Spybot S&D Log / Installation von Malwarebytes etc fehlgeschlageb bzw verhindert!

infected1 · 13.02.2013, 22:15

Guten Abend!

Habe den Laptop einer Bekannten da, welchen ich warten soll...
Als die Installation diverser Programme fehlschlug und der Laptop kriechend langsam arbeitete dachte ich mir schon, dass er wohl infiziert sei. Die Installation von KiS 2013, Kaspersky Virus Removal Tool und Malwarebytes schlug fehl!

Folgende Fehlermeldungen wurden mir beim Versuch etwas zu installieren,
in Form eines PopUps angezeigt:

-> "External exception C0000006."

-> "access violation at address 684B271C. Read of address 00000014."

Die Installation von Spybot S&D hingegen verlief reibungslos.
Lange Rede, Kurzer Sinn.. Hier die Logfiles.

Normaler Scan (2x,2 Logs):

Code:

ATTFilter

Search results from Spybot - Search & Destroy

13.02.2013 18:16:27
Scan took 00:27:21.
29 items found.

Babylon.Toolbar: [SBI $F75ED516] IE toolbar (Registry Value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $DEB52F26] Program directory (Directory, nothing done)
  C:\ProgramData\Babylon\

Babylon.Toolbar: [SBI $DEB52F26] Program directory (Directory, nothing done)
  C:\Users\Manu\AppData\Roaming\Babylon\
  Directory.subfile=C:\Users\Manu\AppData\Roaming\Babylon\log_file.txt
  Directory.subfile.size=8695
  Directory.subfile.md5=309C67084C84E8D5C1F46FE48F360E23
  Directory.subfile.filedate=1354818612
  Directory.subfile.filedatetext=2012-12-06 19:30:11

Babylon.Toolbar: [SBI $82C5EBDA] Settings (Registry Value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\AppName

IncrediBar: [SBI $430C5658] User settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\DisplayName

IncrediBar: [SBI $6FA574B7] User settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\URL

IncrediBar: [SBI $91B383C6] User settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope

IncrediBar: [SBI $DDC2CEDF] IE start page (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\Internet Explorer\Main\Start Page

Log: [SBI $8E73A7FB]  Install: setupact.log (File, nothing done)
  C:\Windows\setupact.log
  Properties.size=336
  Properties.md5=4F3BB5CA906CDFED4CBEE14065A561F2
  Properties.filedate=1360773999
  Properties.filedatetext=2013-02-13 17:46:38

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Browser: Cookie (5) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (117) (Browser: Cache, nothing done)
  

Verlauf: [SBI $49804B54] Browser: History (25) (Browser: History, nothing done)
  


--- Spybot - Search & Destroy version: 2.0.12.131  DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-02-13 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDECon64.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)

Search results from Spybot - Search & Destroy

13.02.2013 18:46:40
Scan took 00:26:26.
16 items found.

Babylon.Toolbar: [SBI $F75ED516] IE toolbar (Registry Value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $82C5EBDA] Settings (Registry Value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\AppName

IncrediBar: [SBI $6FA574B7] User settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\URL

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)
  


--- Spybot - Search & Destroy version: 2.0.12.131  DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-02-13 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDECon64.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)

RootKit Scan:

Code:

ATTFilter

// info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Hidden file","C:\Windows\version"
File:"Hidden file","C:\Windows\œø—"
File:"No admin in ACL","C:\System Recovery"
File:"Unknown ADS","C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT:$DATA"
File:"No admin in ACL","C:\Users\Manu\AppData\Roaming\Chorus"
File:"No admin in ACL","C:\Users\Manu\AppData\Roaming\Classic Thick"
File:"No admin in ACL","C:\Users\Manu\AppData\Roaming\Classical"
File:"No admin in ACL","C:\Users\All Users\Clips"
File:"No admin in ACL","C:\Users\All Users\Cocoa"
File:"No admin in ACL","C:\Users\All Users\ColorSync"
File:"No admin in ACL","C:\Users\All Users\PKP_DLes.DAT"
File:"No admin in ACL","C:\Users\All Users\PKP_DLet.DAT"
File:"No admin in ACL","C:\Users\All Users\PKP_DLev.DAT"
File:"No admin in ACL","C:\Users\All Users\Ultima_T15\reg_configek.stn"
File:"No admin in ACL","C:\Users\All Users\Ultima_T15\reg_configel.stn"
File:"No admin in ACL","C:\Users\All Users\Ultima_T15\reg_configen.stn"
File:"No admin in ACL","C:\Users\All Users\String Comparison\CustomDataViews"
File:"No admin in ACL","C:\Users\All Users\Sports\Contextual Menu Items"
File:"No admin in ACL","C:\Users\All Users\Sounds\Console"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\controldata.bin"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\usagestatdata.bin"
File:"No admin in ACL","C:\Users\All Users\EnterNHelp\hxcw.xxc"
File:"No admin in ACL","C:\Users\All Users\EnterNHelp\hxcx.xxc"
File:"No admin in ACL","C:\Users\All Users\EnterNHelp\hxcz.xxc"
File:"No admin in ACL","C:\Users\All Users\EnterNHelp\hxdu.xxb"
File:"No admin in ACL","C:\Users\All Users\EnterNHelp\hxdv.xxb"
File:"No admin in ACL","C:\Users\All Users\EnterNHelp\hxdx.xxb"
File:"No admin in ACL","C:\ProgramData\Clips"
File:"No admin in ACL","C:\ProgramData\Cocoa"
File:"No admin in ACL","C:\ProgramData\ColorSync"
File:"No admin in ACL","C:\ProgramData\PKP_DLes.DAT"
File:"No admin in ACL","C:\ProgramData\PKP_DLet.DAT"
File:"No admin in ACL","C:\ProgramData\PKP_DLev.DAT"
File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configek.stn"
File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configel.stn"
File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configen.stn"
File:"No admin in ACL","C:\ProgramData\String Comparison\CustomDataViews"
File:"No admin in ACL","C:\ProgramData\Sports\Contextual Menu Items"
File:"No admin in ACL","C:\ProgramData\Sounds\Console"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\controldata.bin"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\usagestatdata.bin"
File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxcw.xxc"
File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxcx.xxc"
File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxcz.xxc"
File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxdu.xxb"
File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxdv.xxb"
File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxdx.xxb"

Ich hoffe man kann etwas damit anfangen.Wäre toll wenn jemand helfen könnte

cosinus · 14.02.2013, 13:23

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

infected1 · 14.02.2013, 14:24

Hallo cosinus,

vielen Dank erstmal, dass sich hier jemand die Mühe macht zu lesen.
Finde ich klasse, dass ihr den Leuten hier helft. THUMBSUP ;>

Hier nun die Logs.

adwcleaner:

Code:

ATTFilter

# AdwCleaner v2.112 - Datei am 14/02/2013 um 13:45:48 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Manu - MANU-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Manu\Downloads\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Manu\AppData\Roaming\Mozilla\Firefox\Profiles\arji0m3x.default\searchplugins\babylon1.xml
Datei Gelöscht : C:\Users\Manu\AppData\Roaming\Mozilla\Firefox\Profiles\arji0m3x.default\searchplugins\MyStart Search.xml
Ordner Gelöscht : C:\Users\Manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\5c55da8cbc3ab845
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\Manu\AppData\Roaming\Mozilla\Firefox\Profiles\arji0m3x.default\prefs.js

C:\Users\Manu\AppData\Roaming\Mozilla\Firefox\Profiles\arji0m3x.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "7c4e86d400000000000086d53da85d63");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15680");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117023&tt=061212_621_4912_3");
Gelöscht : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.919:29:55");
Gelöscht : user_pref("extensions.incredibar.admin", false);
Gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar.cntry", "DE");
Gelöscht : user_pref("extensions.incredibar.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
Gelöscht : user_pref("extensions.incredibar.did", "10643");
Gelöscht : user_pref("extensions.incredibar.envrmnt", "production");
Gelöscht : user_pref("extensions.incredibar.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar.hdrMd5", "B02C1F91C8B065FDEB6FE2ECD2104B60");
Gelöscht : user_pref("extensions.incredibar.hmpg", false);
Gelöscht : user_pref("extensions.incredibar.id", "7c4e86d400000000000086d53da85d63");
Gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar.instlDay", "15680");
Gelöscht : user_pref("extensions.incredibar.instlRef", "");
Gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1419:19:19");
Gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gelöscht : user_pref("extensions.incredibar.newTab", false);
Gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.incredibar.ppd", "6666660841");
Gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar.productid", "26");
Gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar.sg", "none");
Gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQRUH6PZ2&loc=IB_T[...]
Gelöscht : user_pref("extensions.incredibar.upn2", "6PQRUH6PZ2");
Gelöscht : user_pref("extensions.incredibar.upn2n", "92544050974870612");
Gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1419:19:19");
Gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10643");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar_i.id", "7c4e86d400000000000086d53da85d63");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15680");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "6666660841");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQRUH6PZ2&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6PQRUH6PZ2");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92544050974870612");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1419:19:19");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Manu\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [12841 octets] - [14/02/2013 13:42:13]
AdwCleaner[R2].txt - [12902 octets] - [14/02/2013 13:43:49]
AdwCleaner[S1].txt - [12550 octets] - [14/02/2013 13:45:48]

