sauberer PC nach Polizei Trojaner Infektion?

tomuhl · 15.02.2013, 09:30

Liebes Trojaner-Board

Am Dienstag habe ich mir die Schweizer Version des Polizei Trojaners eingefangen, mein User Account war blockiert. Ein zweiter Account auf dem selben Computer war von dieser Sperrung nicht betroffen. Bei einer Internetrecherche wie ich den Computer wieder entsperren kann bin ich auf diese Anleitung gestossen

hxxp://www.melani.admin.ch/dienstleistungen/archiv/01130/index.html?lang=de

allerdings blieb dieser Ansatz erfolglos, da ich nicht in den Abgesicherten Modus starten konnte.

Als nächstes habe ich dann versucht mit dem Norton Bootable Recovery Wizard zu starten um den Computer auf die Schadsoftware hin zu scannen. Das Norton Tool hat allerdings nichts verdächtiges gefunden.

So bin ich dann auf dem Trojaner-Board gelandet.
Ich habe von dem zweiten Account aus dann den Computer mit Malwarebytes gescannt.

PHP-Code:

  Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

 
Datenbank Version: v2013.02.13.07

 
Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Sonja :: SONEA [Administrator]

 
13.02.2013 18:56:25

MBAM-log-2013-02-13 (19-23-21).txt

 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|X:\|Y:\|Z:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 512093

Laufzeit: 26 Minute(n), 28 Sekunde(n)

 
Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)

 
Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)

 
Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)

 
Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)

 
Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)

 
Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)

 
Infizierte Dateien: 2

C:\Users\Tom\AppData\Local\Temp\k1ypybffyvqs4xvmhz8pxm.exe (Trojan.Zbot) -> Keine Aktion durchgeführt.

C:\Users\Tom\AppData\Roaming\skype.dat (Trojan.Zbot) -> Keine Aktion durchgeführt.

 
(Ende)

 
 
 
-=E.O.F=-

PHP-Code:

  OTL logfile created on: 15.02.2013 07:59:09 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tom\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

 

7.00 Gb Total Physical Memory | 5.47 Gb Available Physical Memory | 78.11% Memory free

10.90 Gb Paging File | 9.26 Gb Available in Paging File | 84.91% Paging File free

Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 55.90 Gb Total Space | 9.36 Gb Free Space | 16.74% Space Free | Partition Type: NTFS

Drive D: | 853.39 Gb Total Space | 645.48 Gb Free Space | 75.64% Space Free | Partition Type: NTFS

Drive G: | 69.34 Gb Total Space | 29.42 Gb Free Space | 42.43% Space Free | Partition Type: NTFS

Drive X: | 853.51 Gb Total Space | 760.93 Gb Free Space | 89.15% Space Free | Partition Type: NTFS

Drive Y: | 8.66 Gb Total Space | 6.04 Gb Free Space | 69.69% Space Free | Partition Type: NTFS

Drive Z: | 78.03 Gb Total Space | 71.12 Gb Free Space | 91.15% Space Free | Partition Type: NTFS

 

Computer Name: SONEA | User Name: Tom | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

[color=#E56717]========== Processes (SafeList) ==========[/color]

 

PRC - [2013.02.15 07:40:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe

PRC - [2012.12.05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe

PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012.07.31 04:19:26 | 000,041,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

PRC - [2012.07.30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2012.06.07 16:34:32 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

PRC - [2012.04.04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.11.03 18:25:08 | 000,315,904 | ---- | M] (Thermo Fisher Scientific Inc.) -- G:\Software\bin\ExactiveService.exe

PRC - [2011.08.16 14:57:00 | 000,282,624 | ---- | M] (Thermo Fisher Scientific Inc.) -- G:\Software\ThermoFisher.Foundation.AcquisitionService.exe

PRC - [2011.08.16 14:56:40 | 000,022,528 | ---- | M] (Thermo Fisher Scientific Inc.) -- G:\Software\ThermoFisher.Foundation.AcquisitionMonitor.exe

PRC - [2011.08.16 14:56:14 | 000,040,960 | ---- | M] (Thermo Fisher Scientific Inc.) -- G:\Software\CFRDBService.exe

PRC - [2011.08.16 14:56:08 | 000,024,576 | ---- | M] (Thermo Fisher Scientific Inc.) -- G:\Software\ThermoFisher.Foundation.Auditing.FinSecurityService.exe

PRC - [2011.08.16 14:56:06 | 000,024,576 | ---- | M] (Thermo Fisher Scientific Inc.) -- G:\Software\FinAutoLogOff.exe

PRC - [2011.08.16 14:55:58 | 000,018,432 | ---- | M] (Thermo Fisher Scientific Inc.) -- G:\Software\TMODeviceMsgDispatcher.exe

PRC - [2011.08.12 11:30:48 | 000,065,536 | ---- | M] (Thermo Electron Corporation) -- G:\Software\system\programs\finSS_Server.exe

PRC - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

 

 

[color=#E56717]========== Modules (No Company Name) ==========[/color]

 

MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\wincfi39.dll

MOD - [2009.02.27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU

MOD - [2009.02.27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA

 

 

[color=#E56717]========== Services (SafeList) ==========[/color]

 

SRV:[b]64bit:[/b] - [2012.02.05 08:27:17 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:[b]64bit:[/b] - [2012.01.08 19:44:41 | 000,189,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqtgsvc.exe -- (MSMQTriggers)

SRV:[b]64bit:[/b] - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:[b]64bit:[/b] - [2009.07.14 02:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)

SRV:[b]64bit:[/b] - [2009.07.14 02:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)

SRV:[b]64bit:[/b] - [2009.04.19 08:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)

SRV:[b]64bit:[/b] - [2009.04.19 08:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)

SRV - [2013.02.12 19:04:11 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.01.25 18:12:46 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.12.05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe -- (NIS)

SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.06.07 16:34:32 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)

SRV - [2012.04.04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.02.05 08:25:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.11.03 18:25:08 | 000,315,904 | ---- | M] (Thermo Fisher Scientific Inc.) [Auto | Running] -- G:\Software\bin\ExactiveService.exe -- (Exactive)

SRV - [2011.08.16 14:57:00 | 000,282,624 | ---- | M] (Thermo Fisher Scientific Inc.) [Auto | Running] -- G:\Software\ThermoFisher.Foundation.AcquisitionService.exe -- (ThermoFisher.Foundation.AcquisitionService)

SRV - [2011.08.16 14:56:40 | 000,022,528 | ---- | M] (Thermo Fisher Scientific Inc.) [Auto | Running] -- G:\Software\ThermoFisher.Foundation.AcquisitionMonitor.exe -- (Thermo.Foundation.Acquisition.Service.Monitor)

SRV - [2011.08.16 14:56:14 | 000,040,960 | ---- | M] (Thermo Fisher Scientific Inc.) [Auto | Running] -- G:\Software\CFRDBService.exe -- (FinniganDatabaseService)

