 5172  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
23:24:51.0924 5172  BTHPORT - ok
23:24:51.0954 5172  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
23:24:51.0964 5172  bthserv - ok
23:24:51.0984 5172  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
23:24:52.0004 5172  BTHUSB - ok
23:24:52.0034 5172  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:24:52.0054 5172  cdfs - ok
23:24:52.0074 5172  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
23:24:52.0094 5172  cdrom - ok
23:24:52.0124 5172  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:24:52.0154 5172  CertPropSvc - ok
23:24:52.0184 5172  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:24:52.0204 5172  circlass - ok
23:24:52.0224 5172  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
23:24:52.0234 5172  CLFS - ok
23:24:52.0274 5172  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:24:52.0284 5172  clr_optimization_v2.0.50727_32 - ok
23:24:52.0304 5172  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:24:52.0304 5172  clr_optimization_v2.0.50727_64 - ok
23:24:52.0354 5172  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:24:52.0364 5172  clr_optimization_v4.0.30319_32 - ok
23:24:52.0394 5172  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:24:52.0404 5172  clr_optimization_v4.0.30319_64 - ok
23:24:52.0414 5172  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:24:52.0424 5172  CmBatt - ok
23:24:52.0434 5172  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:24:52.0444 5172  cmdide - ok
23:24:52.0464 5172  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
23:24:52.0484 5172  CNG - ok
23:24:52.0494 5172  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:24:52.0494 5172  Compbatt - ok
23:24:52.0524 5172  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:24:52.0544 5172  CompositeBus - ok
23:24:52.0544 5172  COMSysApp - ok
23:24:52.0564 5172  cpuz135 - ok
23:24:52.0584 5172  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:24:52.0584 5172  crcdisk - ok
23:24:52.0614 5172  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:24:52.0634 5172  CryptSvc - ok
23:24:52.0654 5172  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
23:24:52.0704 5172  CSC - ok
23:24:52.0734 5172  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
23:24:52.0764 5172  CscService - ok
23:24:52.0794 5172  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:24:52.0824 5172  DcomLaunch - ok
23:24:52.0864 5172  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
23:24:52.0884 5172  defragsvc - ok
23:24:52.0904 5172  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:24:52.0934 5172  DfsC - ok
23:24:52.0974 5172  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
23:24:52.0974 5172  dg_ssudbus - ok
23:24:53.0004 5172  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:24:53.0034 5172  Dhcp - ok
23:24:53.0044 5172  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
23:24:53.0064 5172  discache - ok
23:24:53.0084 5172  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:24:53.0094 5172  Disk - ok
23:24:53.0114 5172  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:24:53.0144 5172  Dnscache - ok
23:24:53.0164 5172  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:24:53.0204 5172  dot3svc - ok
23:24:53.0224 5172  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
23:24:53.0264 5172  DPS - ok
23:24:53.0294 5172  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:24:53.0314 5172  drmkaud - ok
23:24:53.0344 5172  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:24:53.0354 5172  DXGKrnl - ok
23:24:53.0364 5172  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
23:24:53.0384 5172  EapHost - ok
23:24:53.0434 5172  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
23:24:53.0504 5172  ebdrv - ok
23:24:53.0524 5172  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
23:24:53.0544 5172  EFS - ok
23:24:53.0584 5172  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:24:53.0624 5172  ehRecvr - ok
23:24:53.0644 5172  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
23:24:53.0674 5172  ehSched - ok
23:24:53.0704 5172  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:24:53.0714 5172  elxstor - ok
23:24:53.0724 5172  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:24:53.0754 5172  ErrDev - ok
23:24:53.0774 5172  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
23:24:53.0814 5172  EventSystem - ok
23:24:53.0834 5172  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
23:24:53.0844 5172  exfat - ok
23:24:53.0854 5172  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:24:53.0884 5172  fastfat - ok
23:24:53.0934 5172  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
23:24:53.0954 5172  Fax - ok
23:24:53.0964 5172  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:24:53.0974 5172  fdc - ok
23:24:53.0994 5172  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:24:54.0014 5172  fdPHost - ok
23:24:54.0014 5172  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:24:54.0054 5172  FDResPub - ok
23:24:54.0064 5172  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:24:54.0064 5172  FileInfo - ok
23:24:54.0074 5172  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:24:54.0094 5172  Filetrace - ok
23:24:54.0104 5172  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:24:54.0104 5172  flpydisk - ok
23:24:54.0124 5172  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:24:54.0134 5172  FltMgr - ok
23:24:54.0174 5172  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
23:24:54.0214 5172  FontCache - ok
23:24:54.0234 5172  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:24:54.0244 5172  FontCache3.0.0.0 - ok
23:24:54.0254 5172  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:24:54.0254 5172  FsDepends - ok
23:24:54.0264 5172  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:24:54.0274 5172  Fs_Rec - ok
23:24:54.0314 5172  [ C5A4A998EEA6297A235169CCD1F2D93F ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
23:24:54.0324 5172  Futuremark SystemInfo Service - ok
23:24:54.0354 5172  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:24:54.0354 5172  fvevol - ok
23:24:54.0374 5172  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:24:54.0384 5172  gagp30kx - ok
23:24:54.0404 5172  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
23:24:54.0444 5172  gpsvc - ok
23:24:54.0474 5172  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:24:54.0484 5172  gupdate - ok
23:24:54.0484 5172  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:24:54.0494 5172  gupdatem - ok
23:24:54.0524 5172  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:24:54.0534 5172  gusvc - ok
23:24:54.0544 5172  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:24:54.0584 5172  hcw85cir - ok
23:24:54.0614 5172  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:24:54.0624 5172  HdAudAddService - ok
23:24:54.0654 5172  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:24:54.0684 5172  HDAudBus - ok
23:24:54.0694 5172  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:24:54.0714 5172  HidBatt - ok
23:24:54.0734 5172  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:24:54.0744 5172  HidBth - ok
23:24:54.0744 5172  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:24:54.0764 5172  HidIr - ok
23:24:54.0794 5172  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
23:24:54.0814 5172  hidserv - ok
23:24:54.0834 5172  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:24:54.0844 5172  HidUsb - ok
23:24:54.0884 5172  [ FD1837DEE0A1D7F180D7B301C0656511 ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
23:24:54.0894 5172  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
23:24:54.0894 5172  HiPatchService - detected UnsignedFile.Multi.Generic (1)
23:24:54.0914 5172  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:24:54.0934 5172  hkmsvc - ok
23:24:54.0954 5172  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:24:54.0974 5172  HomeGroupListener - ok
23:24:54.0984 5172  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:24:55.0004 5172  HomeGroupProvider - ok
23:24:55.0034 5172  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:24:55.0044 5172  HpSAMD - ok
23:24:55.0064 5172  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:24:55.0104 5172  HTTP - ok
23:24:55.0124 5172  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:24:55.0124 5172  hwpolicy - ok
23:24:55.0144 5172  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:24:55.0144 5172  i8042prt - ok
23:24:55.0174 5172  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:24:55.0184 5172  iaStorV - ok
23:24:55.0214 5172  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:24:55.0224 5172  idsvc - ok
23:24:55.0234 5172  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:24:55.0244 5172  iirsp - ok
23:24:55.0264 5172  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
23:24:55.0294 5172  IKEEXT - ok
23:24:55.0354 5172  [ DAB7318CCFA8081200D5B7B486793F74 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:24:55.0384 5172  IntcAzAudAddService - ok
23:24:55.0394 5172  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
23:24:55.0404 5172  intelide - ok
23:24:55.0414 5172  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:24:55.0434 5172  intelppm - ok
23:24:55.0464 5172  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:24:55.0494 5172  IPBusEnum - ok
23:24:55.0514 5172  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:24:55.0554 5172  IpFilterDriver - ok
23:24:55.0574 5172  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:24:55.0614 5172  iphlpsvc - ok
23:24:55.0624 5172  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:24:55.0644 5172  IPMIDRV - ok
23:24:55.0664 5172  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:24:55.0694 5172  IPNAT - ok
23:24:55.0714 5172  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:24:55.0754 5172  IRENUM - ok
23:24:55.0764 5172  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:24:55.0774 5172  isapnp - ok
23:24:55.0784 5172  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:24:55.0794 5172  iScsiPrt - ok
23:24:55.0804 5172  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:24:55.0814 5172  kbdclass - ok
23:24:55.0824 5172  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:24:55.0844 5172  kbdhid - ok
23:24:55.0864 5172  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
23:24:55.0864 5172  KeyIso - ok
23:24:55.0894 5172  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:24:55.0894 5172  KSecDD - ok
23:24:55.0904 5172  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:24:55.0914 5172  KSecPkg - ok
23:24:55.0924 5172  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:24:55.0954 5172  ksthunk - ok
23:24:55.0984 5172  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:24:56.0004 5172  KtmRm - ok
23:24:56.0034 5172  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:24:56.0064 5172  LanmanServer - ok
23:24:56.0084 5172  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:24:56.0104 5172  LanmanWorkstation - ok
23:24:56.0164 5172  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
23:24:56.0174 5172  LBTServ - ok
23:24:56.0214 5172  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
23:24:56.0214 5172  LGBusEnum - ok
23:24:56.0254 5172  [ F7205E939F50B1C8D16F895916BE6756 ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
23:24:56.0254 5172  LGSHidFilt - ok
23:24:56.0284 5172  [ 09521A95BEAB989F1A3E003ACD4E914A ] LGSUsbFilt      C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys
23:24:56.0284 5172  LGSUsbFilt - ok
23:24:56.0304 5172  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
23:24:56.0314 5172  LGVirHid - ok
23:24:56.0334 5172  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:24:56.0334 5172  LHidFilt - ok
23:24:56.0364 5172  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:24:56.0394 5172  lltdio - ok
23:24:56.0424 5172  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:24:56.0454 5172  lltdsvc - ok
23:24:56.0474 5172  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:24:56.0504 5172  lmhosts - ok
23:24:56.0514 5172  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:24:56.0524 5172  LMouFilt - ok
23:24:56.0544 5172  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:24:56.0544 5172  LSI_FC - ok
23:24:56.0554 5172  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:24:56.0554 5172  LSI_SAS - ok
23:24:56.0564 5172  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:24:56.0574 5172  LSI_SAS2 - ok
23:24:56.0574 5172  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:24:56.0574 5172  LSI_SCSI - ok
23:24:56.0594 5172  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
23:24:56.0614 5172  luafv - ok
23:24:56.0624 5172  [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
23:24:56.0634 5172  LUsbFilt - ok
23:24:56.0654 5172  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
23:24:56.0654 5172  MBAMProtector - ok
23:24:56.0704 5172  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:24:56.0714 5172  MBAMScheduler - ok
23:24:56.0744 5172  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:24:56.0754 5172  MBAMService - ok
23:24:56.0774 5172  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:24:56.0794 5172  Mcx2Svc - ok
23:24:56.0814 5172  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:24:56.0814 5172  megasas - ok
23:24:56.0824 5172  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:24:56.0834 5172  MegaSR - ok