########## EOF - C:\AdwCleaner[S1].txt - [12611 octets] ##########

OTL:

Code:

ATTFilter

OTL logfile created on: 14.02.2013 13:56:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Manu\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 60,22% Memory free
7,82 Gb Paging File | 6,07 Gb Available in Paging File | 77,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,01 Gb Total Space | 400,02 Gb Free Space | 88,69% Space Free | Partition Type: NTFS
 
Computer Name: MANU-PC | User Name: Manu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Manu\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-839383218-1862994506-2653409396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-839383218-1862994506-2653409396-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839383218-1862994506-2653409396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/login_verify2?.intl=de&.src=ym"
FF - prefs.js..extensions.enabledAddons: secureLogin%40blueimp.net:1.0.3
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.13 14:26:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.21 15:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\Extensions
[2013.02.13 14:47:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\Firefox\Profiles\arji0m3x.default\extensions
[2013.02.13 14:43:55 | 000,083,379 | ---- | M] () (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\arji0m3x.default\extensions\secureLogin@blueimp.net.xpi
[2012.12.28 15:49:13 | 000,455,379 | ---- | M] () (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\arji0m3x.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2013.02.13 14:45:28 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\arji0m3x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.13 14:47:15 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\arji0m3x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.02.13 14:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.01 19:21:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.01 20:33:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.01 20:33:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.01 20:33:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.01 20:33:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.01 20:33:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.01 20:33:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=117023&tt=061212_621_4912_3&babsrc=HP_ss&mntrId=7c4e86d400000000000086d53da85d63
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.babylon.com/?affID=117023&tt=061212_621_4912_3&babsrc=HP_ss&mntrId=7c4e86d400000000000086d53da85d63
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-839383218-1862994506-2653409396-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_52842471.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{798B7D3A-6A91-4720-AF96-85BD4F54F21A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F13D1983-8F8A-4270-A5E2-999CF42D0733}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.14 13:51:01 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.02.13 21:25:45 | 000,000,000 | ---D | C] -- C:\Users\Manu\Desktop\logs
[2013.02.13 19:15:19 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Avira
[2013.02.13 19:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.13 19:14:08 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.02.13 19:14:08 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.02.13 19:14:08 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.02.13 19:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.13 19:14:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.13 17:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.02.13 17:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.02.13 17:40:19 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2013.02.13 17:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.02.13 17:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.02.13 17:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013.02.13 15:01:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys
[2013.02.13 15:01:23 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbGD.sys
[2013.02.13 15:01:23 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys
[2013.02.13 15:01:23 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll
[2013.02.13 15:01:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.02.13 15:01:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.02.13 15:01:22 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013.02.13 15:01:22 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013.02.13 15:01:22 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
[2013.02.13 15:01:22 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe
[2013.02.13 15:01:22 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2013.02.13 15:01:22 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe
[2013.02.13 15:01:22 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2013.02.13 15:01:22 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2013.02.13 15:01:22 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll
[2013.02.13 15:01:22 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpendp_winip.dll
[2013.02.13 15:01:22 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpendp_winip.dll
[2013.02.13 15:01:22 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe
[2013.02.13 15:01:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll
[2013.02.13 15:01:22 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll
[2013.02.13 15:01:22 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2013.02.13 15:01:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll
[2013.02.13 15:01:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2013.02.13 15:01:22 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll
[2013.02.13 15:01:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll
[2013.02.13 14:59:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013.02.13 14:59:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013.02.13 14:59:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013.02.13 14:59:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013.02.13 14:59:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013.02.13 14:59:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013.02.13 14:59:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013.02.13 14:59:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013.02.13 14:59:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013.02.13 14:59:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013.02.13 14:59:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013.02.13 14:59:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013.02.13 14:59:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013.02.13 14:59:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013.02.13 14:59:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013.02.13 14:58:57 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2013.02.13 14:58:55 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2013.02.13 14:58:55 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2013.02.13 14:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IZArc
[2013.02.13 14:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IZArc
[2013.02.13 14:30:02 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013.02.13 14:30:00 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013.02.13 14:29:59 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013.02.13 14:29:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013.02.13 14:29:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013.02.13 14:29:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013.02.13 14:29:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013.02.13 14:29:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013.02.13 14:29:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013.02.13 14:29:51 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.13 14:26:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.13 14:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.13 14:08:41 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\TeamViewer
[2013.02.13 14:07:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2013.02.13 14:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.02.13 14:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.02.13 13:40:49 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Roxio Log Files
[2013.02.13 13:11:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.08 13:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.14 13:58:04 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.14 13:58:04 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.14 13:48:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.02.14 13:48:49 | 3149,086,720 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.13 22:11:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.02.13 19:14:13 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.13 19:11:51 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.02.13 19:11:51 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.02.13 19:11:51 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.02.13 17:40:23 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.13 17:27:25 | 000,001,008 | ---- | M] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_52842471.lnk
[2013.02.13 17:24:08 | 151,559,240 | ---- | M] () -- C:\Users\Manu\Desktop\setup_11.0.0.1245.x01_2013_01_09_15_11.exe
[2013.02.13 15:11:56 | 000,276,968 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.02.13 15:03:36 | 001,636,092 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.02.13 15:03:36 | 000,697,322 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.02.13 15:03:36 | 000,652,600 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.02.13 15:03:36 | 000,148,328 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.02.13 15:03:36 | 000,121,274 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.02.13 14:56:10 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.02.13 14:56:10 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.13 14:32:32 | 000,001,490 | ---- | M] () -- C:\Users\Manu\Desktop\INTERNET.lnk
[2013.02.13 14:26:16 | 000,001,149 | -H-- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.13 14:07:52 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.02.13 14:04:14 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.13 13:37:35 | 000,001,547 | ---- | M] () -- C:\Users\Manu\Desktop\Media Player.lnk
[2013.02.13 13:29:51 | 000,001,158 | ---- | M] () -- C:\Users\Manu\Desktop\DOWNLOADS.lnk
[2013.02.13 13:23:01 | 000,000,962 | ---- | M] () -- C:\Users\Manu\Desktop\EIGENE DATEIEN.lnk
[2013.02.13 13:16:14 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013.02.13 13:12:44 | 000,000,020 | ---- | M] () -- C:\windows\œø—
[2013.02.13 13:01:27 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif
 
========== Files Created - No Company Name ==========
 
[2013.02.13 19:14:13 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.13 17:40:23 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.02.13 17:40:23 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.13 17:27:25 | 000,001,008 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_52842471.lnk
[2013.02.13 17:27:23 | 151,559,240 | ---- | C] () -- C:\Users\Manu\Desktop\setup_11.0.0.1245.x01_2013_01_09_15_11.exe
[2013.02.13 14:32:32 | 000,001,490 | ---- | C] () -- C:\Users\Manu\Desktop\INTERNET.lnk
[2013.02.13 14:07:52 | 000,001,176 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.02.13 14:07:52 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.02.13 14:04:14 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.13 13:37:35 | 000,001,547 | ---- | C] () -- C:\Users\Manu\Desktop\Media Player.lnk
[2013.02.13 13:29:51 | 000,001,158 | ---- | C] () -- C:\Users\Manu\Desktop\DOWNLOADS.lnk
[2013.02.13 13:23:01 | 000,000,962 | ---- | C] () -- C:\Users\Manu\Desktop\EIGENE DATEIEN.lnk
[2013.02.13 13:12:44 | 000,000,020 | ---- | C] () -- C:\windows\œø—
[2012.01.14 18:51:04 | 000,000,268 | RH-- | C] () -- C:\ProgramData\ColorSync
[2012.01.14 18:51:04 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Cocoa
[2012.01.14 18:51:04 | 000,000,268 | RH-- | C] () -- C:\Users\Manu\AppData\Roaming\Classical
[2012.01.14 18:51:04 | 000,000,268 | RH-- | C] () -- C:\Users\Manu\AppData\Roaming\Classic Thick
[2012.01.14 18:51:04 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.01.14 18:51:04 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.01.14 18:51:03 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips
[2012.01.14 18:51:03 | 000,000,268 | RH-- | C] () -- C:\Users\Manu\AppData\Roaming\Chorus
[2012.01.14 18:51:03 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.12.21 17:44:30 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2011.12.16 23:29:16 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.12.16 23:29:16 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.12.16 23:29:15 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011.12.16 22:09:45 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011.11.16 21:49:04 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011.11.16 21:49:01 | 000,000,324 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011.11.16 21:49:01 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011.11.16 21:49:01 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011.11.16 21:49:01 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011.11.16 21:49:01 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011.11.16 21:49:01 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011.11.16 21:49:01 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011.11.16 20:25:01 | 001,591,994 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

OTL Extras:

Code:

ATTFilter

OTL Extras logfile created on: 14.02.2013 13:56:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Manu\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 60,22% Memory free
7,82 Gb Paging File | 6,07 Gb Available in Paging File | 77,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,01 Gb Total Space | 400,02 Gb Free Space | 88,69% Space Free | Partition Type: NTFS
 