SRV - [2011.08.16 14:56:08 | 000,024,576 | ---- | M] (Thermo Fisher Scientific Inc.) [Auto | Running] -- G:\Software\ThermoFisher.Foundation.Auditing.FinSecurityService.exe -- (FinniganSecurityService)

SRV - [2011.08.16 14:56:06 | 000,024,576 | ---- | M] (Thermo Fisher Scientific Inc.) [Auto | Running] -- G:\Software\FinAutoLogOff.exe -- (Finnigan Auto Log Off)

SRV - [2011.08.16 14:55:58 | 000,018,432 | ---- | M] (Thermo Fisher Scientific Inc.) [Auto | Running] -- G:\Software\TMODeviceMsgDispatcher.exe -- (TMODevMsgDispatcher)

SRV - [2011.08.12 11:30:48 | 000,065,536 | ---- | M] (Thermo Electron Corporation) [Auto | Running] -- G:\Software\system\programs\finSS_Server.exe -- (Finnigan Security Server)

SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

 

DRV:[b]64bit:[/b] - [2012.12.29 10:08:18 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:[b]64bit:[/b] - [2012.10.09 02:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtsp64.sys -- (SRTSP)

DRV:[b]64bit:[/b] - [2012.10.04 02:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symefa64.sys -- (SymEFA)

DRV:[b]64bit:[/b] - [2012.10.04 02:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symds64.sys -- (SymDS)

DRV:[b]64bit:[/b] - [2012.09.07 03:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symnets.sys -- (SymNetS)

DRV:[b]64bit:[/b] - [2012.09.07 02:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ironx64.sys -- (SymIRON)

DRV:[b]64bit:[/b] - [2012.09.06 18:40:52 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtspx64.sys -- (SRTSPX)

DRV:[b]64bit:[/b] - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:[b]64bit:[/b] - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:[b]64bit:[/b] - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:[b]64bit:[/b] - [2012.08.20 20:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ccsetx64.sys -- (ccSet_NIS)

DRV:[b]64bit:[/b] - [2012.07.26 06:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:[b]64bit:[/b] - [2012.06.07 16:25:20 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)

DRV:[b]64bit:[/b] - [2012.06.07 16:24:23 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)

DRV:[b]64bit:[/b] - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:[b]64bit:[/b] - [2012.02.16 18:31:41 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)

DRV:[b]64bit:[/b] - [2012.01.08 19:44:00 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:[b]64bit:[/b] - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:[b]64bit:[/b] - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:[b]64bit:[/b] - [2010.08.12 21:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)

DRV:[b]64bit:[/b] - [2010.03.30 22:27:42 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3)

DRV:[b]64bit:[/b] - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:[b]64bit:[/b] - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:[b]64bit:[/b] - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:[b]64bit:[/b] - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:[b]64bit:[/b] - [2009.07.14 01:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)

DRV:[b]64bit:[/b] - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:[b]64bit:[/b] - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:[b]64bit:[/b] - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:[b]64bit:[/b] - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:[b]64bit:[/b] - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:[b]64bit:[/b] - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

DRV - [2013.01.16 18:19:49 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130212.023\ex64.sys -- (NAVEX15)

DRV - [2013.01.16 18:19:48 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130212.023\eng64.sys -- (NAVENG)

DRV - [2013.01.16 03:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012.12.29 10:09:28 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012.12.29 10:09:28 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012.12.28 16:39:26 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130212.002\IDSviA64.sys -- (IDSVia64)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

 

 

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

 

 

[color=#E56717]========== Internet Explorer ==========[/color]

 

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

[color=#E56717]========== FireFox ==========[/color]

 

FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1

FF - prefs.js..extensions.enabledAddons: {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}:0.7.7

FF - user.js - File not found

 

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\ [2012.12.29 10:08:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ [2013.02.15 07:57:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.20 15:48:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.25 18:12:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2012.02.04 21:12:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions

[2012.10.24 16:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\fbgnlz8l.default\extensions

[2012.10.14 07:52:49 | 000,000,000 | ---D | M] (German Dictionary (Switzerland)) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\fbgnlz8l.default\extensions\de-CH@dictionaries.addons.mozilla.org

[2012.02.06 07:12:38 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\fbgnlz8l.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2012.08.26 10:55:47 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\fbgnlz8l.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi

[2012.02.04 21:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012.02.25 08:32:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)

O4:[b]64bit:[/b] - HKLM..\Run: [HP LaserJet Professional M1530 MFP Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [AdobeBridge]  File not found

O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = C:\Program Files (x86)\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1

O8:[b]64bit:[/b] - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:[b]64bit:[/b] - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:[b]64bit:[/b] - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)

O13[b]64bit:[/b] - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:[b]64bit:[/b] - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61B01DD3-7976-4629-9656-A7D3B9E39E2E}: DhcpNameServer = 10.0.0.1

O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found

O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found

O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (C:\Users\Tom\AppData\Roaming\skype.dat) -  File not found

O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*

O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*

O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

 

[2013.02.15 07:45:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe

[2013.02.13 18:48:48 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013.02.13 18:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.02.13 18:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013.02.13 18:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.02.13 06:49:04 | 000,000,000 | ---D | C] -- C:\NBRT

[2013.02.12 19:13:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64

[2013.02.12 19:13:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A

[2013.02.12 19:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard

[2013.02.12 19:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard

[2013.01.27 13:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Private Tax 2012

[2013.01.25 18:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird

 

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

 

[2013.02.15 07:58:19 | 000,010,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.02.15 07:58:19 | 000,010,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.02.15 07:56:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.02.15 07:46:43 | 000,000,000 | ---- | M] () -- C:\Users\Tom\defogger_reenable

[2013.02.15 07:41:22 | 000,365,568 | ---- | M] () -- C:\Users\Tom\Desktop\gmer_2.0.18454.exe

[2013.02.15 07:40:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe

[2013.02.15 07:40:34 | 000,050,477 | ---- | M] () -- C:\Users\Tom\Desktop\Defogger.exe

[2013.02.15 07:36:32 | 000,739,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.02.15 07:36:32 | 000,622,794 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.02.15 07:36:32 | 000,111,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.02.15 07:35:46 | 001,894,210 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\Cat.DB

[2013.02.15 07:32:23 | 002,908,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.02.13 19:04:46 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.02.13 18:55:27 | 000,000,004 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\skype.ini

[2013.01.27 13:00:26 | 048,420,936 | ---- | M] (Information Factory AG) -- C:\Users\Tom\Documents\ptw11.ck.exe

[2013.01.26 14:23:52 | 000,002,114 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk

[2013.01.25 18:10:05 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\VT20130115.021

[2013.01.23 19:12:10 | 000,002,228 | -H-- | M] () -- C:\Users\Tom\Documents\Default.rdp

 