23:24:56.0844 5172  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
23:24:56.0854 5172  MEIx64 - ok
23:24:56.0874 5172  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
23:24:56.0904 5172  MMCSS - ok
23:24:56.0914 5172  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
23:24:56.0944 5172  Modem - ok
23:24:56.0974 5172  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:24:56.0994 5172  monitor - ok
23:24:57.0014 5172  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:24:57.0024 5172  mouclass - ok
23:24:57.0034 5172  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:24:57.0044 5172  mouhid - ok
23:24:57.0064 5172  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:24:57.0064 5172  mountmgr - ok
23:24:57.0114 5172  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:24:57.0114 5172  MozillaMaintenance - ok
23:24:57.0134 5172  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:24:57.0134 5172  mpio - ok
23:24:57.0154 5172  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:24:57.0184 5172  mpsdrv - ok
23:24:57.0214 5172  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:24:57.0274 5172  MpsSvc - ok
23:24:57.0304 5172  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:24:57.0324 5172  MRxDAV - ok
23:24:57.0344 5172  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:24:57.0374 5172  mrxsmb - ok
23:24:57.0384 5172  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:24:57.0404 5172  mrxsmb10 - ok
23:24:57.0434 5172  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:24:57.0434 5172  mrxsmb20 - ok
23:24:57.0454 5172  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:24:57.0454 5172  msahci - ok
23:24:57.0464 5172  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:24:57.0474 5172  msdsm - ok
23:24:57.0474 5172  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
23:24:57.0504 5172  MSDTC - ok
23:24:57.0524 5172  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:24:57.0534 5172  Msfs - ok
23:24:57.0544 5172  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:24:57.0574 5172  mshidkmdf - ok
23:24:57.0574 5172  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:24:57.0584 5172  msisadrv - ok
23:24:57.0614 5172  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:24:57.0654 5172  MSiSCSI - ok
23:24:57.0654 5172  msiserver - ok
23:24:57.0674 5172  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:24:57.0694 5172  MSKSSRV - ok
23:24:57.0704 5172  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:24:57.0734 5172  MSPCLOCK - ok
23:24:57.0754 5172  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:24:57.0784 5172  MSPQM - ok
23:24:57.0804 5172  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:24:57.0814 5172  MsRPC - ok
23:24:57.0824 5172  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:24:57.0834 5172  mssmbios - ok
23:24:57.0834 5172  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:24:57.0864 5172  MSTEE - ok
23:24:57.0884 5172  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:24:57.0894 5172  MTConfig - ok
23:24:57.0924 5172  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:24:57.0924 5172  Mup - ok
23:24:57.0944 5172  [ 38B4C95E821528FB91DF16A78E04450F ] mv91xx          C:\Windows\system32\DRIVERS\mv91xx.sys
23:24:57.0954 5172  mv91xx - ok
23:24:57.0984 5172  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
23:24:58.0014 5172  napagent - ok
23:24:58.0054 5172  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:24:58.0074 5172  NativeWifiP - ok
23:24:58.0114 5172  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:24:58.0134 5172  NDIS - ok
23:24:58.0144 5172  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:24:58.0164 5172  NdisCap - ok
23:24:58.0184 5172  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:24:58.0214 5172  NdisTapi - ok
23:24:58.0244 5172  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:24:58.0254 5172  Ndisuio - ok
23:24:58.0274 5172  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:24:58.0304 5172  NdisWan - ok
23:24:58.0334 5172  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:24:58.0364 5172  NDProxy - ok
23:24:58.0374 5172  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:24:58.0394 5172  NetBIOS - ok
23:24:58.0404 5172  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:24:58.0434 5172  NetBT - ok
23:24:58.0454 5172  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
23:24:58.0454 5172  Netlogon - ok
23:24:58.0484 5172  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
23:24:58.0524 5172  Netman - ok
23:24:58.0544 5172  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
23:24:58.0584 5172  netprofm - ok
23:24:58.0604 5172  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:24:58.0614 5172  NetTcpPortSharing - ok
23:24:58.0634 5172  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:24:58.0644 5172  nfrd960 - ok
23:24:58.0654 5172  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:24:58.0674 5172  NlaSvc - ok
23:24:58.0694 5172  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:24:58.0714 5172  Npfs - ok
23:24:58.0714 5172  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
23:24:58.0734 5172  nsi - ok
23:24:58.0734 5172  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:24:58.0754 5172  nsiproxy - ok
23:24:58.0784 5172  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:24:58.0814 5172  Ntfs - ok
23:24:58.0824 5172  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
23:24:58.0844 5172  Null - ok
23:24:58.0874 5172  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:24:58.0884 5172  nvraid - ok
23:24:58.0894 5172  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:24:58.0904 5172  nvstor - ok
23:24:58.0914 5172  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:24:58.0924 5172  nv_agp - ok
23:24:58.0944 5172  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:24:58.0944 5172  ohci1394 - ok
23:24:58.0984 5172  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:24:59.0014 5172  p2pimsvc - ok
23:24:59.0034 5172  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:24:59.0044 5172  p2psvc - ok
23:24:59.0064 5172  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:24:59.0074 5172  Parport - ok
23:24:59.0084 5172  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:24:59.0094 5172  partmgr - ok
23:24:59.0104 5172  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:24:59.0124 5172  PcaSvc - ok
23:24:59.0144 5172  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
23:24:59.0144 5172  pci - ok
23:24:59.0154 5172  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
23:24:59.0164 5172  pciide - ok
23:24:59.0174 5172  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:24:59.0174 5172  pcmcia - ok
23:24:59.0194 5172  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:24:59.0194 5172  pcw - ok
23:24:59.0214 5172  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:24:59.0234 5172  PEAUTH - ok
23:24:59.0274 5172  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
23:24:59.0314 5172  PeerDistSvc - ok
23:24:59.0374 5172  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:24:59.0394 5172  PerfHost - ok
23:24:59.0434 5172  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
23:24:59.0474 5172  pla - ok
23:24:59.0514 5172  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:24:59.0544 5172  PlugPlay - ok
23:24:59.0564 5172  PnkBstrA - ok
23:24:59.0574 5172  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:24:59.0594 5172  PNRPAutoReg - ok
23:24:59.0614 5172  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:24:59.0624 5172  PNRPsvc - ok
23:24:59.0634 5172  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:24:59.0674 5172  PolicyAgent - ok
23:24:59.0694 5172  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
23:24:59.0734 5172  Power - ok
23:24:59.0754 5172  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:24:59.0784 5172  PptpMiniport - ok
23:24:59.0804 5172  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:24:59.0824 5172  Processor - ok
23:24:59.0854 5172  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:24:59.0884 5172  ProfSvc - ok
23:24:59.0894 5172  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:24:59.0904 5172  ProtectedStorage - ok
23:24:59.0914 5172  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:24:59.0944 5172  Psched - ok
23:24:59.0984 5172  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:25:00.0004 5172  ql2300 - ok
23:25:00.0014 5172  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:25:00.0014 5172  ql40xx - ok
23:25:00.0034 5172  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
23:25:00.0054 5172  QWAVE - ok
23:25:00.0074 5172  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:25:00.0094 5172  QWAVEdrv - ok
23:25:00.0114 5172  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:25:00.0144 5172  RasAcd - ok
23:25:00.0164 5172  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:25:00.0184 5172  RasAgileVpn - ok
23:25:00.0194 5172  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
23:25:00.0214 5172  RasAuto - ok
23:25:00.0234 5172  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:25:00.0264 5172  Rasl2tp - ok
23:25:00.0284 5172  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
23:25:00.0304 5172  RasMan - ok
23:25:00.0314 5172  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:25:00.0334 5172  RasPppoe - ok
23:25:00.0354 5172  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:25:00.0384 5172  RasSstp - ok
23:25:00.0404 5172  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:25:00.0434 5172  rdbss - ok
23:25:00.0454 5172  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:25:00.0464 5172  rdpbus - ok
23:25:00.0474 5172  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:25:00.0504 5172  RDPCDD - ok
23:25:00.0524 5172  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
23:25:00.0534 5172  RDPDR - ok
23:25:00.0554 5172  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:25:00.0584 5172  RDPENCDD - ok
23:25:00.0604 5172  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:25:00.0624 5172  RDPREFMP - ok
23:25:00.0644 5172  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:25:00.0664 5172  RdpVideoMiniport - ok
23:25:00.0674 5172  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:25:00.0704 5172  RDPWD - ok
23:25:00.0724 5172  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:25:00.0724 5172  rdyboost - ok
23:25:00.0744 5172  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:25:00.0774 5172  RemoteAccess - ok
23:25:00.0814 5172  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:25:00.0844 5172  RemoteRegistry - ok
23:25:00.0874 5172  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23:25:00.0904 5172  RFCOMM - ok
23:25:00.0924 5172  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:25:00.0954 5172  RpcEptMapper - ok
23:25:00.0974 5172  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
23:25:00.0984 5172  RpcLocator - ok
23:25:01.0004 5172  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
23:25:01.0024 5172  RpcSs - ok
23:25:01.0034 5172  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:25:01.0064 5172  rspndr - ok
23:25:01.0104 5172  [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
23:25:01.0114 5172  RTL8167 - ok
23:25:01.0124 5172  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
23:25:01.0154 5172  s3cap - ok
23:25:01.0164 5172  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
23:25:01.0174 5172  SamSs - ok
23:25:01.0184 5172  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:25:01.0184 5172  sbp2port - ok
23:25:01.0194 5172  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:25:01.0214 5172  SCardSvr - ok
23:25:01.0234 5172  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:25:01.0244 5172  scfilter - ok
23:25:01.0264 5172  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
23:25:01.0294 5172  Schedule - ok
23:25:01.0314 5172  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:25:01.0334 5172  SCPolicySvc - ok
23:25:01.0344 5172  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:25:01.0374 5172  SDRSVC - ok
23:25:01.0394 5172  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:25:01.0424 5172  secdrv - ok
23:25:01.0454 5172  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
23:25:01.0484 5172  seclogon - ok
23:25:01.0494 5172  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
23:25:01.0514 5172  SENS - ok
23:25:01.0524 5172  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:25:01.0554 5172  SensrSvc - ok
23:25:01.0564 5172  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:25:01.0584 5172  Serenum - ok
23:25:01.0604 5172  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:25:01.0624 5172  Serial - ok
23:25:01.0654 5172  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:25:01.0664 5172  sermouse - ok
23:25:01.0694 5172  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:25:01.0714 5172  SessionEnv - ok
23:25:01.0734 5172  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:25:01.0754 5172  sffdisk - ok
23:25:01.0774 5172  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:25:01.0794 5172  sffp_mmc - ok
23:25:01.0804 5172  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:25:01.0824 5172  sffp_sd - ok
23:25:01.0834 5172  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:25:01.0854 5172  sfloppy - ok
23:25:01.0884 5172  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:25:01.0924 5172  SharedAccess - ok