Computer Name: MANU-PC | User Name: Manu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-839383218-1862994506-2653409396-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D2640E6-CDBB-4280-9B8D-6CACA5625E19}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0E3D918B-9329-4899-ADB1-EA52F0211A6F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{23B48315-BE5D-421E-A299-537C9639BF8B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2476512B-0808-47E1-8A62-55DAA3448374}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{30A09BBF-A7ED-46BC-B260-200B140529B4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{315AF883-829A-4B15-9D8A-7CE8B5AAAEF7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{34683385-9331-47B8-977A-CE02297F52DE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{37E43800-2D3E-403A-B368-7517B5821632}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3E032883-86B9-4521-B607-F22460EE7C3B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{533FA386-351D-4FE5-910B-B4D1071795BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5E39A6B2-DBBD-4835-B9AD-38D4956B25B4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6E2E0075-9712-47C7-A192-BCDDE295F116}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6E5EC0F9-BDFC-43CE-ABE8-4C47205D0A65}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7DA5B9E2-7AAB-4F74-B0A5-ACC26346A3A9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A360B7F3-49BE-4948-A6CE-A666EA3B16C3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A3F12726-40CD-4BFB-9010-9D10F2F28918}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BD87E599-B7FE-49C4-96F9-629E962112EA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C7F35BA5-4F58-4002-8B58-3E9F95F95BAC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF47223F-043D-42C9-8F6D-E75DCDF94FE1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E11CFC73-1992-4D02-ABE4-B7D34F41BD00}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FB4B0177-CEAA-4E04-B7C2-C58FCCB4E8FA}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D62F71-E6DE-4305-8379-C97D566E9C5C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{026DEB72-4C04-4867-BBD7-845871FF58C8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{13C12704-4AAB-40CB-8AB5-D4CC62408794}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{18BF1F60-0DF3-4B81-8EDE-10BF6B468C71}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{19D8255D-7CCB-4C1F-B310-F5F8C15D95EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A6D2652-B04B-49FD-81A3-D6BFC9765B88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A894B2E-10A0-4D92-9DA0-23F1478A0004}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3EADC401-5CF6-4B26-A237-6055E322AAD0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4BB775BA-0753-4C2B-90F6-94AE4BF21D36}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4FDC57EF-AEC5-4817-963C-26C5DEA7A15E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{57A1B437-18AA-493E-9F61-9BD273EBC7AA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{57FC4494-5C44-4F85-A321-EDDF51AD05C4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5A3BA01F-610D-4FD8-A8C9-02C8C902863E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{63F1A8D1-569B-4F7C-B265-B6B4106DBD5B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{65E9AC8E-E0D0-4317-A266-EBB9A4313C0C}" = protocol=6 | dir=out | app=system | 
"{69B1992D-7280-43F5-91CD-A438FD13EA75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6C42FB5B-BE2E-4A79-A4CC-A87432ED7D8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88A52872-0F41-47F6-AFE2-CB9A108A87B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DEE03DD-1335-4E16-B155-49E98F9F8CDF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9CF83DD3-4BED-4D0C-B346-303F66467A3F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A4672EB4-7D93-4438-8E77-41BEC9AC686E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{B4107E49-9B5B-4C1C-924C-28A26C455C78}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | 
"{D0B8FFCE-ECDA-47A0-875B-242F0DC70900}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{D3CB9D73-8891-4090-872F-3270937F16CC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D4E2D899-4E8E-4D1B-94CE-279ECAA16129}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D87B4EBA-EDB0-418F-8BFB-E75B9CCAD02E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D9DA4FD8-020F-4878-BAAA-B5359F29870F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DBE6DE31-3F46-494A-9AC2-F54E64429312}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EF5E9A54-4288-48DF-B782-70CDC3E00E95}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F398671B-4889-4192-B523-D9B43AB00344}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Dell Support Center
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}" = Dell MusicStage
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}" = Dell Stage
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"TeamViewer 8" = TeamViewer 8
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.02.2013 17:55:27 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2403
 
Error - 04.02.2013 17:57:49 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.02.2013 17:57:49 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 144332
 
Error - 04.02.2013 17:57:49 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 144332
 
Error - 05.02.2013 09:46:00 | Computer Name = Manu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.02.2013 12:01:25 | Computer Name = Manu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.02.2013 17:02:35 | Computer Name = Manu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.02.2013 11:36:01 | Computer Name = Manu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.02.2013 14:34:37 | Computer Name = Manu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.02.2013 15:42:05 | Computer Name = Manu-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Spybot - Search and Destroy Events ]
Error - 13.02.2013 13:20:04 | Computer Name = Manu-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 13.02.2013 13:41:06 | Computer Name = Manu-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 13.02.2013 13:41:07 | Computer Name = Manu-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 13.02.2013 13:41:08 | Computer Name = Manu-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 13.02.2013 13:41:09 | Computer Name = Manu-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 13.02.2013 13:41:10 | Computer Name = Manu-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 13.02.2013 13:41:11 | Computer Name = Manu-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 13.02.2013 13:41:12 | Computer Name = Manu-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 13.02.2013 13:41:13 | Computer Name = Manu-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 13.02.2013 13:54:03 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 14.02.2013 08:38:09 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
 
< End of report >

cosinus · 14.02.2013, 14:28

Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

infected1 · 14.02.2013, 16:11

done.

malwarebytes:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.14.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Manu :: MANU-PC [administrator]

14.02.2013 15:06:28
mbar-log-2013-02-14 (15-06-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29266
Time elapsed: 11 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER:

Code:

ATTFilter

GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-14 15:55:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.D005 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Manu\AppData\Local\Temp\pxldypog.sys


---- User code sections - GMER 2.0 ----

.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      00000000767f1401 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        00000000767f1419 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      00000000767f1431 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      00000000767f144a 2 bytes [7F, 76]
.text   ...                                                                                                                                                 * 9
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000767f14dd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000767f14f5 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         00000000767f150d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  00000000767f1525 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        00000000767f153d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17             00000000767f1555 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      00000000767f156d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        00000000767f1585 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           00000000767f159d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000767f15b5 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000767f15cd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000767f16b2 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000767f16bd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                        00000000767f1401 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!EnumProcessModules + 17                          00000000767f1419 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!GetModuleInformation + 17                        00000000767f1431 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!GetModuleInformation + 42                        00000000767f144a 2 bytes [7F, 76]
.text   ...                                                                                                                                                 * 9
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                           00000000767f14dd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                    00000000767f14f5 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                           00000000767f150d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                    00000000767f1525 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                          00000000767f153d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!EnumProcesses + 17                               00000000767f1555 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                        00000000767f156d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!GetPerformanceInfo + 17                          00000000767f1585 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!QueryWorkingSet + 17                             00000000767f159d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                          00000000767f15b5 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                        00000000767f15cd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                    00000000767f16b2 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1964] C:\windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                    00000000767f16bd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                      00000000767f1401 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                        00000000767f1419 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                      00000000767f1431 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                      00000000767f144a 2 bytes [7F, 76]
.text   ...                                                                                                                                                 * 9
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                         00000000767f14dd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                  00000000767f14f5 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                         00000000767f150d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                  00000000767f1525 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                        00000000767f153d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                             00000000767f1555 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                      00000000767f156d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                        00000000767f1585 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                           00000000767f159d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                        00000000767f15b5 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                      00000000767f15cd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                  00000000767f16b2 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2116] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                  00000000767f16bd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17       00000000767f1401 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17         00000000767f1419 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17       00000000767f1431 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42       00000000767f144a 2 bytes [7F, 76]
.text   ...                                                                                                                                                 * 9
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17          00000000767f14dd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17   00000000767f14f5 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17          00000000767f150d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17   00000000767f1525 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17         00000000767f153d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17              00000000767f1555 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17       00000000767f156d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17         00000000767f1585 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17            00000000767f159d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17         00000000767f15b5 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17       00000000767f15cd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20   00000000767f16b2 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4772] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31   00000000767f16bd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                         00000000767f1401 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!EnumProcessModules + 17                           00000000767f1419 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!GetModuleInformation + 17                         00000000767f1431 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!GetModuleInformation + 42                         00000000767f144a 2 bytes [7F, 76]
.text   ...                                                                                                                                                 * 9
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                            00000000767f14dd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                     00000000767f14f5 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                            00000000767f150d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                     00000000767f1525 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                           00000000767f153d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!EnumProcesses + 17                                00000000767f1555 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                         00000000767f156d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!GetPerformanceInfo + 17                           00000000767f1585 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!QueryWorkingSet + 17                              00000000767f159d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                           00000000767f15b5 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                         00000000767f15cd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                     00000000767f16b2 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4864] C:\windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                     00000000767f16bd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17          00000000767f1401 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17            00000000767f1419 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17          00000000767f1431 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42          00000000767f144a 2 bytes [7F, 76]
.text   ...                                                                                                                                                 * 9
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17             00000000767f14dd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17      00000000767f14f5 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17             00000000767f150d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17      00000000767f1525 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17            00000000767f153d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                 00000000767f1555 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17          00000000767f156d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17            00000000767f1585 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17               00000000767f159d 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17            00000000767f15b5 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17          00000000767f15cd 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20      00000000767f16b2 2 bytes [7F, 76]
.text   C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2748] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31      00000000767f16bd 2 bytes [7F, 76]