[color=#E56717]========== Files Created - No Company Name ==========[/color]

 

[2013.02.15 07:46:43 | 000,000,000 | ---- | C] () -- C:\Users\Tom\defogger_reenable

[2013.02.15 07:45:40 | 000,365,568 | ---- | C] () -- C:\Users\Tom\Desktop\gmer_2.0.18454.exe

[2013.02.15 07:45:35 | 000,050,477 | ---- | C] () -- C:\Users\Tom\Desktop\Defogger.exe

[2013.02.12 19:13:29 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A\isolate.ini

[2013.02.12 18:46:16 | 000,000,004 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\skype.ini

[2012.02.24 17:17:41 | 000,007,606 | ---- | C] () -- C:\Users\Tom\AppData\Local\Resmon.ResmonCfg

[2012.02.04 22:35:16 | 000,000,079 | ---- | C] () -- C:\Users\Tom\AppData\Local\CrystalDiskMark30.ini

 

[color=#E56717]========== ZeroAccess Check ==========[/color]

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.01.08 19:44:32 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

[color=#E56717]========== LOP Check ==========[/color]

 

[2012.02.05 10:24:37 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ImgBurn

[2012.02.09 07:12:21 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Information Factory

[2012.04.22 12:08:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PersBackup5

[2012.02.04 21:27:52 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Thunderbird

[2012.02.16 18:52:27 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TrueCrypt

 

[color=#E56717]========== Purity Check ==========[/color]

 

 

 
< End of report >

die restlichen Log-files (OTL Extra und Gmer) sind im Anhang

Freundliche Grüsse
Thomas

cosinus · 15.02.2013, 11:43

Hallo und

Die Logs bitte nicht in PHP oder anderen Tags sondern nur in CODE-Tags posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

tomuhl · 15.02.2013, 18:14

Hallo cosinus,

vielen herzlichen Dank für die schnelle Hilfe.

hier das erste Log file zu MBAR

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tom :: SONEA [administrator]

15.02.2013 17:50:28
mbar-log-2013-02-15 (17-50-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30853
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Users\Tom\AppData\Roaming\skype.dat -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MBAR hat allerdings keinen Neustart verlangt, so hab ich selber den Computer neu gestartet.

Das zweite Log file zu MBAR

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tom :: SONEA [administrator]

15.02.2013 17:58:40
mbar-log-2013-02-15 (17-58-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30803
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswMBR läuft allerdings nicht durch und stürzt jeweils nach ca 2 Minuten ab.

cosinus · 16.02.2013, 15:30

Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

tomuhl · 16.02.2013, 16:07

Ok, so ist aswMBR problemlos durchgelaufen

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-16 16:04:57
-----------------------------
16:04:57.939    OS Version: Windows x64 6.1.7601 Service Pack 1
16:04:57.939    Number of processors: 4 586 0x170A
16:04:57.939    ComputerName: SONEA  UserName: Tom
16:04:58.111    Initialize success
16:05:04.491    AVAST engine defs: 13021500
16:05:15.185    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
16:05:15.185    Disk 0 Vendor: OCZ-AGIL 2.15 Size: 57241MB BusType: 8
16:05:15.185    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000069
16:05:15.185    Disk 1 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 8
16:05:15.185    Disk 2  \Device\Harddisk2\DR2 -> \Device\0000006a
16:05:15.185    Disk 2 Vendor: NVIDIA__  Size: 953877MB BusType: 8
16:05:15.201    Disk 0 MBR read successfully
16:05:15.201    Disk 0 MBR scan
16:05:15.201    Disk 0 Windows 7 default MBR code
16:05:15.201    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        57239 MB offset 2048
16:05:15.217    Disk 0 scanning C:\Windows\system32\drivers
16:05:18.789    Service scanning
16:05:28.120    Modules scanning
16:05:28.120    Disk 0 trace - called modules:
16:05:28.120    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 
16:05:28.135    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007168060]
16:05:28.135    3 CLASSPNP.SYS[fffff8800117743f] -> nt!IofCallDriver -> [0xfffffa8006d29c40]
16:05:28.135    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000066[0xfffffa8006f20060]
16:05:28.135    Scan finished successfully
16:05:47.823    Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\MBR.dat"
16:05:47.838    The log file has been saved successfully to "C:\Users\Tom\Desktop\aswMBR.txt"

cosinus · 16.02.2013, 18:37

tdsskiller

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

tomuhl · 16.02.2013, 19:11

Ok, das entsprechende Log file zum tdsskiller.

Code:

ATTFilter

19:07:33.0824 4664  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:07:34.0058 4664  ============================================================
19:07:34.0058 4664  Current date / time: 2013/02/16 19:07:34.0058
19:07:34.0058 4664  SystemInfo:
19:07:34.0058 4664  
19:07:34.0058 4664  OS Version: 6.1.7601 ServicePack: 1.0
19:07:34.0058 4664  Product type: Workstation
19:07:34.0058 4664  ComputerName: SONEA
19:07:34.0058 4664  UserName: Tom
19:07:34.0058 4664  Windows directory: C:\Windows
19:07:34.0058 4664  System windows directory: C:\Windows
19:07:34.0058 4664  Running under WOW64
19:07:34.0058 4664  Processor architecture: Intel x64
19:07:34.0058 4664  Number of processors: 4
19:07:34.0058 4664  Page size: 0x1000
19:07:34.0058 4664  Boot type: Normal boot
19:07:34.0058 4664  ============================================================
19:07:34.0292 4664  Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:07:34.0292 4664  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:07:34.0292 4664  Drive \Device\Harddisk2\DR2 - Size: 0xE8E15E0000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB02, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:07:34.0292 4664  ============================================================
19:07:34.0292 4664  \Device\Harddisk0\DR0:
19:07:34.0292 4664  MBR partitions:
19:07:34.0292 4664  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCB800
19:07:34.0292 4664  \Device\Harddisk1\DR1:
19:07:34.0292 4664  MBR partitions:
19:07:34.0292 4664  \Device\Harddisk2\DR2:
19:07:34.0292 4664  MBR partitions:
19:07:34.0292 4664  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:07:34.0292 4664  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9C0D800
19:07:34.0292 4664  \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0x9C40800, BlocksNum 0x6AAC9000
19:07:34.0292 4664  ============================================================
19:07:34.0292 4664  C: <-> \Device\Harddisk0\DR0\Partition1
19:07:34.0324 4664  Z: <-> \Device\Harddisk2\DR2\Partition2
19:07:34.0339 4664  D: <-> \Device\Harddisk2\DR2\Partition3
19:07:34.0355 4664  ============================================================
19:07:34.0355 4664  Initialize success
19:07:34.0355 4664  ============================================================
19:07:42.0592 4740  ============================================================
19:07:42.0592 4740  Scan started
19:07:42.0592 4740  Mode: Manual; SigCheck; TDLFS; 
19:07:42.0592 4740  ============================================================
19:07:42.0685 4740  ================ Scan system memory ========================
19:07:42.0685 4740  System memory - ok
19:07:42.0685 4740  ================ Scan services =============================
19:07:42.0732 4740  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:07:42.0779 4740  1394ohci - ok
19:07:42.0794 4740  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
19:07:42.0810 4740  ACPI - ok
19:07:42.0810 4740  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
19:07:42.0841 4740  AcpiPmi - ok
19:07:42.0841 4740  [ E5568164C070A4988BD79C896920B3C6 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
19:07:42.0857 4740  acsock - ok
19:07:42.0872 4740  [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs            C:\Windows\system32\drivers\adfs.sys
19:07:42.0872 4740  adfs - ok
19:07:42.0888 4740  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:07:42.0888 4740  AdobeARMservice - ok
19:07:42.0919 4740  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:07:42.0935 4740  AdobeFlashPlayerUpdateSvc - ok
19:07:42.0935 4740  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:07:42.0966 4740  adp94xx - ok
19:07:42.0966 4740  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:07:42.0982 4740  adpahci - ok
19:07:42.0997 4740  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:07:43.0013 4740  adpu320 - ok
19:07:43.0013 4740  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:07:43.0106 4740  AeLookupSvc - ok
19:07:43.0106 4740  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:07:43.0138 4740  AFD - ok
19:07:43.0138 4740  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
19:07:43.0153 4740  agp440 - ok
19:07:43.0153 4740  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:07:43.0169 4740  ALG - ok
19:07:43.0184 4740  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
19:07:43.0184 4740  aliide - ok
19:07:43.0200 4740  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
19:07:43.0200 4740  amdide - ok
19:07:43.0216 4740  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:07:43.0231 4740  AmdK8 - ok
19:07:43.0231 4740  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:07:43.0247 4740  AmdPPM - ok
19:07:43.0247 4740  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:07:43.0262 4740  amdsata - ok
19:07:43.0278 4740  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:07:43.0278 4740  amdsbs - ok
19:07:43.0294 4740  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:07:43.0294 4740  amdxata - ok
19:07:43.0309 4740  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:07:43.0387 4740  AppID - ok
19:07:43.0403 4740  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:07:43.0434 4740  AppIDSvc - ok
19:07:43.0434 4740  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:07:43.0465 4740  Appinfo - ok
19:07:43.0465 4740  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:07:43.0481 4740  arc - ok
19:07:43.0481 4740  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:07:43.0496 4740  arcsas - ok
19:07:43.0496 4740  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:07:43.0528 4740  AsyncMac - ok
19:07:43.0543 4740  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
19:07:43.0543 4740  atapi - ok
19:07:43.0559 4740  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:07:43.0606 4740  AudioEndpointBuilder - ok
19:07:43.0606 4740  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:07:43.0652 4740  AudioSrv - ok
19:07:43.0652 4740  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:07:43.0684 4740  AxInstSV - ok
19:07:43.0684 4740  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:07:43.0715 4740  b06bdrv - ok
19:07:43.0715 4740  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:07:43.0730 4740  b57nd60a - ok
19:07:43.0746 4740  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:07:43.0762 4740  BDESVC - ok
19:07:43.0762 4740  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:07:43.0793 4740  Beep - ok
19:07:43.0808 4740  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:07:43.0840 4740  BFE - ok
19:07:43.0871 4740  [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx64.sys
19:07:43.0886 4740  BHDrvx64 - ok
19:07:43.0902 4740  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:07:43.0949 4740  BITS - ok
19:07:43.0949 4740  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:07:43.0964 4740  blbdrive - ok
19:07:43.0964 4740  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:07:43.0980 4740  bowser - ok
19:07:43.0996 4740  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:07:44.0011 4740  BrFiltLo - ok
19:07:44.0027 4740  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:07:44.0027 4740  BrFiltUp - ok
19:07:44.0042 4740  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:07:44.0058 4740  Browser - ok
19:07:44.0058 4740  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:07:44.0074 4740  Brserid - ok
19:07:44.0089 4740  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:07:44.0105 4740  BrSerWdm - ok
19:07:44.0105 4740  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:07:44.0120 4740  BrUsbMdm - ok
19:07:44.0120 4740  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:07:44.0136 4740  BrUsbSer - ok
19:07:44.0136 4740  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:07:44.0152 4740  BTHMODEM - ok
19:07:44.0152 4740  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:07:44.0183 4740  bthserv - ok
19:07:44.0198 4740  [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1402010.016\ccSetx64.sys
19:07:44.0214 4740  ccSet_NIS - ok
19:07:44.0214 4740  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:07:44.0245 4740  cdfs - ok
19:07:44.0245 4740  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:07:44.0261 4740  cdrom - ok
19:07:44.0276 4740  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:07:44.0308 4740  CertPropSvc - ok
19:07:44.0308 4740  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:07:44.0323 4740  circlass - ok
19:07:44.0323 4740  [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC           C:\Windows\system32\CISVC.EXE
19:07:44.0339 4740  CISVC - ok
19:07:44.0354 4740  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:07:44.0370 4740  CLFS - ok