23:25:01.0954 5172  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:25:01.0984 5172  ShellHWDetection - ok
23:25:02.0004 5172  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:25:02.0004 5172  SiSRaid2 - ok
23:25:02.0014 5172  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:25:02.0024 5172  SiSRaid4 - ok
23:25:02.0114 5172  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:25:02.0144 5172  Skype C2C Service - ok
23:25:02.0174 5172  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:25:02.0174 5172  SkypeUpdate - ok
23:25:02.0184 5172  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:25:02.0214 5172  Smb - ok
23:25:02.0244 5172  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:25:02.0254 5172  SNMPTRAP - ok
23:25:02.0254 5172  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:25:02.0264 5172  spldr - ok
23:25:02.0274 5172  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
23:25:02.0314 5172  Spooler - ok
23:25:02.0384 5172  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
23:25:02.0464 5172  sppsvc - ok
23:25:02.0474 5172  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:25:02.0514 5172  sppuinotify - ok
23:25:02.0534 5172  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:25:02.0574 5172  srv - ok
23:25:02.0594 5172  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:25:02.0604 5172  srv2 - ok
23:25:02.0624 5172  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:25:02.0644 5172  srvnet - ok
23:25:02.0664 5172  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:25:02.0694 5172  SSDPSRV - ok
23:25:02.0704 5172  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:25:02.0724 5172  SstpSvc - ok
23:25:02.0744 5172  [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
23:25:02.0754 5172  ssudmdm - ok
23:25:02.0794 5172  Steam Client Service - ok
23:25:02.0804 5172  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:25:02.0814 5172  stexstor - ok
23:25:02.0844 5172  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
23:25:02.0854 5172  stisvc - ok
23:25:02.0864 5172  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
23:25:02.0874 5172  storflt - ok
23:25:02.0884 5172  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
23:25:02.0894 5172  storvsc - ok
23:25:02.0904 5172  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:25:02.0914 5172  swenum - ok
23:25:02.0924 5172  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
23:25:02.0964 5172  swprv - ok
23:25:02.0974 5172  Synth3dVsc - ok
23:25:03.0024 5172  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
23:25:03.0064 5172  SysMain - ok
23:25:03.0084 5172  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:25:03.0094 5172  TabletInputService - ok
23:25:03.0104 5172  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:25:03.0144 5172  TapiSrv - ok
23:25:03.0154 5172  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
23:25:03.0184 5172  TBS - ok
23:25:03.0234 5172  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:25:03.0264 5172  Tcpip - ok
23:25:03.0294 5172  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:25:03.0314 5172  TCPIP6 - ok
23:25:03.0344 5172  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:25:03.0344 5172  tcpipreg - ok
23:25:03.0354 5172  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:25:03.0394 5172  TDPIPE - ok
23:25:03.0404 5172  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:25:03.0424 5172  TDTCP - ok
23:25:03.0464 5172  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:25:03.0484 5172  tdx - ok
23:25:03.0494 5172  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:25:03.0494 5172  TermDD - ok
23:25:03.0514 5172  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
23:25:03.0554 5172  TermService - ok
23:25:03.0564 5172  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
23:25:03.0594 5172  Themes - ok
23:25:03.0614 5172  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
23:25:03.0634 5172  THREADORDER - ok
23:25:03.0644 5172  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
23:25:03.0674 5172  TrkWks - ok
23:25:03.0724 5172  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:25:03.0734 5172  TrustedInstaller - ok
23:25:03.0754 5172  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:25:03.0774 5172  tssecsrv - ok
23:25:03.0794 5172  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:25:03.0824 5172  TsUsbFlt - ok
23:25:03.0844 5172  tsusbhub - ok
23:25:03.0874 5172  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:25:03.0904 5172  tunnel - ok
23:25:03.0924 5172  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:25:03.0934 5172  uagp35 - ok
23:25:03.0954 5172  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:25:03.0974 5172  udfs - ok
23:25:03.0984 5172  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:25:03.0994 5172  UI0Detect - ok
23:25:03.0994 5172  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:25:04.0004 5172  uliagpkx - ok
23:25:04.0024 5172  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
23:25:04.0044 5172  umbus - ok
23:25:04.0054 5172  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:25:04.0074 5172  UmPass - ok
23:25:04.0104 5172  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
23:25:04.0124 5172  UmRdpService - ok
23:25:04.0144 5172  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
23:25:04.0174 5172  upnphost - ok
23:25:04.0214 5172  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:25:04.0234 5172  usbaudio - ok
23:25:04.0254 5172  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:25:04.0294 5172  usbccgp - ok
23:25:04.0304 5172  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:25:04.0324 5172  usbcir - ok
23:25:04.0344 5172  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:25:04.0364 5172  usbehci - ok
23:25:04.0394 5172  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:25:04.0404 5172  usbhub - ok
23:25:04.0414 5172  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:25:04.0434 5172  usbohci - ok
23:25:04.0444 5172  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:25:04.0454 5172  usbprint - ok
23:25:04.0464 5172  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:25:04.0494 5172  USBSTOR - ok
23:25:04.0504 5172  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:25:04.0524 5172  usbuhci - ok
23:25:04.0544 5172  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
23:25:04.0574 5172  UxSms - ok
23:25:04.0594 5172  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
23:25:04.0604 5172  VaultSvc - ok
23:25:04.0604 5172  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:25:04.0614 5172  vdrvroot - ok
23:25:04.0624 5172  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
23:25:04.0664 5172  vds - ok
23:25:04.0664 5172  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:25:04.0674 5172  vga - ok
23:25:04.0674 5172  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:25:04.0704 5172  VgaSave - ok
23:25:04.0714 5172  VGPU - ok
23:25:04.0724 5172  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:25:04.0724 5172  vhdmp - ok
23:25:04.0734 5172  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:25:04.0744 5172  viaide - ok
23:25:04.0754 5172  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
23:25:04.0764 5172  vmbus - ok
23:25:04.0774 5172  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
23:25:04.0774 5172  VMBusHID - ok
23:25:04.0784 5172  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:25:04.0794 5172  volmgr - ok
23:25:04.0814 5172  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:25:04.0824 5172  volmgrx - ok
23:25:04.0844 5172  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:25:04.0844 5172  volsnap - ok
23:25:04.0864 5172  [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
23:25:04.0864 5172  vpcbus - ok
23:25:04.0884 5172  [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
23:25:04.0904 5172  vpcnfltr - ok
23:25:04.0914 5172  [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
23:25:04.0924 5172  vpcusb - ok
23:25:04.0944 5172  [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
23:25:04.0954 5172  vpcvmm - ok
23:25:04.0974 5172  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:25:04.0974 5172  vsmraid - ok
23:25:05.0004 5172  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
23:25:05.0094 5172  VSS - ok
23:25:05.0114 5172  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:25:05.0164 5172  vwifibus - ok
23:25:05.0214 5172  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
23:25:05.0234 5172  W32Time - ok
23:25:05.0244 5172  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:25:05.0274 5172  WacomPen - ok
23:25:05.0294 5172  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:25:05.0324 5172  WANARP - ok
23:25:05.0334 5172  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:25:05.0354 5172  Wanarpv6 - ok
23:25:05.0384 5172  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
23:25:05.0424 5172  wbengine - ok
23:25:05.0434 5172  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:25:05.0444 5172  WbioSrvc - ok
23:25:05.0474 5172  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:25:05.0504 5172  wcncsvc - ok
23:25:05.0514 5172  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:25:05.0534 5172  WcsPlugInService - ok
23:25:05.0544 5172  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:25:05.0544 5172  Wd - ok
23:25:05.0574 5172  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:25:05.0584 5172  Wdf01000 - ok
23:25:05.0594 5172  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:25:05.0654 5172  WdiServiceHost - ok
23:25:05.0654 5172  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:25:05.0664 5172  WdiSystemHost - ok
23:25:05.0684 5172  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
23:25:05.0714 5172  WebClient - ok
23:25:05.0724 5172  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:25:05.0754 5172  Wecsvc - ok
23:25:05.0764 5172  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:25:05.0794 5172  wercplsupport - ok
23:25:05.0824 5172  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:25:05.0844 5172  WerSvc - ok
23:25:05.0854 5172  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:25:05.0864 5172  WfpLwf - ok
23:25:05.0874 5172  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:25:05.0884 5172  WIMMount - ok
23:25:05.0884 5172  WinDefend - ok
23:25:05.0884 5172  WinHttpAutoProxySvc - ok
23:25:05.0914 5172  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:25:05.0934 5172  Winmgmt - ok
23:25:05.0974 5172  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
23:25:06.0024 5172  WinRM - ok
23:25:06.0054 5172  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:25:06.0064 5172  WinUsb - ok
23:25:06.0094 5172  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:25:06.0114 5172  Wlansvc - ok
23:25:06.0134 5172  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:25:06.0154 5172  WmiAcpi - ok
23:25:06.0164 5172  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:25:06.0194 5172  wmiApSrv - ok
23:25:06.0204 5172  WMPNetworkSvc - ok
23:25:06.0204 5172  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:25:06.0214 5172  WPCSvc - ok
23:25:06.0234 5172  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:25:06.0244 5172  WPDBusEnum - ok
23:25:06.0244 5172  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:25:06.0274 5172  ws2ifsl - ok
23:25:06.0294 5172  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
23:25:06.0314 5172  wscsvc - ok
23:25:06.0314 5172  WSearch - ok
23:25:06.0374 5172  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:25:06.0414 5172  wuauserv - ok
23:25:06.0424 5172  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:25:06.0464 5172  WudfPf - ok
23:25:06.0484 5172  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:25:06.0504 5172  WUDFRd - ok
23:25:06.0524 5172  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:25:06.0544 5172  wudfsvc - ok
23:25:06.0564 5172  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:25:06.0584 5172  WwanSvc - ok
23:25:06.0614 5172  ================ Scan global ===============================
23:25:06.0634 5172  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:25:06.0664 5172  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
23:25:06.0664 5172  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
23:25:06.0684 5172  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:25:06.0704 5172  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:25:06.0704 5172  [Global] - ok
23:25:06.0704 5172  ================ Scan MBR ==================================
23:25:06.0714 5172  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:25:06.0974 5172  \Device\Harddisk0\DR0 - ok
23:25:06.0974 5172  ================ Scan VBR ==================================
23:25:06.0974 5172  [ 0A7D71CFF23089A6D6B7859823314BF6 ] \Device\Harddisk0\DR0\Partition1
23:25:06.0974 5172  \Device\Harddisk0\DR0\Partition1 - ok
23:25:06.0994 5172  [ 6C68EF69A9AE4F216AD0D203BC4C36F9 ] \Device\Harddisk0\DR0\Partition2
23:25:06.0994 5172  \Device\Harddisk0\DR0\Partition2 - ok
23:25:06.0994 5172  ============================================================
23:25:06.0994 5172  Scan finished
23:25:06.0994 5172  ============================================================
23:25:06.0994 3340  Detected object count: 1
23:25:06.0994 3340  Actual detected object count: 1
23:25:33.0154 3340  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:33.0154 3340  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
1 Bedrohung gefunden,geskippt wie du sagtest.