---- Devices - GMER 2.0 ----

Device  \Driver\iaStor \Device\Dev_fffffa80040f8050                                                                                                         fffffa80083c2888

---- Threads - GMER 2.0 ----

Thread  System [4:924]                                                                                                                                      fffffa80083bb620

---- Registry - GMER 2.0 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b                                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d054a8                                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e4d53da85d64                                                                         
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet)                                                     
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d054a8 (not active ControlSet)                                                     
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e4d53da85d64 (not active ControlSet)                                                     

---- EOF - GMER 2.0 ----

cosinus · 14.02.2013, 16:51

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

infected1 · 14.02.2013, 20:05

aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-14 18:47:45
-----------------------------
18:47:45.560    OS Version: Windows x64 6.1.7601 Service Pack 1
18:47:45.560    Number of processors: 4 586 0x2A07
18:47:45.560    ComputerName: MANU-PC  UserName: Manu
18:47:47.105    Initialize success
18:49:25.127    AVAST engine defs: 13021400
18:49:46.139    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:49:46.139    Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
18:49:46.217    Disk 0 MBR read successfully
18:49:46.217    Disk 0 MBR scan
18:49:46.232    Disk 0 Windows 7 default MBR code
18:49:46.279    Disk 0 Partition 1 00     DE Dell Utility DELL 8.0      100 MB offset 2048
18:49:46.295    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 206848
18:49:46.310    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461838 MB offset 30926848
18:49:46.342    Disk 0 scanning C:\windows\system32\drivers
18:49:59.477    Service scanning
18:50:25.825    Modules scanning
18:50:25.841    Disk 0 trace - called modules:
18:50:25.872    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
18:50:26.387    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004616060]
18:50:26.387    3 CLASSPNP.SYS[fffff8800124d43f] -> nt!IofCallDriver -> [0xfffffa80040f1a10]
18:50:26.402    5 ACPI.sys[fffff88000f077a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040f8050]
18:50:27.760    AVAST engine scan C:\windows
18:50:30.802    AVAST engine scan C:\windows\system32
18:53:27.940    AVAST engine scan C:\windows\system32\drivers
18:53:42.550    AVAST engine scan C:\Users\Manu
18:58:49.308    AVAST engine scan C:\ProgramData
19:00:49.569    Scan finished successfully
19:06:20.914    Disk 0 MBR has been saved successfully to "C:\Users\Manu\Desktop\MBR.dat"
19:06:20.914    The log file has been saved successfully to "C:\Users\Manu\Desktop\aswMBR.txt"

TDSS-Killer:

Code:

ATTFilter

19:08:50.0261 0784  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:08:50.0276 0784  ============================================================
19:08:50.0276 0784  Current date / time: 2013/02/14 19:08:50.0276
19:08:50.0276 0784  SystemInfo:
19:08:50.0276 0784  
19:08:50.0276 0784  OS Version: 6.1.7601 ServicePack: 1.0
19:08:50.0276 0784  Product type: Workstation
19:08:50.0276 0784  ComputerName: MANU-PC
19:08:50.0276 0784  UserName: Manu
19:08:50.0276 0784  Windows directory: C:\windows
19:08:50.0276 0784  System windows directory: C:\windows
19:08:50.0276 0784  Running under WOW64
19:08:50.0276 0784  Processor architecture: Intel x64
19:08:50.0276 0784  Number of processors: 4
19:08:50.0276 0784  Page size: 0x1000
19:08:50.0276 0784  Boot type: Normal boot
19:08:50.0276 0784  ============================================================
19:08:50.0744 0784  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:08:50.0760 0784  ============================================================
19:08:50.0760 0784  \Device\Harddisk0\DR0:
19:08:50.0760 0784  MBR partitions:
19:08:50.0760 0784  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
19:08:50.0760 0784  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
19:08:50.0760 0784  ============================================================
19:08:50.0776 0784  C: <-> \Device\Harddisk0\DR0\Partition2
19:08:50.0791 0784  ============================================================
19:08:50.0791 0784  Initialize success
19:08:50.0791 0784  ============================================================
19:09:41.0990 5732  ============================================================
19:09:41.0990 5732  Scan started
19:09:41.0990 5732  Mode: Manual; SigCheck; TDLFS; 
19:09:41.0990 5732  ============================================================
19:09:42.0256 5732  ================ Scan system memory ========================
19:09:42.0256 5732  System memory - ok
19:09:42.0256 5732  ================ Scan services =============================
19:09:42.0427 5732  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
19:09:42.0474 5732  1394ohci - ok
19:09:42.0568 5732  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:09:42.0599 5732  ACDaemon - ok
19:09:42.0630 5732  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
19:09:42.0661 5732  ACPI - ok
19:09:42.0692 5732  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
19:09:42.0739 5732  AcpiPmi - ok
19:09:42.0817 5732  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:09:42.0848 5732  AdobeARMservice - ok
19:09:42.0958 5732  [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:09:42.0989 5732  AdobeFlashPlayerUpdateSvc - ok
19:09:43.0036 5732  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
19:09:43.0082 5732  adp94xx - ok
19:09:43.0098 5732  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
19:09:43.0114 5732  adpahci - ok
19:09:43.0129 5732  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
19:09:43.0129 5732  adpu320 - ok
19:09:43.0160 5732  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
19:09:43.0223 5732  AeLookupSvc - ok
19:09:43.0301 5732  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
19:09:43.0348 5732  AESTFilters - ok
19:09:43.0394 5732  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
19:09:43.0457 5732  AFD - ok
19:09:43.0504 5732  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
19:09:43.0535 5732  agp440 - ok
19:09:43.0550 5732  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
19:09:43.0597 5732  ALG - ok
19:09:43.0613 5732  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
19:09:43.0628 5732  aliide - ok
19:09:43.0644 5732  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
19:09:43.0644 5732  amdide - ok
19:09:43.0675 5732  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
19:09:43.0722 5732  AmdK8 - ok
19:09:43.0738 5732  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
19:09:43.0753 5732  AmdPPM - ok
19:09:43.0769 5732  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
19:09:43.0784 5732  amdsata - ok
19:09:43.0784 5732  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
19:09:43.0816 5732  amdsbs - ok
19:09:43.0816 5732  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
19:09:43.0831 5732  amdxata - ok
19:09:43.0987 5732  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:09:44.0018 5732  AntiVirSchedulerService - ok
19:09:44.0065 5732  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:09:44.0096 5732  AntiVirService - ok
19:09:44.0143 5732  [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService  C:\windows\system32\DRIVERS\Apfiltr.sys
19:09:44.0174 5732  ApfiltrService - ok
19:09:44.0221 5732  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
19:09:44.0284 5732  AppID - ok
19:09:44.0315 5732  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
19:09:44.0377 5732  AppIDSvc - ok
19:09:44.0408 5732  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
19:09:44.0455 5732  Appinfo - ok
19:09:44.0518 5732  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:09:44.0533 5732  Apple Mobile Device - ok
19:09:44.0549 5732  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
19:09:44.0564 5732  arc - ok
19:09:44.0596 5732  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
19:09:44.0596 5732  arcsas - ok
19:09:44.0689 5732  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:09:44.0705 5732  aspnet_state - ok
19:09:44.0736 5732  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
19:09:44.0767 5732  AsyncMac - ok
19:09:44.0830 5732  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
19:09:44.0845 5732  atapi - ok
19:09:44.0876 5732  [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort       C:\windows\system32\DRIVERS\btath_flt.sys
19:09:44.0892 5732  AthBTPort - ok
19:09:44.0954 5732  [ 650F111D5CDA64C10AE4B9D1BA9D4FFF ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
19:09:44.0970 5732  Atheros Bt&Wlan Coex Agent - ok
19:09:45.0001 5732  [ 44FB485B94A8332D877F659366CEDBC8 ] AtherosSvc      C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
19:09:45.0001 5732  AtherosSvc - ok
19:09:45.0095 5732  [ 5493ED5D300AFC7A9A0A87FCA08E5381 ] athr            C:\windows\system32\DRIVERS\athrx.sys
19:09:45.0204 5732  athr - ok
19:09:45.0251 5732  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:09:45.0313 5732  AudioEndpointBuilder - ok
19:09:45.0344 5732  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
19:09:45.0360 5732  AudioSrv - ok
19:09:45.0407 5732  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
19:09:45.0407 5732  avgntflt - ok
19:09:45.0438 5732  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
19:09:45.0454 5732  avipbb - ok
19:09:45.0500 5732  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
19:09:45.0500 5732  avkmgr - ok
19:09:45.0563 5732  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
19:09:45.0610 5732  AxInstSV - ok
19:09:45.0656 5732  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
19:09:45.0703 5732  b06bdrv - ok
19:09:45.0766 5732  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
19:09:45.0812 5732  b57nd60a - ok
19:09:45.0844 5732  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
19:09:45.0875 5732  BDESVC - ok
19:09:45.0890 5732  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
19:09:45.0953 5732  Beep - ok
19:09:46.0000 5732  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
19:09:46.0078 5732  BFE - ok
19:09:46.0109 5732  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
19:09:46.0156 5732  BITS - ok
19:09:46.0187 5732  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
19:09:46.0234 5732  blbdrive - ok
19:09:46.0265 5732  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:09:46.0296 5732  Bonjour Service - ok
19:09:46.0327 5732  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
19:09:46.0374 5732  bowser - ok
19:09:46.0390 5732  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
19:09:46.0421 5732  BrFiltLo - ok
19:09:46.0436 5732  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
19:09:46.0436 5732  BrFiltUp - ok
19:09:46.0483 5732  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
19:09:46.0514 5732  Browser - ok
19:09:46.0530 5732  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
19:09:46.0592 5732  Brserid - ok
19:09:46.0608 5732  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
19:09:46.0624 5732  BrSerWdm - ok
19:09:46.0655 5732  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
19:09:46.0670 5732  BrUsbMdm - ok
19:09:46.0686 5732  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
19:09:46.0702 5732  BrUsbSer - ok
19:09:46.0748 5732  [ FE70889A85C57A9268101B2DB0474509 ] BTATH_A2DP      C:\windows\system32\drivers\btath_a2dp.sys
19:09:46.0764 5732  BTATH_A2DP - ok
19:09:46.0795 5732  [ A9DF22429E8D69ED849B0BBBE16BD327 ] BTATH_BUS       C:\windows\system32\DRIVERS\btath_bus.sys
19:09:46.0811 5732  BTATH_BUS - ok
19:09:46.0826 5732  [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP      C:\windows\system32\DRIVERS\btath_hcrp.sys
19:09:46.0858 5732  BTATH_HCRP - ok
19:09:46.0889 5732  [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT     C:\windows\system32\DRIVERS\btath_lwflt.sys
19:09:46.0904 5732  BTATH_LWFLT - ok
19:09:46.0920 5732  [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP       C:\windows\system32\DRIVERS\btath_rcp.sys
19:09:46.0920 5732  BTATH_RCP - ok
19:09:46.0982 5732  [ FF59EE1DDAC776246F43BF434194650F ] BtFilter        C:\windows\system32\DRIVERS\btfilter.sys
19:09:46.0998 5732  BtFilter - ok
19:09:47.0045 5732  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
19:09:47.0076 5732  BthEnum - ok
19:09:47.0123 5732  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
19:09:47.0170 5732  BTHMODEM - ok
19:09:47.0185 5732  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
19:09:47.0232 5732  BthPan - ok
19:09:47.0263 5732  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
19:09:47.0310 5732  BTHPORT - ok
19:09:47.0341 5732  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
19:09:47.0404 5732  bthserv - ok
19:09:47.0435 5732  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
19:09:47.0450 5732  BTHUSB - ok
19:09:47.0466 5732  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
19:09:47.0528 5732  cdfs - ok
19:09:47.0591 5732  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
19:09:47.0622 5732  cdrom - ok
19:09:47.0669 5732  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
19:09:47.0731 5732  CertPropSvc - ok
19:09:47.0762 5732  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
19:09:47.0778 5732  circlass - ok
19:09:47.0809 5732  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
19:09:47.0856 5732  CLFS - ok
19:09:47.0903 5732  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:09:47.0934 5732  clr_optimization_v2.0.50727_32 - ok
19:09:47.0950 5732  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:09:47.0965 5732  clr_optimization_v2.0.50727_64 - ok
19:09:48.0059 5732  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:09:48.0090 5732  clr_optimization_v4.0.30319_32 - ok
19:09:48.0121 5732  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:09:48.0137 5732  clr_optimization_v4.0.30319_64 - ok
19:09:48.0152 5732  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
19:09:48.0199 5732  CmBatt - ok
19:09:48.0215 5732  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
19:09:48.0215 5732  cmdide - ok
19:09:48.0246 5732  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\windows\system32\Drivers\cng.sys
19:09:48.0262 5732  CNG - ok
19:09:48.0308 5732  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
19:09:48.0324 5732  Compbatt - ok
19:09:48.0340 5732  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
19:09:48.0386 5732  CompositeBus - ok
19:09:48.0402 5732  COMSysApp - ok
19:09:48.0418 5732  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
19:09:48.0418 5732  crcdisk - ok
19:09:48.0464 5732  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
19:09:48.0496 5732  CryptSvc - ok
19:09:48.0558 5732  [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt        C:\windows\system32\DRIVERS\CtClsFlt.sys
19:09:48.0589 5732  CtClsFlt - ok
19:09:48.0683 5732  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:09:48.0745 5732  cvhsvc - ok
19:09:48.0792 5732  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
19:09:48.0839 5732  DcomLaunch - ok
19:09:48.0870 5732  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
19:09:48.0964 5732  defragsvc - ok
19:09:48.0979 5732  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
19:09:49.0026 5732  DfsC - ok
19:09:49.0042 5732  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
19:09:49.0104 5732  Dhcp - ok
19:09:49.0135 5732  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
19:09:49.0182 5732  discache - ok
19:09:49.0213 5732  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
19:09:49.0213 5732  Disk - ok