19:07:44.0370 4740  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:07:44.0386 4740  clr_optimization_v2.0.50727_32 - ok
19:07:44.0386 4740  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:07:44.0401 4740  clr_optimization_v2.0.50727_64 - ok
19:07:44.0417 4740  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:07:44.0417 4740  clr_optimization_v4.0.30319_32 - ok
19:07:44.0432 4740  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:07:44.0448 4740  clr_optimization_v4.0.30319_64 - ok
19:07:44.0448 4740  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:07:44.0464 4740  CmBatt - ok
19:07:44.0464 4740  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
19:07:44.0479 4740  cmdide - ok
19:07:44.0479 4740  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:07:44.0510 4740  CNG - ok
19:07:44.0510 4740  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:07:44.0526 4740  Compbatt - ok
19:07:44.0526 4740  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:07:44.0542 4740  CompositeBus - ok
19:07:44.0542 4740  COMSysApp - ok
19:07:44.0557 4740  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:07:44.0573 4740  crcdisk - ok
19:07:44.0573 4740  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:07:44.0588 4740  CryptSvc - ok
19:07:44.0604 4740  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:07:44.0635 4740  DcomLaunch - ok
19:07:44.0635 4740  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:07:44.0682 4740  defragsvc - ok
19:07:44.0682 4740  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:07:44.0713 4740  DfsC - ok
19:07:44.0713 4740  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:07:44.0744 4740  Dhcp - ok
19:07:44.0744 4740  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:07:44.0776 4740  discache - ok
19:07:44.0776 4740  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:07:44.0791 4740  Disk - ok
19:07:44.0791 4740  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:07:44.0807 4740  Dnscache - ok
19:07:44.0822 4740  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:07:44.0854 4740  dot3svc - ok
19:07:44.0854 4740  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:07:44.0885 4740  DPS - ok
19:07:44.0885 4740  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:07:44.0900 4740  drmkaud - ok
19:07:44.0932 4740  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:07:44.0947 4740  DXGKrnl - ok
19:07:44.0947 4740  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:07:44.0994 4740  EapHost - ok
19:07:45.0041 4740  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:07:45.0103 4740  ebdrv - ok
19:07:45.0103 4740  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:07:45.0119 4740  eeCtrl - ok
19:07:45.0119 4740  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:07:45.0134 4740  EFS - ok
19:07:45.0150 4740  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:07:45.0181 4740  ehRecvr - ok
19:07:45.0181 4740  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:07:45.0197 4740  ehSched - ok
19:07:45.0212 4740  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:07:45.0228 4740  elxstor - ok
19:07:45.0244 4740  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:07:45.0244 4740  EraserUtilRebootDrv - ok
19:07:45.0244 4740  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
19:07:45.0259 4740  ErrDev - ok
19:07:45.0275 4740  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:07:45.0306 4740  EventSystem - ok
19:07:45.0306 4740  Exactive - ok
19:07:45.0322 4740  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:07:45.0353 4740  exfat - ok
19:07:45.0353 4740  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:07:45.0400 4740  fastfat - ok
19:07:45.0400 4740  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:07:45.0431 4740  Fax - ok
19:07:45.0431 4740  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:07:45.0446 4740  fdc - ok
19:07:45.0446 4740  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:07:45.0478 4740  fdPHost - ok
19:07:45.0478 4740  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:07:45.0509 4740  FDResPub - ok
19:07:45.0524 4740  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:07:45.0524 4740  FileInfo - ok
19:07:45.0540 4740  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:07:45.0571 4740  Filetrace - ok
19:07:45.0571 4740  Finnigan Auto Log Off - ok
19:07:45.0571 4740  Finnigan Security Server - ok
19:07:45.0571 4740  FinniganDatabaseService - ok
19:07:45.0571 4740  FinniganSecurityService - ok
19:07:45.0587 4740  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:07:45.0602 4740  FLEXnet Licensing Service - ok
19:07:45.0634 4740  [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
19:07:45.0665 4740  FLEXnet Licensing Service 64 - ok
19:07:45.0665 4740  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:07:45.0680 4740  flpydisk - ok
19:07:45.0680 4740  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:07:45.0696 4740  FltMgr - ok
19:07:45.0727 4740  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
19:07:45.0758 4740  FontCache - ok
19:07:45.0758 4740  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:07:45.0774 4740  FontCache3.0.0.0 - ok
19:07:45.0790 4740  [ A9FF65EA14E4CABFCC1BB8ECE111A249 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
19:07:45.0805 4740  ForceWare Intelligent Application Manager (IAM) - ok
19:07:45.0805 4740  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:07:45.0821 4740  FsDepends - ok
19:07:45.0821 4740  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:07:45.0836 4740  Fs_Rec - ok
19:07:45.0836 4740  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:07:45.0868 4740  fvevol - ok
19:07:45.0868 4740  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:07:45.0883 4740  gagp30kx - ok
19:07:45.0883 4740  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:07:45.0883 4740  GEARAspiWDM - ok
19:07:45.0899 4740  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:07:45.0946 4740  gpsvc - ok
19:07:45.0946 4740  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:07:45.0961 4740  hcw85cir - ok
19:07:45.0977 4740  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:07:45.0992 4740  HdAudAddService - ok
19:07:45.0992 4740  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:07:46.0008 4740  HDAudBus - ok
19:07:46.0024 4740  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:07:46.0024 4740  HidBatt - ok
19:07:46.0039 4740  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:07:46.0055 4740  HidBth - ok
19:07:46.0055 4740  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:07:46.0070 4740  HidIr - ok
19:07:46.0070 4740  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:07:46.0102 4740  hidserv - ok
19:07:46.0102 4740  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:07:46.0117 4740  HidUsb - ok
19:07:46.0117 4740  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:07:46.0164 4740  hkmsvc - ok
19:07:46.0164 4740  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:07:46.0180 4740  HomeGroupListener - ok
19:07:46.0180 4740  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:07:46.0195 4740  HomeGroupProvider - ok
19:07:46.0211 4740  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
19:07:46.0226 4740  HpSAMD - ok
19:07:46.0226 4740  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:07:46.0273 4740  HTTP - ok
19:07:46.0273 4740  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:07:46.0289 4740  hwpolicy - ok
19:07:46.0289 4740  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:07:46.0304 4740  i8042prt - ok
19:07:46.0320 4740  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:07:46.0336 4740  iaStorV - ok
19:07:46.0351 4740  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:07:46.0382 4740  idsvc - ok
19:07:46.0382 4740  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130215.001\IDSvia64.sys
19:07:46.0398 4740  IDSVia64 - ok
19:07:46.0398 4740  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:07:46.0414 4740  iirsp - ok
19:07:46.0429 4740  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:07:46.0476 4740  IKEEXT - ok
19:07:46.0476 4740  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
19:07:46.0492 4740  intelide - ok
19:07:46.0492 4740  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:07:46.0507 4740  intelppm - ok
19:07:46.0523 4740  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:07:46.0554 4740  IPBusEnum - ok
19:07:46.0554 4740  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:07:46.0585 4740  IpFilterDriver - ok
19:07:46.0585 4740  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:07:46.0616 4740  iphlpsvc - ok