ASWMBR LOG :

Zitat:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-07 23:16:21
-----------------------------
23:16:21.932 OS Version: Windows x64 6.1.7601 Service Pack 1
23:16:21.932 Number of processors: 4 586 0x2A07
23:16:21.932 ComputerName: KORO-PC UserName: Koro
23:16:22.702 Initialize success
23:17:55.553 AVAST engine defs: 13010700
23:18:21.223 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:18:21.223 Disk 0 Vendor: WDC_WD5001AALS-00J7B1 05.00K05 Size: 476940MB BusType: 11
23:18:21.243 Disk 0 MBR read successfully
23:18:21.243 Disk 0 MBR scan
23:18:21.243 Disk 0 Windows 7 default MBR code
23:18:21.253 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:18:21.263 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
23:18:21.263 Disk 0 scanning C:\Windows\system32\drivers
23:18:27.133 Service scanning
23:18:38.013 Modules scanning
23:18:38.013 Disk 0 trace - called modules:
23:18:38.033 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:18:38.033 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80082cd060]
23:18:38.033 3 CLASSPNP.SYS[fffff88001b5943f] -> nt!IofCallDriver -> [0xfffffa8007b282c0]
23:18:38.033 5 ACPI.sys[fffff880011207a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b32060]
23:18:39.513 AVAST engine scan C:\Windows
23:18:40.723 AVAST engine scan C:\Windows\system32
23:20:14.983 AVAST engine scan C:\Windows\system32\drivers
23:20:22.703 AVAST engine scan C:\Users\Koro
23:22:18.993 AVAST engine scan C:\ProgramData
23:23:29.353 Scan finished successfully
23:23:53.834 Disk 0 MBR has been saved successfully to "C:\Users\Koro\Desktop\MBR.dat"
23:23:53.844 The log file has been saved successfully to "C:\Users\Koro\Desktop\aswMBR.txt"
Danke nochmal für deine Hilfe