19:09:49.0244 5732  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
19:09:49.0291 5732  Dnscache - ok
19:09:49.0307 5732  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
19:09:49.0354 5732  dot3svc - ok
19:09:49.0354 5732  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
19:09:49.0385 5732  DPS - ok
19:09:49.0432 5732  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
19:09:49.0478 5732  drmkaud - ok
19:09:49.0510 5732  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
19:09:49.0588 5732  DXGKrnl - ok
19:09:49.0619 5732  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
19:09:49.0666 5732  EapHost - ok
19:09:49.0759 5732  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
19:09:49.0884 5732  ebdrv - ok
19:09:49.0931 5732  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
19:09:49.0962 5732  EFS - ok
19:09:50.0040 5732  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
19:09:50.0134 5732  ehRecvr - ok
19:09:50.0165 5732  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
19:09:50.0196 5732  ehSched - ok
19:09:50.0227 5732  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
19:09:50.0274 5732  elxstor - ok
19:09:50.0290 5732  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
19:09:50.0321 5732  ErrDev - ok
19:09:50.0352 5732  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
19:09:50.0414 5732  EventSystem - ok
19:09:50.0430 5732  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
19:09:50.0461 5732  exfat - ok
19:09:50.0492 5732  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
19:09:50.0555 5732  fastfat - ok
19:09:50.0586 5732  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
19:09:50.0633 5732  Fax - ok
19:09:50.0633 5732  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
19:09:50.0664 5732  fdc - ok
19:09:50.0695 5732  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
19:09:50.0742 5732  fdPHost - ok
19:09:50.0742 5732  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
19:09:50.0789 5732  FDResPub - ok
19:09:50.0804 5732  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
19:09:50.0820 5732  FileInfo - ok
19:09:50.0836 5732  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
19:09:50.0882 5732  Filetrace - ok
19:09:50.0898 5732  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
19:09:50.0914 5732  flpydisk - ok
19:09:50.0929 5732  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
19:09:50.0945 5732  FltMgr - ok
19:09:50.0992 5732  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
19:09:51.0070 5732  FontCache - ok
19:09:51.0101 5732  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:09:51.0132 5732  FontCache3.0.0.0 - ok
19:09:51.0163 5732  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
19:09:51.0163 5732  FsDepends - ok
19:09:51.0194 5732  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
19:09:51.0226 5732  Fs_Rec - ok
19:09:51.0241 5732  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
19:09:51.0257 5732  fvevol - ok
19:09:51.0288 5732  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
19:09:51.0288 5732  gagp30kx - ok
19:09:51.0319 5732  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:09:51.0350 5732  GEARAspiWDM - ok
19:09:51.0382 5732  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
19:09:51.0413 5732  gpsvc - ok
19:09:51.0428 5732  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
19:09:51.0475 5732  hcw85cir - ok
19:09:51.0506 5732  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:09:51.0553 5732  HdAudAddService - ok
19:09:51.0569 5732  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
19:09:51.0616 5732  HDAudBus - ok
19:09:51.0631 5732  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
19:09:51.0647 5732  HidBatt - ok
19:09:51.0678 5732  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
19:09:51.0725 5732  HidBth - ok
19:09:51.0725 5732  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
19:09:51.0740 5732  HidIr - ok
19:09:51.0756 5732  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
19:09:51.0787 5732  hidserv - ok
19:09:51.0818 5732  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
19:09:51.0850 5732  HidUsb - ok
19:09:51.0896 5732  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
19:09:51.0943 5732  hkmsvc - ok
19:09:51.0959 5732  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:09:52.0006 5732  HomeGroupListener - ok
19:09:52.0037 5732  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:09:52.0068 5732  HomeGroupProvider - ok
19:09:52.0099 5732  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
19:09:52.0099 5732  HpSAMD - ok
19:09:52.0130 5732  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
19:09:52.0208 5732  HTTP - ok
19:09:52.0224 5732  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
19:09:52.0224 5732  hwpolicy - ok
19:09:52.0271 5732  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
19:09:52.0271 5732  i8042prt - ok
19:09:52.0380 5732  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
19:09:52.0411 5732  iaStor - ok
19:09:52.0489 5732  [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:09:52.0520 5732  IAStorDataMgrSvc - ok
19:09:52.0536 5732  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
19:09:52.0552 5732  iaStorV - ok
19:09:52.0645 5732  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:09:52.0661 5732  IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:09:52.0661 5732  IDriverT - detected UnsignedFile.Multi.Generic (1)
19:09:52.0723 5732  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:09:52.0801 5732  idsvc - ok
19:09:53.0082 5732  [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
19:09:53.0410 5732  igfx - ok
19:09:53.0441 5732  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
19:09:53.0441 5732  iirsp - ok
19:09:53.0488 5732  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
19:09:53.0550 5732  IKEEXT - ok
19:09:53.0597 5732  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
19:09:53.0628 5732  IntcDAud - ok
19:09:53.0659 5732  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
19:09:53.0659 5732  intelide - ok
19:09:53.0690 5732  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
19:09:53.0722 5732  intelppm - ok
19:09:53.0768 5732  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
19:09:53.0846 5732  IPBusEnum - ok
19:09:53.0862 5732  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
19:09:53.0893 5732  IpFilterDriver - ok
19:09:53.0924 5732  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
19:09:53.0971 5732  iphlpsvc - ok
19:09:53.0987 5732  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
19:09:54.0002 5732  IPMIDRV - ok
19:09:54.0034 5732  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
19:09:54.0049 5732  IPNAT - ok
19:09:54.0112 5732  [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:09:54.0158 5732  iPod Service - ok
19:09:54.0190 5732  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
19:09:54.0205 5732  IRENUM - ok
19:09:54.0221 5732  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
19:09:54.0252 5732  isapnp - ok
19:09:54.0268 5732  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
19:09:54.0283 5732  iScsiPrt - ok
19:09:54.0299 5732  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
19:09:54.0314 5732  kbdclass - ok
19:09:54.0330 5732  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
19:09:54.0346 5732  kbdhid - ok
19:09:54.0377 5732  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
19:09:54.0392 5732  KeyIso - ok
19:09:54.0439 5732  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
19:09:54.0439 5732  KSecDD - ok
19:09:54.0470 5732  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
19:09:54.0502 5732  KSecPkg - ok
19:09:54.0533 5732  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
19:09:54.0595 5732  ksthunk - ok
19:09:54.0626 5732  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
19:09:54.0689 5732  KtmRm - ok
19:09:54.0736 5732  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
19:09:54.0814 5732  LanmanServer - ok
19:09:54.0829 5732  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:09:54.0860 5732  LanmanWorkstation - ok
19:09:54.0892 5732  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
19:09:54.0954 5732  lltdio - ok
19:09:54.0970 5732  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
19:09:55.0001 5732  lltdsvc - ok
19:09:55.0016 5732  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
19:09:55.0063 5732  lmhosts - ok
19:09:55.0094 5732  [ 98B16E756243BEA9410E32025B19C06F ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:09:55.0126 5732  LMS - ok
19:09:55.0141 5732  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
19:09:55.0157 5732  LSI_FC - ok
19:09:55.0188 5732  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
19:09:55.0188 5732  LSI_SAS - ok
19:09:55.0219 5732  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
19:09:55.0219 5732  LSI_SAS2 - ok
19:09:55.0235 5732  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
19:09:55.0250 5732  LSI_SCSI - ok
19:09:55.0266 5732  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
19:09:55.0297 5732  luafv - ok
19:09:55.0344 5732  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
19:09:55.0391 5732  Mcx2Svc - ok
19:09:55.0422 5732  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
19:09:55.0422 5732  megasas - ok
19:09:55.0453 5732  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
19:09:55.0469 5732  MegaSR - ok
19:09:55.0484 5732  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
19:09:55.0500 5732  MEIx64 - ok
19:09:55.0531 5732  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
19:09:55.0594 5732  MMCSS - ok
19:09:55.0609 5732  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
19:09:55.0656 5732  Modem - ok
19:09:55.0672 5732  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
19:09:55.0718 5732  monitor - ok
19:09:55.0718 5732  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
19:09:55.0734 5732  mouclass - ok
19:09:55.0765 5732  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
19:09:55.0781 5732  mouhid - ok
19:09:55.0796 5732  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
19:09:55.0812 5732  mountmgr - ok
19:09:55.0859 5732  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:09:55.0890 5732  MozillaMaintenance - ok
19:09:55.0921 5732  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
19:09:55.0952 5732  mpio - ok
19:09:55.0952 5732  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
19:09:55.0984 5732  mpsdrv - ok
19:09:56.0030 5732  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
19:09:56.0093 5732  MpsSvc - ok
19:09:56.0108 5732  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
19:09:56.0140 5732  MRxDAV - ok
19:09:56.0171 5732  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
19:09:56.0202 5732  mrxsmb - ok
19:09:56.0218 5732  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
19:09:56.0233 5732  mrxsmb10 - ok
19:09:56.0249 5732  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
19:09:56.0264 5732  mrxsmb20 - ok
19:09:56.0280 5732  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
19:09:56.0280 5732  msahci - ok
19:09:56.0296 5732  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
19:09:56.0311 5732  msdsm - ok
19:09:56.0327 5732  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
19:09:56.0342 5732  MSDTC - ok
19:09:56.0374 5732  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
19:09:56.0405 5732  Msfs - ok
19:09:56.0436 5732  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
19:09:56.0467 5732  mshidkmdf - ok
19:09:56.0483 5732  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
19:09:56.0483 5732  msisadrv - ok
19:09:56.0514 5732  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
19:09:56.0576 5732  MSiSCSI - ok
19:09:56.0576 5732  msiserver - ok
19:09:56.0623 5732  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
19:09:56.0670 5732  MSKSSRV - ok
19:09:56.0686 5732  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
19:09:56.0717 5732  MSPCLOCK - ok
19:09:56.0732 5732  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
19:09:56.0764 5732  MSPQM - ok
19:09:56.0779 5732  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
19:09:56.0795 5732  MsRPC - ok
19:09:56.0810 5732  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
19:09:56.0810 5732  mssmbios - ok
19:09:56.0826 5732  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
19:09:56.0888 5732  MSTEE - ok
19:09:56.0904 5732  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
19:09:56.0904 5732  MTConfig - ok
19:09:56.0920 5732  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
19:09:56.0935 5732  Mup - ok
19:09:56.0966 5732  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
19:09:57.0044 5732  napagent - ok
19:09:57.0076 5732  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
19:09:57.0138 5732  NativeWifiP - ok