19:07:46.0616 4740  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:07:46.0632 4740  IPMIDRV - ok
19:07:46.0632 4740  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:07:46.0663 4740  IPNAT - ok
19:07:46.0679 4740  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:07:46.0694 4740  IRENUM - ok
19:07:46.0710 4740  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
19:07:46.0710 4740  isapnp - ok
19:07:46.0726 4740  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:07:46.0741 4740  iScsiPrt - ok
19:07:46.0741 4740  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:07:46.0757 4740  kbdclass - ok
19:07:46.0757 4740  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:07:46.0772 4740  kbdhid - ok
19:07:46.0772 4740  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:07:46.0788 4740  KeyIso - ok
19:07:46.0788 4740  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:07:46.0804 4740  KSecDD - ok
19:07:46.0804 4740  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:07:46.0819 4740  KSecPkg - ok
19:07:46.0819 4740  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:07:46.0850 4740  ksthunk - ok
19:07:46.0866 4740  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:07:46.0897 4740  KtmRm - ok
19:07:46.0913 4740  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:07:46.0944 4740  LanmanServer - ok
19:07:46.0944 4740  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:07:46.0975 4740  LanmanWorkstation - ok
19:07:46.0991 4740  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:07:47.0022 4740  lltdio - ok
19:07:47.0022 4740  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:07:47.0053 4740  lltdsvc - ok
19:07:47.0069 4740  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:07:47.0100 4740  lmhosts - ok
19:07:47.0100 4740  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:07:47.0116 4740  LSI_FC - ok
19:07:47.0116 4740  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:07:47.0131 4740  LSI_SAS - ok
19:07:47.0131 4740  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:07:47.0147 4740  LSI_SAS2 - ok
19:07:47.0147 4740  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:07:47.0162 4740  LSI_SCSI - ok
19:07:47.0162 4740  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:07:47.0194 4740  luafv - ok
19:07:47.0209 4740  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:07:47.0225 4740  Mcx2Svc - ok
19:07:47.0225 4740  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:07:47.0240 4740  megasas - ok
19:07:47.0240 4740  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:07:47.0256 4740  MegaSR - ok
19:07:47.0272 4740  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:07:47.0287 4740  MMCSS - ok
19:07:47.0303 4740  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:07:47.0334 4740  Modem - ok
19:07:47.0334 4740  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:07:47.0350 4740  monitor - ok
19:07:47.0350 4740  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:07:47.0365 4740  mouclass - ok
19:07:47.0365 4740  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:07:47.0381 4740  mouhid - ok
19:07:47.0381 4740  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:07:47.0396 4740  mountmgr - ok
19:07:47.0396 4740  [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:07:47.0412 4740  MozillaMaintenance - ok
19:07:47.0428 4740  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
19:07:47.0428 4740  mpio - ok
19:07:47.0443 4740  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:07:47.0474 4740  mpsdrv - ok
19:07:47.0474 4740  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:07:47.0521 4740  MpsSvc - ok
19:07:47.0537 4740  [ CD22D2563039DDA6793F7624719363A7 ] MQAC            C:\Windows\system32\drivers\mqac.sys
19:07:47.0552 4740  MQAC - ok
19:07:47.0552 4740  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:07:47.0568 4740  MRxDAV - ok
19:07:47.0568 4740  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:07:47.0584 4740  mrxsmb - ok
19:07:47.0599 4740  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:07:47.0615 4740  mrxsmb10 - ok
19:07:47.0615 4740  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:07:47.0630 4740  mrxsmb20 - ok
19:07:47.0646 4740  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
19:07:47.0646 4740  msahci - ok
19:07:47.0662 4740  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
19:07:47.0677 4740  msdsm - ok
19:07:47.0677 4740  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:07:47.0693 4740  MSDTC - ok
19:07:47.0693 4740  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:07:47.0724 4740  Msfs - ok
19:07:47.0724 4740  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:07:47.0755 4740  mshidkmdf - ok
19:07:47.0771 4740  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
19:07:47.0771 4740  msisadrv - ok
19:07:47.0786 4740  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:07:47.0818 4740  MSiSCSI - ok
19:07:47.0818 4740  msiserver - ok
19:07:47.0818 4740  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:07:47.0849 4740  MSKSSRV - ok
19:07:47.0864 4740  [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ            C:\Windows\system32\mqsvc.exe
19:07:47.0864 4740  MSMQ - ok
19:07:47.0880 4740  [ 59ED174FD4314B0218DC91F9BFA6CD3D ] MSMQTriggers    C:\Windows\system32\mqtgsvc.exe
19:07:47.0896 4740  MSMQTriggers - ok
19:07:47.0896 4740  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:07:47.0927 4740  MSPCLOCK - ok
19:07:47.0927 4740  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:07:47.0958 4740  MSPQM - ok
19:07:47.0974 4740  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:07:47.0989 4740  MsRPC - ok
19:07:47.0989 4740  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:07:48.0005 4740  mssmbios - ok
19:07:48.0005 4740  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:07:48.0036 4740  MSTEE - ok
19:07:48.0036 4740  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:07:48.0052 4740  MTConfig - ok
19:07:48.0052 4740  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:07:48.0067 4740  Mup - ok
19:07:48.0083 4740  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:07:48.0114 4740  napagent - ok
19:07:48.0130 4740  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:07:48.0145 4740  NativeWifiP - ok
19:07:48.0145 4740  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130215.034\ENG64.SYS
19:07:48.0161 4740  NAVENG - ok
19:07:48.0192 4740  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130215.034\EX64.SYS
19:07:48.0223 4740  NAVEX15 - ok
19:07:48.0239 4740  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:07:48.0270 4740  NDIS - ok
19:07:48.0270 4740  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:07:48.0301 4740  NdisCap - ok
19:07:48.0301 4740  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:07:48.0332 4740  NdisTapi - ok
19:07:48.0332 4740  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:07:48.0364 4740  Ndisuio - ok
19:07:48.0379 4740  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:07:48.0410 4740  NdisWan - ok
19:07:48.0410 4740  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:07:48.0442 4740  NDProxy - ok
19:07:48.0442 4740  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:07:48.0442 4740  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:07:48.0442 4740  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:07:48.0457 4740  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:07:48.0488 4740  NetBIOS - ok
19:07:48.0488 4740  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:07:48.0520 4740  NetBT - ok
19:07:48.0520 4740  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:07:48.0535 4740  Netlogon - ok
19:07:48.0551 4740  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:07:48.0582 4740  Netman - ok
19:07:48.0598 4740  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:07:48.0629 4740  netprofm - ok
19:07:48.0629 4740  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:07:48.0644 4740  NetTcpPortSharing - ok
19:07:48.0644 4740  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:07:48.0660 4740  nfrd960 - ok
19:07:48.0676 4740  [ 4BA84C832E0741A294C4444556DFE993 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
19:07:48.0676 4740  NIS - ok
19:07:48.0691 4740  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:07:48.0707 4740  NlaSvc - ok
19:07:48.0707 4740  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:07:48.0738 4740  Npfs - ok
19:07:48.0754 4740  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:07:48.0769 4740  nsi - ok
19:07:48.0785 4740  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:07:48.0816 4740  nsiproxy - ok
19:07:48.0816 4740  [ C04F5DEF37E55F6A34428B050F44D3D6 ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