Alt 08.01.2013, 19:22   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM - Standard

Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM



Ist alles sehr unauffällig

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.01.2013, 19:53   #9
korox
 
Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM - Standard

Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM



Hier
Code:
ATTFilter
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Koro - KORO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Koro\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Browser Manager

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Koro\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h1cbk.default\bprotector_extensions.sqlite
Datei Gefunden : C:\Users\Koro\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h1cbk.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Datei Gefunden : C:\Users\Koro\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h1cbk.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gefunden : C:\Users\Koro\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h1cbk.default\searchplugins\SweetIm.xml
Ordner Gefunden : C:\Program Files (x86)\BabylonToolbar
Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\Users\Koro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gefunden : C:\Users\Koro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gefunden : C:\Users\Koro\AppData\Local\Wajam
Ordner Gefunden : C:\Users\Koro\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Koro\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Koro\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h1cbk.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKCU\Software\Wajam
Schlüssel Gefunden : HKCU\Software\5f5388dee234bf10
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\b
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\5f5388dee234bf10
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gefunden : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D0F4A166-B8D4-48b8-9D63-80849FE137CB}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Koro\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h1cbk.default\prefs.js

Gefunden : user_pref("extensions.BabylonToolbar.admin", false);
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gefunden : user_pref("extensions.BabylonToolbar.id", "4ef7f8ca000000000000002683385cbd");
Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15668");
Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.812:16:50");
Gefunden : user_pref("extensions.wajam.affiliate_id", "6447");
Gefunden : user_pref("extensions.wajam.firstrun", "false");
Gefunden : user_pref("extensions.wajam.log_send_info", "false");
Gefunden : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\[...]
Gefunden : user_pref("extensions.wajam.no_trace", "false");
Gefunden : user_pref("extensions.wajam.server_current_mapping_version", "0.21083");
Gefunden : user_pref("extensions.wajam.supported_sites.amazon.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'w[...]
Gefunden : user_pref("extensions.wajam.supported_sites.bing.wajam_yahoo_se_js", "try {window['APP_LABEL_NAME'] [...]
Gefunden : user_pref("extensions.wajam.supported_sites.ebay.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'waj[...]
Gefunden : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABE[...]
Gefunden : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME[...]
Gefunden : user_pref("extensions.wajam.supported_sites.imdb.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'waj[...]
Gefunden : user_pref("extensions.wajam.supported_sites.wikipedia.wajam_se_js", "try {window['APP_LABEL_NAME'] =[...]
Gefunden : user_pref("extensions.wajam.supported_sites.yahoo.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wa[...]
Gefunden : user_pref("extensions.wajam.supported_sites.youtubesearch.wajam_se_js", "try {window['APP_LABEL_NAME[...]
Gefunden : user_pref("extensions.wajam.trace_log", "1357261409560 - processInstallationUpgrade - version: 1.25\[...]
Gefunden : user_pref("extensions.wajam.unique_id", "B2911744A70CA5210A8C05983A3DD6E8");
Gefunden : user_pref("extensions.wajam.user_current_mapping_version", "0");
Gefunden : user_pref("extensions.wajam.version", "1.25");
Gefunden : user_pref("extensions.wajam.website_version", "1.00258.0");

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\Koro\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [12971 octets] - [08/01/2013 19:52:04]

########## EOF - C:\AdwCleaner[R1].txt - [13032 octets] ##########
         

Alt 08.01.2013, 20:36   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM - Standard

Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.01.2013, 15:17   #11
korox
 
Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM - Standard

Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM



ADW Cleaner
Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 09/01/2013 um 15:01:04 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Koro - KORO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Koro\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Koro\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h1cbk.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Koro\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h1cbk.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Datei Gelöscht : C:\Users\Koro\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h1cbk.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Koro\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h1cbk.default\searchplugins\SweetIm.xml
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Koro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\Koro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\Koro\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\Koro\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Koro\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Koro\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h1cbk.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\5f5388dee234bf10
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5f5388dee234bf10
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Koro\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h1cbk.default\prefs.js

C:\Users\Koro\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h1cbk.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "4ef7f8ca000000000000002683385cbd");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15668");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.812:16:50");
Gelöscht : user_pref("extensions.wajam.affiliate_id", "6447");
Gelöscht : user_pref("extensions.wajam.firstrun", "false");
Gelöscht : user_pref("extensions.wajam.log_send_info", "false");
Gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\[...]
Gelöscht : user_pref("extensions.wajam.no_trace", "false");
Gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21083");
Gelöscht : user_pref("extensions.wajam.supported_sites.amazon.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'w[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.bing.wajam_yahoo_se_js", "try {window['APP_LABEL_NAME'] [...]
Gelöscht : user_pref("extensions.wajam.supported_sites.ebay.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'waj[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABE[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.imdb.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'waj[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.wikipedia.wajam_se_js", "try {window['APP_LABEL_NAME'] =[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.yahoo.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wa[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.youtubesearch.wajam_se_js", "try {window['APP_LABEL_NAME[...]
Gelöscht : user_pref("extensions.wajam.trace_log", "1357261409560 - processInstallationUpgrade - version: 1.25\[...]
Gelöscht : user_pref("extensions.wajam.unique_id", "B2911744A70CA5210A8C05983A3DD6E8");
Gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
Gelöscht : user_pref("extensions.wajam.version", "1.25");
Gelöscht : user_pref("extensions.wajam.website_version", "1.00258.0");

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\Koro\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [13066 octets] - [08/01/2013 19:52:04]
AdwCleaner[S1].txt - [13029 octets] - [09/01/2013 15:01:04]

########## EOF - C:\AdwCleaner[S1].txt - [13090 octets] ##########
         
OTL 1

Code:
ATTFilter
OTL logfile created on: 09.01.2013 15:07:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Koro\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 71,99% Memory free
15,95 Gb Paging File | 13,34 Gb Available in Paging File | 83,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 202,97 Gb Free Space | 43,59% Space Free | Partition Type: NTFS
 