19:09:57.0169 5732  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
19:09:57.0216 5732  NDIS - ok
19:09:57.0232 5732  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
19:09:57.0263 5732  NdisCap - ok
19:09:57.0278 5732  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
19:09:57.0310 5732  NdisTapi - ok
19:09:57.0325 5732  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
19:09:57.0388 5732  Ndisuio - ok
19:09:57.0403 5732  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
19:09:57.0434 5732  NdisWan - ok
19:09:57.0450 5732  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
19:09:57.0466 5732  NDProxy - ok
19:09:57.0497 5732  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
19:09:57.0544 5732  NetBIOS - ok
19:09:57.0559 5732  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
19:09:57.0590 5732  NetBT - ok
19:09:57.0606 5732  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
19:09:57.0606 5732  Netlogon - ok
19:09:57.0653 5732  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
19:09:57.0715 5732  Netman - ok
19:09:57.0746 5732  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:09:57.0746 5732  NetMsmqActivator - ok
19:09:57.0762 5732  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:09:57.0762 5732  NetPipeActivator - ok
19:09:57.0793 5732  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
19:09:57.0824 5732  netprofm - ok
19:09:57.0840 5732  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:09:57.0840 5732  NetTcpActivator - ok
19:09:57.0840 5732  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:09:57.0856 5732  NetTcpPortSharing - ok
19:09:57.0887 5732  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
19:09:57.0887 5732  nfrd960 - ok
19:09:57.0918 5732  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
19:09:57.0949 5732  NlaSvc - ok
19:09:58.0105 5732  [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU            C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
19:09:58.0183 5732  NOBU - ok
19:09:58.0199 5732  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
19:09:58.0230 5732  Npfs - ok
19:09:58.0246 5732  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
19:09:58.0277 5732  nsi - ok
19:09:58.0308 5732  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
19:09:58.0355 5732  nsiproxy - ok
19:09:58.0417 5732  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
19:09:58.0495 5732  Ntfs - ok
19:09:58.0511 5732  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
19:09:58.0542 5732  Null - ok
19:09:58.0573 5732  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
19:09:58.0573 5732  nvraid - ok
19:09:58.0589 5732  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
19:09:58.0604 5732  nvstor - ok
19:09:58.0620 5732  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
19:09:58.0636 5732  nv_agp - ok
19:09:58.0651 5732  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
19:09:58.0667 5732  ohci1394 - ok
19:09:58.0729 5732  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:09:58.0745 5732  ose - ok
19:09:58.0885 5732  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:09:59.0057 5732  osppsvc - ok
19:09:59.0088 5732  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
19:09:59.0135 5732  p2pimsvc - ok
19:09:59.0150 5732  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
19:09:59.0197 5732  p2psvc - ok
19:09:59.0213 5732  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
19:09:59.0244 5732  Parport - ok
19:09:59.0260 5732  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
19:09:59.0291 5732  partmgr - ok
19:09:59.0306 5732  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
19:09:59.0353 5732  PcaSvc - ok
19:09:59.0384 5732  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
19:09:59.0384 5732  pci - ok
19:09:59.0416 5732  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
19:09:59.0431 5732  pciide - ok
19:09:59.0447 5732  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
19:09:59.0462 5732  pcmcia - ok
19:09:59.0478 5732  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
19:09:59.0478 5732  pcw - ok
19:09:59.0509 5732  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
19:09:59.0540 5732  PEAUTH - ok
19:09:59.0618 5732  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
19:09:59.0650 5732  PerfHost - ok
19:09:59.0728 5732  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
19:09:59.0821 5732  pla - ok
19:09:59.0868 5732  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
19:09:59.0915 5732  PlugPlay - ok
19:09:59.0946 5732  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
19:09:59.0977 5732  PNRPAutoReg - ok
19:09:59.0993 5732  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
19:09:59.0993 5732  PNRPsvc - ok
19:10:00.0040 5732  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
19:10:00.0118 5732  PolicyAgent - ok
19:10:00.0133 5732  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\windows\system32\umpo.dll
19:10:00.0149 5732  Power - ok
19:10:00.0180 5732  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
19:10:00.0242 5732  PptpMiniport - ok
19:10:00.0274 5732  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
19:10:00.0289 5732  Processor - ok
19:10:00.0320 5732  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
19:10:00.0352 5732  ProfSvc - ok
19:10:00.0383 5732  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:10:00.0414 5732  ProtectedStorage - ok
19:10:00.0430 5732  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
19:10:00.0476 5732  Psched - ok
19:10:00.0523 5732  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\windows\system32\Drivers\PxHlpa64.sys
19:10:00.0539 5732  PxHlpa64 - ok
19:10:00.0617 5732  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
19:10:00.0664 5732  ql2300 - ok
19:10:00.0679 5732  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
19:10:00.0695 5732  ql40xx - ok
19:10:00.0726 5732  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
19:10:00.0757 5732  QWAVE - ok
19:10:00.0773 5732  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
19:10:00.0788 5732  QWAVEdrv - ok
19:10:00.0820 5732  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
19:10:00.0866 5732  RasAcd - ok
19:10:00.0913 5732  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
19:10:00.0929 5732  RasAgileVpn - ok
19:10:00.0960 5732  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
19:10:00.0991 5732  RasAuto - ok
19:10:01.0007 5732  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
19:10:01.0038 5732  Rasl2tp - ok
19:10:01.0069 5732  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
19:10:01.0100 5732  RasMan - ok
19:10:01.0132 5732  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
19:10:01.0178 5732  RasPppoe - ok
19:10:01.0194 5732  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
19:10:01.0225 5732  RasSstp - ok
19:10:01.0241 5732  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
19:10:01.0288 5732  rdbss - ok
19:10:01.0303 5732  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
19:10:01.0319 5732  rdpbus - ok
19:10:01.0334 5732  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
19:10:01.0366 5732  RDPCDD - ok
19:10:01.0397 5732  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
19:10:01.0475 5732  RDPENCDD - ok
19:10:01.0490 5732  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
19:10:01.0506 5732  RDPREFMP - ok
19:10:01.0568 5732  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
19:10:01.0600 5732  RdpVideoMiniport - ok
19:10:01.0631 5732  [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
19:10:01.0646 5732  RDPWD - ok
19:10:01.0662 5732  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
19:10:01.0709 5732  rdyboost - ok
19:10:01.0740 5732  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
19:10:01.0802 5732  RemoteAccess - ok
19:10:01.0818 5732  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
19:10:01.0865 5732  RemoteRegistry - ok
19:10:01.0896 5732  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
19:10:01.0943 5732  RFCOMM - ok
19:10:01.0974 5732  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
19:10:02.0068 5732  RpcEptMapper - ok
19:10:02.0083 5732  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
19:10:02.0114 5732  RpcLocator - ok
19:10:02.0146 5732  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
19:10:02.0208 5732  RpcSs - ok
19:10:02.0224 5732  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
19:10:02.0255 5732  rspndr - ok
19:10:02.0302 5732  [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
19:10:02.0317 5732  RSUSBSTOR - ok
19:10:02.0348 5732  [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
19:10:02.0395 5732  RTL8167 - ok
19:10:02.0411 5732  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
19:10:02.0411 5732  SamSs - ok
19:10:02.0426 5732  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
19:10:02.0442 5732  sbp2port - ok
19:10:02.0458 5732  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
19:10:02.0489 5732  SCardSvr - ok
19:10:02.0504 5732  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
19:10:02.0536 5732  scfilter - ok
19:10:02.0551 5732  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
19:10:02.0645 5732  Schedule - ok
19:10:02.0660 5732  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
19:10:02.0707 5732  SCPolicySvc - ok
19:10:02.0738 5732  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
19:10:02.0785 5732  SDRSVC - ok
19:10:02.0941 5732  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
19:10:02.0972 5732  SDScannerService - ok
19:10:03.0066 5732  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:10:03.0113 5732  SDUpdateService - ok
19:10:03.0144 5732  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:10:03.0175 5732  SDWSCService - ok
19:10:03.0206 5732  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
19:10:03.0269 5732  secdrv - ok
19:10:03.0300 5732  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
19:10:03.0331 5732  seclogon - ok
19:10:03.0347 5732  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
19:10:03.0378 5732  SENS - ok
19:10:03.0409 5732  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
19:10:03.0456 5732  SensrSvc - ok
19:10:03.0487 5732  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
19:10:03.0518 5732  Serenum - ok
19:10:03.0534 5732  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
19:10:03.0550 5732  Serial - ok
19:10:03.0581 5732  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
19:10:03.0628 5732  sermouse - ok
19:10:03.0659 5732  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
19:10:03.0721 5732  SessionEnv - ok
19:10:03.0737 5732  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
19:10:03.0752 5732  sffdisk - ok
19:10:03.0784 5732  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
19:10:03.0799 5732  sffp_mmc - ok
19:10:03.0815 5732  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
19:10:03.0862 5732  sffp_sd - ok
19:10:03.0893 5732  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
19:10:03.0908 5732  sfloppy - ok
19:10:03.0940 5732  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
19:10:03.0986 5732  Sftfs - ok
19:10:04.0033 5732  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:10:04.0080 5732  sftlist - ok
19:10:04.0111 5732  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
19:10:04.0142 5732  Sftplay - ok
19:10:04.0158 5732  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
19:10:04.0174 5732  Sftredir - ok
19:10:04.0252 5732  [ 74EC60E20516AAA573BE74F31175270F ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
19:10:04.0298 5732  SftService - ok
19:10:04.0314 5732  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
19:10:04.0314 5732  Sftvol - ok
19:10:04.0345 5732  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:10:04.0376 5732  sftvsa - ok
19:10:04.0408 5732  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
19:10:04.0470 5732  SharedAccess - ok
19:10:04.0486 5732  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:10:04.0564 5732  ShellHWDetection - ok
19:10:04.0595 5732  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
19:10:04.0595 5732  SiSRaid2 - ok
19:10:04.0610 5732  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
19:10:04.0626 5732  SiSRaid4 - ok
19:10:04.0657 5732  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
19:10:04.0720 5732  Smb - ok
19:10:04.0735 5732  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
19:10:04.0751 5732  SNMPTRAP - ok
19:10:04.0782 5732  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
19:10:04.0798 5732  spldr - ok
19:10:04.0844 5732  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
19:10:04.0907 5732  Spooler - ok
19:10:05.0016 5732  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
19:10:05.0156 5732  sppsvc - ok
19:10:05.0172 5732  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
19:10:05.0188 5732  sppuinotify - ok
19:10:05.0234 5732  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