19:07:48.0832 4740  nSvcIp - ok
19:07:48.0847 4740  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:07:48.0894 4740  Ntfs - ok
19:07:48.0894 4740  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:07:48.0925 4740  Null - ok
19:07:48.0941 4740  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
19:07:48.0956 4740  NVENETFD - ok
19:07:49.0159 4740  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:07:49.0331 4740  nvlddmkm - ok
19:07:49.0346 4740  [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
19:07:49.0362 4740  NVNET - ok
19:07:49.0362 4740  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:07:49.0378 4740  nvraid - ok
19:07:49.0393 4740  [ 05C69A2E1DA96540B0B4E4FA7E9534C7 ] nvrd64          C:\Windows\system32\DRIVERS\nvrd64.sys
19:07:49.0393 4740  nvrd64 - ok
19:07:49.0409 4740  [ AFDE3015BB8D76E26BEC3B287C5443A0 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
19:07:49.0409 4740  nvsmu - ok
19:07:49.0424 4740  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:07:49.0424 4740  nvstor - ok
19:07:49.0440 4740  [ B12A86120B5D3292D704B5DF56538121 ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
19:07:49.0456 4740  nvstor64 - ok
19:07:49.0471 4740  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:07:49.0502 4740  nvsvc - ok
19:07:49.0518 4740  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:07:49.0549 4740  nvUpdatusService - ok
19:07:49.0565 4740  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
19:07:49.0580 4740  nv_agp - ok
19:07:49.0580 4740  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:07:49.0596 4740  ohci1394 - ok
19:07:49.0596 4740  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:07:49.0612 4740  ose - ok
19:07:49.0690 4740  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:07:49.0799 4740  osppsvc - ok
19:07:49.0814 4740  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:07:49.0830 4740  p2pimsvc - ok
19:07:49.0846 4740  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:07:49.0861 4740  p2psvc - ok
19:07:49.0861 4740  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:07:49.0877 4740  Parport - ok
19:07:49.0877 4740  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:07:49.0892 4740  partmgr - ok
19:07:49.0892 4740  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:07:49.0924 4740  PcaSvc - ok
19:07:49.0924 4740  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\DRIVERS\pci.sys
19:07:49.0939 4740  pci - ok
19:07:49.0939 4740  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
19:07:49.0955 4740  pciide - ok
19:07:49.0955 4740  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:07:49.0970 4740  pcmcia - ok
19:07:49.0970 4740  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:07:49.0986 4740  pcw - ok
19:07:50.0002 4740  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:07:50.0048 4740  PEAUTH - ok
19:07:50.0064 4740  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:07:50.0080 4740  PerfHost - ok
19:07:50.0111 4740  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:07:50.0158 4740  pla - ok
19:07:50.0173 4740  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:07:50.0189 4740  PlugPlay - ok
19:07:50.0189 4740  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:07:50.0204 4740  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:07:50.0204 4740  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:07:50.0204 4740  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:07:50.0220 4740  PNRPAutoReg - ok
19:07:50.0220 4740  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:07:50.0236 4740  PNRPsvc - ok
19:07:50.0251 4740  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:07:50.0282 4740  PolicyAgent - ok
19:07:50.0298 4740  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:07:50.0329 4740  Power - ok
19:07:50.0329 4740  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:07:50.0360 4740  PptpMiniport - ok
19:07:50.0360 4740  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:07:50.0376 4740  Processor - ok
19:07:50.0392 4740  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:07:50.0407 4740  ProfSvc - ok
19:07:50.0407 4740  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:07:50.0423 4740  ProtectedStorage - ok
19:07:50.0423 4740  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:07:50.0454 4740  Psched - ok
19:07:50.0485 4740  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:07:50.0516 4740  ql2300 - ok
19:07:50.0516 4740  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:07:50.0532 4740  ql40xx - ok
19:07:50.0548 4740  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:07:50.0563 4740  QWAVE - ok
19:07:50.0563 4740  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:07:50.0579 4740  QWAVEdrv - ok
19:07:50.0594 4740  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:07:50.0626 4740  RasAcd - ok
19:07:50.0626 4740  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:07:50.0657 4740  RasAgileVpn - ok
19:07:50.0657 4740  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:07:50.0688 4740  RasAuto - ok
19:07:50.0688 4740  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:07:50.0719 4740  Rasl2tp - ok
19:07:50.0735 4740  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:07:50.0766 4740  RasMan - ok
19:07:50.0782 4740  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:07:50.0813 4740  RasPppoe - ok
19:07:50.0813 4740  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:07:50.0844 4740  RasSstp - ok
19:07:50.0860 4740  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:07:50.0891 4740  rdbss - ok
19:07:50.0891 4740  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:07:50.0906 4740  rdpbus - ok
19:07:50.0906 4740  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:07:50.0938 4740  RDPCDD - ok
19:07:50.0938 4740  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:07:50.0969 4740  RDPENCDD - ok
19:07:50.0984 4740  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:07:51.0016 4740  RDPREFMP - ok
19:07:51.0016 4740  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:07:51.0031 4740  RdpVideoMiniport - ok
19:07:51.0031 4740  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:07:51.0047 4740  RDPWD - ok
19:07:51.0062 4740  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:07:51.0078 4740  rdyboost - ok
19:07:51.0078 4740  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:07:51.0109 4740  RemoteAccess - ok
19:07:51.0109 4740  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:07:51.0156 4740  RemoteRegistry - ok
19:07:51.0156 4740  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:07:51.0187 4740  RpcEptMapper - ok
19:07:51.0187 4740  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:07:51.0203 4740  RpcLocator - ok
19:07:51.0218 4740  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:07:51.0250 4740  RpcSs - ok
19:07:51.0250 4740  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:07:51.0281 4740  rspndr - ok
19:07:51.0296 4740  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:07:51.0296 4740  SamSs - ok
19:07:51.0312 4740  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
19:07:51.0312 4740  sbp2port - ok
19:07:51.0328 4740  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:07:51.0359 4740  SCardSvr - ok
19:07:51.0359 4740  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:07:51.0390 4740  scfilter - ok
19:07:51.0421 4740  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:07:51.0468 4740  Schedule - ok
19:07:51.0468 4740  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:07:51.0499 4740  SCPolicySvc - ok
19:07:51.0499 4740  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:07:51.0515 4740  SDRSVC - ok
19:07:51.0515 4740  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:07:51.0546 4740  secdrv - ok
19:07:51.0562 4740  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:07:51.0593 4740  seclogon - ok
19:07:51.0593 4740  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:07:51.0624 4740  SENS - ok
19:07:51.0624 4740  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:07:51.0640 4740  SensrSvc - ok
19:07:51.0640 4740  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:07:51.0655 4740  Serenum - ok
19:07:51.0671 4740  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:07:51.0671 4740  Serial - ok
19:07:51.0686 4740  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:07:51.0686 4740  sermouse - ok
19:07:51.0702 4740  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:07:51.0733 4740  SessionEnv - ok
19:07:51.0733 4740  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
19:07:51.0749 4740  sffdisk - ok
19:07:51.0764 4740  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:07:51.0780 4740  sffp_mmc - ok