Computer Name: KORO-PC | User Name: Koro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Koro\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\sdl.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (LGSUsbFilt) -- C:\Windows\SysNative\drivers\LGSUsbFilt.sys (Logitech Inc.)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1834059599-3025807170-3471152055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1834059599-3025807170-3471152055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1834059599-3025807170-3471152055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 90 EE 0C 0A A4 CD 01  [binary data]
IE - HKU\S-1-5-21-1834059599-3025807170-3471152055-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1834059599-3025807170-3471152055-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1834059599-3025807170-3471152055-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1834059599-3025807170-3471152055-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 16:46:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.04 12:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Koro\AppData\Roaming\mozilla\Extensions
[2013.01.09 15:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Koro\AppData\Roaming\mozilla\Firefox\Profiles\gb4h1cbk.default\extensions
[2012.12.28 02:21:48 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Koro\AppData\Roaming\mozilla\Firefox\Profiles\gb4h1cbk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2012.11.21 19:46:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Koro\AppData\Roaming\mozilla\Firefox\Profiles\gb4h1cbk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.09.17 21:32:46 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Koro\AppData\Roaming\mozilla\Firefox\Profiles\gb4h1cbk.default\extensions\foxmarks@kei.com
[2012.12.09 02:05:17 | 000,000,000 | ---D | M] ("YouTube Unblocker") -- C:\Users\Koro\AppData\Roaming\mozilla\Firefox\Profiles\gb4h1cbk.default\extensions\youtubeunblocker@unblocker.yt
[2012.12.08 20:45:30 | 000,010,656 | ---- | M] () (No name found) -- C:\Users\Koro\AppData\Roaming\mozilla\firefox\profiles\gb4h1cbk.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.12.28 00:36:58 | 000,533,036 | ---- | M] () (No name found) -- C:\Users\Koro\AppData\Roaming\mozilla\firefox\profiles\gb4h1cbk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.23 16:54:42 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Koro\AppData\Roaming\mozilla\firefox\profiles\gb4h1cbk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.27 21:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.11.04 22:31:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.06 16:46:05 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.12.06 16:46:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.06 16:46:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.12.06 16:46:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.06 16:46:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.06 16:46:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.06 16:46:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Koro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: Skype Click to Call = C:\Users\Koro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Skype Click to Call = C:\Users\Koro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1834059599-3025807170-3471152055-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1834059599-3025807170-3471152055-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1834059599-3025807170-3471152055-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Koro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech Gaming Software\EReg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1834059599-3025807170-3471152055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1834059599-3025807170-3471152055-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35C0D259-71BC-4DEF-A601-349B18751393}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.06 01:12:41 | 000,000,000 | ---D | C] -- C:\Users\Koro\Desktop\mbar
[2012.12.30 18:02:29 | 000,000,000 | ---D | C] -- C:\Users\Koro\AppData\Local\Programs
[2012.12.29 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Koro\AppData\Roaming\CPUControl
[2012.12.29 14:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU-Control
[2012.12.29 14:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CPU-Control
[2012.12.27 14:51:13 | 000,000,000 | ---D | C] -- C:\Users\Koro\AppData\Local\Logitech
[2012.12.27 14:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2012.12.26 15:59:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012.12.22 11:34:18 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.22 11:34:18 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.22 11:34:16 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.22 11:34:15 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.18 22:39:00 | 000,000,000 | ---D | C] -- C:\Users\Koro\Desktop\Chemie PK
[2012.12.16 12:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2012.12.12 22:40:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.12 22:40:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.12 22:40:53 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.12 22:40:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.12 22:40:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.12 22:40:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.12 22:40:53 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.12 22:40:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.12 22:40:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.12 22:40:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.12 22:40:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.12 22:40:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.12 22:40:52 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.12 22:40:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.12 22:40:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.12 16:33:41 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.12 16:33:39 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.12 16:33:39 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.12 16:33:39 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.12 16:33:38 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.12 16:33:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.12 16:33:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.12 16:33:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.12 16:33:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.12 16:33:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.12 16:33:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.12 16:33:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.12 16:33:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 16:33:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 16:33:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 16:33:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 16:33:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 16:33:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 16:33:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 16:33:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 16:33:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 16:33:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 16:33:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 16:33:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 16:33:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 16:33:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 16:33:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 16:33:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 16:33:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 16:33:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 16:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 16:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 16:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 16:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 16:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 16:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 16:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 16:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 16:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 16:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 16:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 16:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 16:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 16:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 16:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 16:33:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.12 16:33:29 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.12 16:33:29 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.11 18:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.12.11 18:49:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.12.11 18:49:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.12.11 18:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.12.10 22:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit
[2012.12.10 21:02:34 | 000,000,000 | ---D | C] -- C:\Users\Koro\Desktop\FarCry 3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.09 15:09:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.09 15:03:49 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.09 15:03:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.09 15:03:25 | 2129,207,295 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.09 15:02:48 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.09 15:02:48 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.09 14:55:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.09 00:48:25 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.09 00:48:25 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.07 23:23:53 | 000,000,512 | ---- | M] () -- C:\Users\Koro\Desktop\MBR.dat
[2013.01.04 22:53:55 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.01.04 22:53:55 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.04 22:53:31 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.01.04 20:14:45 | 001,588,602 | ---- | M] () -- C:\Users\Koro\Documents\malzahar.bmp
[2013.01.04 01:57:57 | 000,630,116 | ---- | M] () -- C:\Users\Koro\Documents\lol.png
[2013.01.03 20:53:28 | 000,068,151 | ---- | M] () -- C:\Users\Koro\Documents\faceshit.jpg
[2013.01.03 20:37:14 | 003,779,334 | ---- | M] () -- C:\Users\Koro\IMG_4453.JPG
[2013.01.03 20:36:39 | 002,452,713 | ---- | M] () -- C:\Users\Koro\IMG_20121231_193359.jpg
[2013.01.03 20:35:00 | 000,335,930 | ---- | M] () -- C:\Users\Koro\31102012546.jpg
[2013.01.03 19:40:16 | 000,000,903 | ---- | M] () -- C:\Users\Koro\Desktop\Animeshón.lnk
[2012.12.30 18:02:46 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.30 13:32:46 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.30 13:32:46 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.30 13:32:46 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.30 13:32:46 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.30 13:32:46 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.29 13:18:59 | 4243,042,846 | ---- | M] () -- C:\Users\Koro\Desktop\Da Angel beats shiat3.rar
[2012.12.29 13:07:23 | 3582,627,898 | ---- | M] () -- C:\Users\Koro\Desktop\Da Angel beats shiat2.rar
[2012.12.29 12:58:44 | 039,246,596 | ---- | M] () -- C:\Users\Koro\Desktop\Da Angel beats shiat.rar
[2012.12.27 20:48:21 | 001,331,340 | ---- | M] () -- C:\Users\Koro\Documents\Minitokyo.Gintama.Wallpaper.462268.jpg
[2012.12.27 20:48:11 | 000,991,591 | ---- | M] () -- C:\Users\Koro\Documents\3 far-cry-3.jpg
[2012.12.27 14:51:40 | 000,001,005 | ---- | M] () -- C:\Users\Koro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.12.27 14:49:47 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012.12.24 21:50:26 | 002,441,377 | ---- | M] () -- C:\Users\Koro\Desktop\IMG_20121224_215026.jpg
[2012.12.24 21:47:40 | 000,027,260 | ---- | M] () -- C:\Users\Koro\Desktop\Unbenannt.png
[2012.12.22 16:30:25 | 000,294,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.18 22:17:10 | 000,015,799 | ---- | M] () -- C:\Users\Koro\Documents\Reflexion basel extreme edition man bin ich awesome und du scheiße .odt
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.16 13:34:00 | 001,035,623 | ---- | M] () -- C:\Users\Koro\Documents\homo.png
[2012.12.16 12:56:36 | 000,001,161 | ---- | M] () -- C:\Users\Koro\Desktop\Farcry 3.exe.lnk
[2012.12.16 12:39:26 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\Eraser.lnk
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.12 20:51:11 | 003,113,291 | ---- | M] () -- C:\Users\Koro\Documents\Unbenannt.png
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.07 23:23:53 | 000,000,512 | ---- | C] () -- C:\Users\Koro\Desktop\MBR.dat
[2013.01.04 20:12:38 | 001,588,602 | ---- | C] () -- C:\Users\Koro\Documents\malzahar.bmp
[2013.01.03 20:53:25 | 000,068,151 | ---- | C] () -- C:\Users\Koro\Documents\faceshit.jpg
[2013.01.03 20:31:27 | 003,779,334 | ---- | C] () -- C:\Users\Koro\IMG_4453.JPG
[2013.01.03 20:31:27 | 002,452,713 | ---- | C] () -- C:\Users\Koro\IMG_20121231_193359.jpg
[2013.01.03 20:31:27 | 000,335,930 | ---- | C] () -- C:\Users\Koro\31102012546.jpg
[2012.12.29 13:14:24 | 4243,042,846 | ---- | C] () -- C:\Users\Koro\Desktop\Da Angel beats shiat3.rar
[2012.12.29 13:03:35 | 3582,627,898 | ---- | C] () -- C:\Users\Koro\Desktop\Da Angel beats shiat2.rar
[2012.12.29 12:54:11 | 039,246,596 | ---- | C] () -- C:\Users\Koro\Desktop\Da Angel beats shiat.rar
[2012.12.27 20:46:26 | 001,331,340 | ---- | C] () -- C:\Users\Koro\Documents\Minitokyo.Gintama.Wallpaper.462268.jpg
[2012.12.27 20:46:23 | 000,991,591 | ---- | C] () -- C:\Users\Koro\Documents\3 far-cry-3.jpg
[2012.12.27 14:51:40 | 000,001,005 | ---- | C] () -- C:\Users\Koro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.12.24 22:12:29 | 002,441,377 | ---- | C] () -- C:\Users\Koro\Desktop\IMG_20121224_215026.jpg
[2012.12.24 21:47:40 | 000,027,260 | ---- | C] () -- C:\Users\Koro\Desktop\Unbenannt.png
[2012.12.18 22:16:50 | 000,015,799 | ---- | C] () -- C:\Users\Koro\Documents\Reflexion basel extreme edition man bin ich awesome und du scheiße .odt
[2012.12.16 13:33:45 | 001,035,623 | ---- | C] () -- C:\Users\Koro\Documents\homo.png
[2012.12.16 12:56:36 | 000,001,161 | ---- | C] () -- C:\Users\Koro\Desktop\Farcry 3.exe.lnk
[2012.12.16 12:39:26 | 000,001,759 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2012.12.16 12:39:26 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk
[2012.12.12 22:17:12 | 000,630,116 | ---- | C] () -- C:\Users\Koro\Documents\lol.png
[2012.12.12 20:53:33 | 000,000,903 | ---- | C] () -- C:\Users\Koro\Desktop\Animeshón.lnk
[2012.11.30 17:28:37 | 000,001,087 | ---- | C] () -- C:\Users\Koro\Dokumente - Verknüpfung.lnk
[2012.11.30 17:11:23 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.11.02 23:17:23 | 000,595,429 | ---- | C] () -- C:\Users\Koro\02112012566.jpg
[2012.11.02 23:17:23 | 000,528,614 | ---- | C] () -- C:\Users\Koro\02112012565.jpg
[2012.10.02 13:54:00 | 000,351,276 | ---- | C] () -- C:\Users\Koro\2012-09-30_00002.jpg
[2012.10.02 13:54:00 | 000,303,169 | ---- | C] () -- C:\Users\Koro\2012-09-30_00001.jpg
[2012.09.26 17:11:43 | 000,861,542 | ---- | C] () -- C:\Users\Koro\26092012538.jpg
[2012.09.26 17:11:43 | 000,402,367 | ---- | C] () -- C:\Users\Koro\26092012537.jpg
[2012.09.01 21:26:13 | 000,695,299 | ---- | C] () -- C:\Users\Koro\01092012529.jpg
[2012.09.01 21:26:13 | 000,479,477 | ---- | C] () -- C:\Users\Koro\01092012530.jpg
[2012.09.01 21:26:13 | 000,335,384 | ---- | C] () -- C:\Users\Koro\01092012531.jpg
[2012.08.30 20:51:36 | 000,842,190 | ---- | C] () -- C:\Users\Koro\P1010352.JPG
[2012.08.30 20:51:36 | 000,792,648 | ---- | C] () -- C:\Users\Koro\P1010351.JPG
[2012.08.25 16:08:12 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.25 16:08:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.21 17:03:08 | 003,924,174 | ---- | C] () -- C:\Users\Koro\IMG_3929.JPG
[2012.08.21 17:03:08 | 003,152,558 | ---- | C] () -- C:\Users\Koro\IMG_3930.JPG
[2012.08.20 13:19:38 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.08.04 12:49:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.04 01:54:46 | 000,040,673 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.08.04 01:52:57 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.08.04 01:52:52 | 000,027,873 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.06.19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.11 17:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.06.11 17:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.03 08:28:06 | 002,570,286 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2011.09.19 14:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Extras

Code:
ATTFilter
OTL Extras logfile created on: 09.01.2013 15:07:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Koro\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 71,99% Memory free
15,95 Gb Paging File | 13,34 Gb Available in Paging File | 83,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 202,97 Gb Free Space | 43,59% Space Free | Partition Type: NTFS
 