19:10:05.0266 5732  srv - ok
19:10:05.0281 5732  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
19:10:05.0359 5732  srv2 - ok
19:10:05.0375 5732  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
19:10:05.0390 5732  srvnet - ok
19:10:05.0422 5732  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
19:10:05.0484 5732  SSDPSRV - ok
19:10:05.0500 5732  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
19:10:05.0515 5732  SstpSvc - ok
19:10:05.0578 5732  [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
19:10:05.0624 5732  STacSV - ok
19:10:05.0640 5732  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
19:10:05.0671 5732  stexstor - ok
19:10:05.0702 5732  [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA           C:\windows\system32\DRIVERS\stwrt64.sys
19:10:05.0780 5732  STHDA - ok
19:10:05.0827 5732  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
19:10:05.0905 5732  stisvc - ok
19:10:05.0921 5732  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
19:10:05.0936 5732  swenum - ok
19:10:05.0968 5732  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
19:10:06.0014 5732  swprv - ok
19:10:06.0061 5732  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
19:10:06.0155 5732  SysMain - ok
19:10:06.0155 5732  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:10:06.0170 5732  TabletInputService - ok
19:10:06.0186 5732  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
19:10:06.0217 5732  TapiSrv - ok
19:10:06.0233 5732  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
19:10:06.0264 5732  TBS - ok
19:10:06.0358 5732  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
19:10:06.0436 5732  Tcpip - ok
19:10:06.0498 5732  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
19:10:06.0529 5732  TCPIP6 - ok
19:10:06.0560 5732  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
19:10:06.0576 5732  tcpipreg - ok
19:10:06.0607 5732  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
19:10:06.0638 5732  TDPIPE - ok
19:10:06.0654 5732  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
19:10:06.0670 5732  TDTCP - ok
19:10:06.0685 5732  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
19:10:06.0716 5732  tdx - ok
19:10:06.0857 5732  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
19:10:06.0904 5732  TeamViewer8 - ok
19:10:06.0935 5732  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
19:10:06.0950 5732  TermDD - ok
19:10:06.0982 5732  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
19:10:07.0013 5732  TermService - ok
19:10:07.0028 5732  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
19:10:07.0044 5732  Themes - ok
19:10:07.0060 5732  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
19:10:07.0091 5732  THREADORDER - ok
19:10:07.0106 5732  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
19:10:07.0138 5732  TrkWks - ok
19:10:07.0184 5732  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:10:07.0231 5732  TrustedInstaller - ok
19:10:07.0262 5732  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
19:10:07.0294 5732  tssecsrv - ok
19:10:07.0325 5732  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
19:10:07.0387 5732  TsUsbFlt - ok
19:10:07.0403 5732  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
19:10:07.0450 5732  TsUsbGD - ok
19:10:07.0496 5732  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
19:10:07.0559 5732  tunnel - ok
19:10:07.0606 5732  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\windows\system32\DRIVERS\TurboB.sys
19:10:07.0606 5732  TurboB - ok
19:10:07.0637 5732  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:10:07.0668 5732  TurboBoost - ok
19:10:07.0699 5732  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
19:10:07.0699 5732  uagp35 - ok
19:10:07.0715 5732  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
19:10:07.0793 5732  udfs - ok
19:10:07.0824 5732  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
19:10:07.0855 5732  UI0Detect - ok
19:10:07.0886 5732  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
19:10:07.0918 5732  uliagpkx - ok
19:10:07.0918 5732  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
19:10:07.0964 5732  umbus - ok
19:10:07.0980 5732  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
19:10:07.0996 5732  UmPass - ok
19:10:08.0136 5732  [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:10:08.0230 5732  UNS - ok
19:10:08.0292 5732  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
19:10:08.0401 5732  upnphost - ok
19:10:08.0432 5732  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
19:10:08.0479 5732  USBAAPL64 - ok
19:10:08.0495 5732  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
19:10:08.0542 5732  usbccgp - ok
19:10:08.0557 5732  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
19:10:08.0573 5732  usbcir - ok
19:10:08.0588 5732  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
19:10:08.0620 5732  usbehci - ok
19:10:08.0666 5732  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
19:10:08.0698 5732  usbhub - ok
19:10:08.0713 5732  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
19:10:08.0729 5732  usbohci - ok
19:10:08.0760 5732  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
19:10:08.0807 5732  usbprint - ok
19:10:08.0822 5732  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
19:10:08.0838 5732  USBSTOR - ok
19:10:08.0869 5732  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
19:10:08.0900 5732  usbuhci - ok
19:10:08.0932 5732  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
19:10:08.0978 5732  usbvideo - ok
19:10:08.0994 5732  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
19:10:09.0056 5732  UxSms - ok
19:10:09.0072 5732  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
19:10:09.0088 5732  VaultSvc - ok
19:10:09.0103 5732  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
19:10:09.0134 5732  vdrvroot - ok
19:10:09.0150 5732  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
19:10:09.0212 5732  vds - ok
19:10:09.0228 5732  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
19:10:09.0244 5732  vga - ok
19:10:09.0259 5732  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
19:10:09.0290 5732  VgaSave - ok
19:10:09.0306 5732  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
19:10:09.0306 5732  vhdmp - ok
19:10:09.0337 5732  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
19:10:09.0337 5732  viaide - ok
19:10:09.0353 5732  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
19:10:09.0368 5732  volmgr - ok
19:10:09.0384 5732  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
19:10:09.0415 5732  volmgrx - ok
19:10:09.0431 5732  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
19:10:09.0446 5732  volsnap - ok
19:10:09.0462 5732  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
19:10:09.0478 5732  vsmraid - ok
19:10:09.0540 5732  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
19:10:09.0618 5732  VSS - ok
19:10:09.0634 5732  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
19:10:09.0649 5732  vwifibus - ok
19:10:09.0680 5732  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
19:10:09.0727 5732  vwififlt - ok
19:10:09.0743 5732  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
19:10:09.0774 5732  vwifimp - ok
19:10:09.0805 5732  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
19:10:09.0836 5732  W32Time - ok
19:10:09.0868 5732  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
19:10:09.0899 5732  WacomPen - ok
19:10:09.0914 5732  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
19:10:09.0977 5732  WANARP - ok
19:10:09.0977 5732  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
19:10:09.0992 5732  Wanarpv6 - ok
19:10:10.0039 5732  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
19:10:10.0133 5732  wbengine - ok
19:10:10.0148 5732  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
19:10:10.0195 5732  WbioSrvc - ok
19:10:10.0211 5732  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
19:10:10.0242 5732  wcncsvc - ok
19:10:10.0258 5732  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:10:10.0289 5732  WcsPlugInService - ok
19:10:10.0304 5732  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
19:10:10.0336 5732  Wd - ok
19:10:10.0398 5732  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
19:10:10.0445 5732  Wdf01000 - ok
19:10:10.0476 5732  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
19:10:10.0570 5732  WdiServiceHost - ok
19:10:10.0585 5732  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
19:10:10.0585 5732  WdiSystemHost - ok
19:10:10.0601 5732  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
19:10:10.0632 5732  WebClient - ok
19:10:10.0648 5732  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
19:10:10.0710 5732  Wecsvc - ok
19:10:10.0726 5732  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
19:10:10.0757 5732  wercplsupport - ok
19:10:10.0772 5732  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
19:10:10.0804 5732  WerSvc - ok
19:10:10.0819 5732  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
19:10:10.0850 5732  WfpLwf - ok
19:10:10.0897 5732  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\windows\system32\DRIVERS\wimfltr.sys
19:10:10.0928 5732  WimFltr - ok
19:10:10.0944 5732  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
19:10:10.0960 5732  WIMMount - ok
19:10:10.0975 5732  WinDefend - ok
19:10:10.0991 5732  WinHttpAutoProxySvc - ok
19:10:11.0038 5732  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
19:10:11.0100 5732  Winmgmt - ok
19:10:11.0178 5732  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
19:10:11.0240 5732  WinRM - ok
19:10:11.0303 5732  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
19:10:11.0350 5732  WinUsb - ok
19:10:11.0381 5732  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
19:10:11.0459 5732  Wlansvc - ok
19:10:11.0490 5732  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
19:10:11.0490 5732  WmiAcpi - ok
19:10:11.0521 5732  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
19:10:11.0537 5732  wmiApSrv - ok
19:10:11.0552 5732  WMPNetworkSvc - ok
19:10:11.0584 5732  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
19:10:11.0630 5732  WPCSvc - ok
19:10:11.0646 5732  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
19:10:11.0662 5732  WPDBusEnum - ok
19:10:11.0677 5732  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
19:10:11.0708 5732  ws2ifsl - ok
19:10:11.0724 5732  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
19:10:11.0740 5732  wscsvc - ok
19:10:11.0755 5732  WSearch - ok
19:10:11.0833 5732  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
19:10:11.0927 5732  wuauserv - ok
19:10:11.0958 5732  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
19:10:11.0974 5732  WudfPf - ok
19:10:12.0005 5732  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
19:10:12.0036 5732  WUDFRd - ok
19:10:12.0067 5732  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
19:10:12.0114 5732  wudfsvc - ok
19:10:12.0145 5732  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
19:10:12.0176 5732  WwanSvc - ok
19:10:12.0208 5732  ================ Scan global ===============================
19:10:12.0223 5732  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:10:12.0254 5732  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
19:10:12.0270 5732  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
19:10:12.0301 5732  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:10:12.0317 5732  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:10:12.0332 5732  [Global] - ok
19:10:12.0332 5732  ================ Scan MBR ==================================
19:10:12.0348 5732  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:10:12.0816 5732  \Device\Harddisk0\DR0 - ok
19:10:12.0816 5732  ================ Scan VBR ==================================
19:10:12.0816 5732  [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
19:10:12.0816 5732  \Device\Harddisk0\DR0\Partition1 - ok
19:10:12.0847 5732  [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2
19:10:12.0863 5732  \Device\Harddisk0\DR0\Partition2 - ok
19:10:12.0863 5732  ============================================================
19:10:12.0863 5732  Scan finished
19:10:12.0863 5732  ============================================================
19:10:12.0878 1504  Detected object count: 1
19:10:12.0878 1504  Actual detected object count: 1
19:10:33.0767 1504  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:33.0767 1504  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:36.0559 6600  Deinitialize success

Vielen Dank für deine Hilfe

cosinus · 15.02.2013, 10:46

Ist unauffällig. Eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Spybot S&D Log / Installation von Malwarebytes etc fehlgeschlageb bzw verhindert!

Log-Analyse und Auswertung: Spybot S&D Log / Installation von Malwarebytes etc fehlgeschlageb bzw verhindert!