Computer Name: KORO-PC | User Name: Koro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1834059599-3025807170-3471152055-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B8F53A-7B35-4C32-9B2F-023C92290EAC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{189E8B46-02B5-477F-BDBB-620C874BD0A6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4040A751-DC7E-4934-8067-E2996E6D7A4A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{472FA938-DEB1-4097-84A2-1B92E149B2F0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4D7BC259-1503-4AEE-A197-2A4D7CECD1C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{57E39BBE-BE7C-4DE0-9B48-6CD8B401C729}" = rport=137 | protocol=17 | dir=out | app=system | 
"{607C352E-AC17-4C22-814A-F0FE067F3EF7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6434969B-EB1A-46CC-9742-585930B40B06}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6EE7C818-A2D3-4750-BA3A-82A15A7447F3}" = lport=58831 | protocol=17 | dir=in | name=pando media booster | 
"{72D00E8A-7957-4664-A63F-B7D6ACBF8179}" = lport=58831 | protocol=6 | dir=in | name=pando media booster | 
"{766CF0CF-8685-441F-8E7D-6EF26FC77957}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7C0C5F97-EE83-4E53-8EF7-A32E2A37C602}" = lport=138 | protocol=17 | dir=in | app=system | 
"{952FBF44-8F68-4668-8FFA-4FCCA6A3F556}" = lport=58831 | protocol=6 | dir=in | name=pando media booster | 
"{98B47698-EED5-47D3-A8D9-C7E46DE57030}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A57EEF86-5FD6-48A1-AAB5-95B818EB026D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A9CA1DF9-C8AF-42D0-952C-3646F93355C9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AA248EC7-2E7B-4CFD-9C05-A0E79800C0A1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AC705267-6E33-47D1-B932-F35DF64E20F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CCEA91E8-6FC8-4E5C-B2FC-B9AAECD7E051}" = lport=58831 | protocol=17 | dir=in | name=pando media booster | 
"{D3C356E1-86FA-4234-A35C-A04755A11B72}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E4F8A99A-0007-4E80-8F56-22249FE8FD93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E7AE4875-972F-43A4-9625-FB2B4A23111E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E9F75EC8-1917-4955-A334-ADF5CAE73CB8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F82A3A1A-D313-4A2B-AC35-39ED1947535A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FD7855CD-6DFB-44A3-9100-DC7B41E77D4B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0484D0C9-79A5-4D4A-B405-9F359E267857}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{0EB38A33-14F1-49DD-9ACE-236BDBCFDD45}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{0F6743F5-289C-4458-9D15-49F340EE7A49}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrsp.exe | 
"{14E7DE8C-6C5C-414B-A48C-BFA06D97BB89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{183F6F58-F5A8-4739-8012-5EEE7F6EF5BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{191C5940-DFF8-48C6-9229-2FF487BA1160}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{1A102D5E-14F2-4CA2-9FBE-79C61BEA105E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{1AE17B0D-B708-4015-883E-B0F989CB062F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{1B5B6B0F-866E-4242-9D7D-312056001CBF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{1F46FC0E-1F2F-4D4E-8157-9EF5FE7B3151}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{31FEBF23-C066-4B85-B1E7-51DF1A7A4CD7}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{34C43C15-0909-44AF-B5F8-18722A22CCB8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{36CBB5A0-435B-4DCD-80B5-894045359BB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{3773E926-3F56-455D-8243-CEDB27F9EE10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{39E2562F-5909-43EE-ACAE-D836E8078CDE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{3CA1C677-DBEA-4832-965D-AAA0371F8A4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{429DBE23-3330-4C42-93AE-CB95D5A6F343}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{42A01C9B-9413-46F2-892E-794B511BBB64}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{43BF4E65-BBC6-4D99-84BB-DBCB0563D3CC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{458F522B-9664-4ED0-B4EE-E8D2E913F3F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{47671D53-67F1-4A70-9C64-D82AA65DB248}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{4DF4FF68-FA8D-4D2E-A2A9-301D2A1BD52A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4F2915C4-AE24-4D4A-BC18-993E6776EBCB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{4FBDA884-A2A7-4B19-9620-FC61E11B0986}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{509E4DF4-03DF-4A02-B9DA-8204A73E2988}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{50D2073B-8AB8-48AF-855E-8FF24DB3B051}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{518C1A2E-3AA9-48D2-9E2A-9FCFE87FC185}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{56EEE88F-E672-43B5-9306-EC1503C1C60C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{57834053-CB1B-4B46-8706-C18008BA5759}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{58E7512C-228B-49AB-9794-1384791895C0}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{5DA66F21-1DC1-49CC-B90D-63F85F63C71C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{5E6CBC91-67B3-4559-AE36-E050F715F754}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{63874FED-0679-46CA-A55F-DA0F0B55E247}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{64572C76-2E32-41B3-AF96-C5F596EF7017}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{66B15858-11AA-4045-ABAC-D0A3BB13F80A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{6CA883E2-F1BA-4342-AD09-0D2C3B2F0950}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6D053074-C124-47FA-B172-C3DBF810058C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{6E668834-43D1-4D92-A75D-AAA0B5AEB697}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{6F59E42D-6F7F-47BB-B2B2-A381AC31E74D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7713ABC9-91EB-42E4-A88F-396BCEF63B9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{77C9F7B4-8341-47D2-A5EB-5670B5EC220B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7D25F91A-CFD7-49A7-A54D-618821ACC1BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{8277C2E7-55C9-437D-89E6-FF50D5D03F3A}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{8737E9DE-1E3D-4E43-9578-AEA76CDA8812}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{87AB1980-21A8-43BE-BECE-B337190F7082}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrsp.exe | 
"{8D1A13B7-4B6F-40D9-A55B-567C93C49927}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8EB5C94D-243F-4F58-8B2E-9A03CA28C7B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9310A4DB-A117-4F6B-B196-FEB828B2ECBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{9500E2D7-BE2E-4B5C-8CF3-813B9E7066D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{95DD2C02-E72F-48C0-B340-ACDE4C0816E9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{972CBBFE-2AEA-4A67-966C-84ED7CC39051}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{976A3F02-F5AB-485A-962B-F283093C3994}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{9F1B60F0-0930-4FB6-B4C0-8D2C60AED23B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{A1A71991-792D-4597-BD9C-AD6B916A220C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{A9F5E288-5BAE-4DDF-90F3-B6A4BF30F200}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B0A5F6B4-0208-4D59-AB74-101E7EF00E5F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{B24255B9-4C09-466C-BDBD-FF821D4C2885}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B2496F10-134C-49AC-A097-E906FDC43D0D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BBED22FF-7EAE-4E68-A796-3BDBC63B3580}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{BCA610C2-CA02-4541-805D-DB2C54EC292E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BD932E33-D6FF-4AD6-859A-A5F447E609F6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C1625895-873A-4219-8398-4DB992F77667}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C30F53EE-D345-4CF7-A498-19C85E585C5F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{CB821F55-8842-44D0-B285-4C5BDDF6B9B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{CD5151F4-EE11-4BA2-9E50-BE64A25D1D2E}" = protocol=6 | dir=in | app=c:\windows\system32\cnab4rpd.exe | 
"{CEFF6182-F27B-4F02-B580-753EE3AE3CEC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D72A22C1-6633-49ED-BA0B-1661BEF496B5}" = protocol=6 | dir=out | app=system | 
"{D8F09088-20EC-4116-923B-D6B324BCF45B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{D910E058-79CC-4B4B-96E4-97AFF6FA6E38}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{DEC6D3F0-FD33-4A4D-977F-830867F2548A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{E0D584DB-7703-4173-AE57-73D1385E9411}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{E10AFB0A-35E2-404D-83C0-078DF9E3A4DF}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{E2EB9E34-699B-407A-8787-69AD11B0552D}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{E53C0DA5-AE61-4DBD-8BF6-D47B4B1C0E24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E6B6BA08-5F53-45A3-8711-1A4534CE1152}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EA2EAE4F-0743-4D1A-B927-0659138C2F27}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EFF6E9B9-C06D-4588-910A-C3704BB450B8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{F3380AC2-11B2-45A7-B086-75E7DA8DEFCF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F5D9B891-70FC-444A-8C78-F2AFDDEB5892}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{FAC52014-A5CB-48CD-A452-E9D2631F8A72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{FD32AADD-7FEE-49EC-8DE3-7356253E50B9}" = protocol=17 | dir=in | app=c:\windows\system32\cnab4rpd.exe | 
"{FD871367-1092-4A00-9087-D5A950735B3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE7D38EE-577B-4034-9980-05BAB3A14B06}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE836FB1-0EFA-4549-A590-6CA7F8ED9B72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{FF942588-6B9E-4C1B-BD2C-FF2514FBFA1D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"TCP Query User{0858405A-73B0-4B35-821A-613FCFCCD324}C:\users\koro\desktop\farcry 3\bin\farcry3_d3d11.exe" = protocol=6 | dir=in | app=c:\users\koro\desktop\farcry 3\bin\farcry3_d3d11.exe | 
"TCP Query User{5715F4E4-A8A6-4FF9-9550-085D9BEDF87D}C:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrmp.exe | 
"TCP Query User{C741CC5B-A557-4611-847F-E077AA10B089}C:\users\koro\desktop\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\users\koro\desktop\farcry 3\bin\farcry3.exe | 
"TCP Query User{CB4C200D-D732-45F7-938F-AE40E045261C}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{EFD33D39-4DD1-49BC-841F-B5591BFD95F9}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{55DC0DB4-F84E-47BE-8022-626F61F808F0}C:\users\koro\desktop\farcry 3\bin\farcry3_d3d11.exe" = protocol=17 | dir=in | app=c:\users\koro\desktop\farcry 3\bin\farcry3_d3d11.exe | 
"UDP Query User{68516C79-5993-4947-95FA-252116ED8B93}C:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrmp.exe | 
"UDP Query User{850604BA-0E53-4F22-AFF8-57B8914F5061}C:\users\koro\desktop\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\users\koro\desktop\farcry 3\bin\farcry3.exe | 
"UDP Query User{C9406616-C1A9-4CB7-9113-951F5A00B784}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{FDD8CD28-8103-41CC-A635-A21106AE850F}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4
"{12D93D02-3C15-DF08-581F-52E4A1EB0A3D}" = AMD Drag and Drop Transcoding
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5BA8D4F0-C15F-57FE-2B6C-C4AF214833CE}" = AMD Accelerated Video Transcoding
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9064F37C-66B4-BAF2-E8A7-EDE5E72BB16D}" = AMD Media Foundation Decoders
"{BECAA3A9-CC5A-615C-5FF5-F5261E153CF0}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F436A08B-63BB-72A2-17C0-6D8E5182CA49}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Canon LBP2900" = Canon LBP2900
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{12E777A1-74B6-AD5A-D2CD-C792464E425B}" = CCC Help Turkish
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2B8D8529-DA80-74D8-4898-DAA028746E08}" = CCC Help Korean
"{34E7E124-7AA8-1274-1BA2-90CBD7F6B708}" = CCC Help Thai
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3C912BF1-73FE-B493-C7D6-04EBF14F57A2}" = CCC Help Portuguese
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{549FACD7-A5F5-6EA8-7A19-8F7E8CE282A7}" = Catalyst Control Center Localization All
"{5753C527-E2AA-2B8B-AFD1-D4325A0A44B4}" = CCC Help Chinese Standard
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{613C67FF-E71D-124A-6380-E0E77F9438F7}" = CCC Help Polish
"{632B73D1-C23A-0BD4-FBE2-175B680876A9}" = CCC Help Norwegian
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{659F48FB-0A8A-49A1-3FD2-C6F069C10893}" = Catalyst Control Center Graphics Previews Common
"{70CEC2B6-BE72-E9B1-D6B8-C1A3CA170D1F}" = Catalyst Control Center InstallProxy
"{74A3C7EE-10A4-EA61-AC31-335E0500DE48}" = CCC Help English
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77F94BE8-A504-352B-E873-FC78E5FA9CD7}" = CCC Help Japanese
"{79AAA7A5-6917-2C53-7FCB-C00B54602149}" = CCC Help Chinese Traditional
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{926E4789-8065-6F3B-9D9A-5E6AABA000BC}" = CCC Help Czech
"{9700C74F-1D07-FD53-6430-A858B34E30B7}" = CCC Help Russian
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01
"{A0E64741-5C93-FCCD-6A90-248D3C92CAFA}" = CCC Help Greek
"{A8D4FFA9-94CA-B0E4-7ED0-A7FD4DEDB106}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9D5BCE3-6D8B-95B0-925F-F39BFAAB4177}" = CCC Help French
"{ABA15F5D-057C-2677-3C90-04838682F66B}" = CCC Help Dutch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACC88BAA-D748-E9D9-3F72-B359EFD11912}" = CCC Help Swedish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{D33CE733-2DE9-D582-9D35-323F9F79A1EB}" = CCC Help Italian
"{D67A9023-307F-B5A0-8621-5258D3FA9813}" = CCC Help German
"{D7D6CCD3-D9BD-EA92-288E-EFCBDE939FF5}" = Catalyst Control Center
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EF666029-2EDF-C792-D438-34940ED13A46}" = CCC Help Finnish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38EF546-DCE4-E290-AB73-4C57A3AC70A0}" = CCC Help Danish
"{FE6A55DF-D79E-7469-37CC-3E7F08098FCA}" = CCC Help Spanish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"abgx360" = abgx360 v1.0.6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.2.4
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"CPU-Control_is1" = CPU-Control
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"StarCraft II" = StarCraft II
"Steam App 113200" = The Binding of Isaac
"Steam App 201870" = Assassin's Creed Revelations
"Steam App 24240" = PAYDAY: The Heist
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 49520" = Borderlands 2
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 570" = Dota 2
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8980" = Borderlands
"Synthesia" = Synthesia (remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.12.2012 19:33:03 | Computer Name = Koro-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 01.01.2013 12:49:03 | Computer Name = Koro-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 01.01.2013 14:10:49 | Computer Name = Koro-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 02.01.2013 10:40:36 | Computer Name = Koro-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 04.01.2013 18:54:51 | Computer Name = Koro-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 05.01.2013 13:54:09 | Computer Name = Koro-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 05.01.2013 19:44:55 | Computer Name = Koro-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 07.01.2013 09:26:48 | Computer Name = Koro-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 08.01.2013 08:27:19 | Computer Name = Koro-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 08.01.2013 17:17:50 | Computer Name = Koro-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ System Events ]
Error - 05.01.2013 22:53:08 | Computer Name = Koro-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 05.01.2013 22:53:08 | Computer Name = Koro-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 05.01.2013 22:53:08 | Computer Name = Koro-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 05.01.2013 22:53:08 | Computer Name = Koro-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 05.01.2013 22:53:08 | Computer Name = Koro-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 05.01.2013 22:53:08 | Computer Name = Koro-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 05.01.2013 22:54:38 | Computer Name = Koro-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 05.01.2013 22:54:38 | Computer Name = Koro-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 05.01.2013 22:54:38 | Computer Name = Koro-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 06.01.2013 08:09:44 | Computer Name = Koro-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?01.?2013 um 13:08:27 unerwartet heruntergefahren.
 
 
< End of report >
         

Alt 09.01.2013, 15:18   #12
korox
 
Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM - Standard

Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM



----------------------------------------

Geändert von korox (09.01.2013 um 15:20 Uhr) Grund: Doppelpost

Alt 09.01.2013, 16:15   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM - Standard

Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.01.2013, 16:15   #14
korox
 
Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM - Standard

Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=733cb7944ba6ba45b27ef8f09135cc1d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-10 11:48:00
# local_time=2013-01-11 12:48:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=1799 16775165 100 97 12203 223284970 8592 0
# compatibility_mode=5893 16776574 100 94 11083856 109491530 0 0
# scanned=242778
# found=0
# cleaned=0
# scan_time=4359
         
Hi,hatte den Scan über Nacht durchlaufen lassen.Mein Vater meinte aber er käme als ich pennen war in mein Zimmer und machte meinen Pc aus. Weiß jetzt somit nicht ob der Scan zuende war oder nicht.

Alt 11.01.2013, 17:24   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM - Standard

Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM



Dann wirst du den Scan wohl wiederholen müssen.
Mal so als Tipp: man könnte einen Zettel mit "Bitte nicht ausschalten wegen Virenscanner" an den Monitor und/oder PC kleben
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM
aktive, avira, beschädigt, datei, dateien, einfach, erstellen, fund, infiziert, laufwerk, löschen, löschen?, mbam, mdm.exe, neues, nichts, programme, schließen, schonmal, system, trojaner, welchem, windows, zugriff, zugriff verweigert




Ähnliche Themen: Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM


  1. In Telekom "Rechnung" Link angeklickt - danach Emotet durch Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.12.2014 (11)
  2. "Avira wird durch eine Gruppenrichtlinie blockiert" Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 02.07.2014 (12)
  3. "Avira wird durch eine Gruppenrichtlinie blockiert"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2014 (37)
  4. "Avira wird durch eine Gruppenrichtlinie blockiert" - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 22.06.2014 (16)
  5. 2x Computer gesperrt durch "BKA" ...Logfiles erstellt, aber konnten nicht gesendet werden -
    Mülltonne - 18.03.2014 (1)
  6. Win-XP, Avira und MBAM Fund, Trojaner "TR/Drop.Softomat.AN"
    Log-Analyse und Auswertung - 23.02.2014 (9)
  7. Bluescreen beim Enfernen von "ADWARE/BProtector.E" durch Avira Antivir
    Log-Analyse und Auswertung - 08.12.2013 (9)
  8. Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?
    Plagegeister aller Art und deren Bekämpfung - 02.06.2013 (19)
  9. Nach Download von Tuneup Utilities durch ein Begleitprogramm "fakems" Fund
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (1)
  10. Computer gesperrt durch die "Bundespolizei", entsperrung durch Geld
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (22)
  11. Avira Fund "js/obfuscated.cf" und gleich darauf ""TR/SPY.KeyLogger.301" fund auf vista
    Plagegeister aller Art und deren Bekämpfung - 26.02.2012 (19)
  12. Zahlungsaufforderung durch Avira Virenscanner, "Ihr Windowssystem wurde blockiert"
    Log-Analyse und Auswertung - 10.02.2012 (3)
  13. Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM
    Log-Analyse und Auswertung - 01.09.2011 (31)
  14. Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows Defender
    Plagegeister aller Art und deren Bekämpfung - 19.03.2011 (23)
  15. "WORM/Conficker.AK" & "WORM/Kido.IH.40" nach USB-Stick-Anschluss durch AVIRA gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.01.2011 (28)
  16. TR/Crypt.XPACK.Gen3 gelöscht durch Avira, taucht als "ark423.tmp" wieder auf
    Plagegeister aller Art und deren Bekämpfung - 26.09.2010 (7)
  17. Trojaner "Backdoor.Bifrose" ,Fund durch "Spyware Doctor"
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (9)

Zum Thema Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM - Nabend, Hab mir anscheinend einen Trojaner aus welchem Grund auch immer eingefangen. Die Datei, die infiziert wurde lautet "ravmon.exe und der Trojaner "TR/Agent.aeim". Laut Avira wurde der Zugriff dieser Datei - Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM...
Archiv
Du betrachtest: Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.