19:07:51.0780 4740  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
19:07:51.0796 4740  sffp_sd - ok
19:07:51.0796 4740  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:07:51.0811 4740  sfloppy - ok
19:07:51.0811 4740  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:07:51.0858 4740  SharedAccess - ok
19:07:51.0858 4740  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:07:51.0905 4740  ShellHWDetection - ok
19:07:51.0905 4740  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:07:51.0920 4740  SiSRaid2 - ok
19:07:51.0920 4740  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:07:51.0936 4740  SiSRaid4 - ok
19:07:51.0936 4740  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:07:51.0967 4740  Smb - ok
19:07:51.0983 4740  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:07:51.0983 4740  SNMPTRAP - ok
19:07:51.0998 4740  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:07:51.0998 4740  spldr - ok
19:07:52.0014 4740  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:07:52.0045 4740  Spooler - ok
19:07:52.0108 4740  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:07:52.0186 4740  sppsvc - ok
19:07:52.0186 4740  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:07:52.0217 4740  sppuinotify - ok
19:07:52.0232 4740  [ D8B882C520FC83547E22014FF5EC66D7 ] Spyder3         C:\Windows\system32\DRIVERS\Spyder3.sys
19:07:52.0232 4740  Spyder3 - ok
19:07:52.0248 4740  [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP           C:\Windows\System32\Drivers\NISx64\1402010.016\SRTSP64.SYS
19:07:52.0264 4740  SRTSP - ok
19:07:52.0279 4740  [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX          C:\Windows\system32\drivers\NISx64\1402010.016\SRTSPX64.SYS
19:07:52.0279 4740  SRTSPX - ok
19:07:52.0295 4740  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:07:52.0310 4740  srv - ok
19:07:52.0326 4740  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:07:52.0342 4740  srv2 - ok
19:07:52.0357 4740  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:07:52.0373 4740  srvnet - ok
19:07:52.0373 4740  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:07:52.0404 4740  SSDPSRV - ok
19:07:52.0404 4740  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:07:52.0435 4740  SstpSvc - ok
19:07:52.0451 4740  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:07:52.0466 4740  Stereo Service - ok
19:07:52.0466 4740  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:07:52.0482 4740  stexstor - ok
19:07:52.0482 4740  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
19:07:52.0498 4740  StillCam - ok
19:07:52.0513 4740  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:07:52.0544 4740  stisvc - ok
19:07:52.0544 4740  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:07:52.0544 4740  swenum - ok
19:07:52.0560 4740  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:07:52.0607 4740  swprv - ok
19:07:52.0607 4740  [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS           C:\Windows\system32\drivers\NISx64\1402010.016\SYMDS64.SYS
19:07:52.0622 4740  SymDS - ok
19:07:52.0638 4740  [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA          C:\Windows\system32\drivers\NISx64\1402010.016\SYMEFA64.SYS
19:07:52.0669 4740  SymEFA - ok
19:07:52.0669 4740  [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:07:52.0685 4740  SymEvent - ok
19:07:52.0685 4740  [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON         C:\Windows\system32\drivers\NISx64\1402010.016\Ironx64.SYS
19:07:52.0700 4740  SymIRON - ok
19:07:52.0716 4740  [ 1605EBD8CB86AFC4430116065995279A ] SymNetS         C:\Windows\System32\Drivers\NISx64\1402010.016\SYMNETS.SYS
19:07:52.0732 4740  SymNetS - ok
19:07:52.0747 4740  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:07:52.0794 4740  SysMain - ok
19:07:52.0810 4740  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:07:52.0825 4740  TabletInputService - ok
19:07:52.0825 4740  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:07:52.0872 4740  TapiSrv - ok
19:07:52.0872 4740  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:07:52.0903 4740  TBS - ok
19:07:52.0934 4740  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:07:52.0981 4740  Tcpip - ok
19:07:53.0012 4740  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:07:53.0044 4740  TCPIP6 - ok
19:07:53.0044 4740  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:07:53.0059 4740  tcpipreg - ok
19:07:53.0059 4740  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:07:53.0075 4740  TDPIPE - ok
19:07:53.0075 4740  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:07:53.0090 4740  TDTCP - ok
19:07:53.0090 4740  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:07:53.0122 4740  tdx - ok
19:07:53.0137 4740  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:07:53.0137 4740  TermDD - ok
19:07:53.0153 4740  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:07:53.0200 4740  TermService - ok
19:07:53.0200 4740  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:07:53.0215 4740  Themes - ok
19:07:53.0215 4740  Thermo.Foundation.Acquisition.Service.Monitor - ok
19:07:53.0231 4740  ThermoFisher.Foundation.AcquisitionService - ok
19:07:53.0231 4740  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:07:53.0262 4740  THREADORDER - ok
19:07:53.0262 4740  TMODevMsgDispatcher - ok
19:07:53.0262 4740  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:07:53.0309 4740  TrkWks - ok
19:07:53.0309 4740  [ 370A6907DDF79532A39319492B1FA38A ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
19:07:53.0324 4740  truecrypt - ok
19:07:53.0324 4740  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:07:53.0356 4740  TrustedInstaller - ok
19:07:53.0371 4740  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:07:53.0402 4740  tssecsrv - ok
19:07:53.0402 4740  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:07:53.0418 4740  TsUsbFlt - ok
19:07:53.0418 4740  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:07:53.0434 4740  TsUsbGD - ok
19:07:53.0434 4740  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:07:53.0465 4740  tunnel - ok
19:07:53.0480 4740  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:07:53.0480 4740  uagp35 - ok
19:07:53.0496 4740  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:07:53.0527 4740  udfs - ok
19:07:53.0543 4740  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:07:53.0558 4740  UI0Detect - ok
19:07:53.0558 4740  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
19:07:53.0574 4740  uliagpkx - ok
19:07:53.0574 4740  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:07:53.0590 4740  umbus - ok
19:07:53.0590 4740  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:07:53.0605 4740  UmPass - ok
19:07:53.0605 4740  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:07:53.0652 4740  upnphost - ok
19:07:53.0652 4740  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:07:53.0668 4740  usbccgp - ok
19:07:53.0668 4740  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
19:07:53.0683 4740  usbcir - ok
19:07:53.0699 4740  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:07:53.0699 4740  usbehci - ok
19:07:53.0714 4740  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:07:53.0730 4740  usbhub - ok
19:07:53.0746 4740  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:07:53.0746 4740  usbohci - ok
19:07:53.0761 4740  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:07:53.0777 4740  usbprint - ok
19:07:53.0777 4740  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:07:53.0792 4740  usbscan - ok
19:07:53.0792 4740  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:07:53.0808 4740  USBSTOR - ok
19:07:53.0808 4740  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:07:53.0824 4740  usbuhci - ok
19:07:53.0824 4740  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:07:53.0855 4740  UxSms - ok
19:07:53.0870 4740  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:07:53.0870 4740  VaultSvc - ok
19:07:53.0886 4740  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
19:07:53.0886 4740  vdrvroot - ok
19:07:53.0902 4740  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:07:53.0948 4740  vds - ok
19:07:53.0948 4740  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:07:53.0964 4740  vga - ok
19:07:53.0964 4740  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:07:53.0995 4740  VgaSave - ok
19:07:53.0995 4740  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
19:07:54.0011 4740  vhdmp - ok
19:07:54.0026 4740  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
19:07:54.0026 4740  viaide - ok
19:07:54.0026 4740  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
19:07:54.0042 4740  volmgr - ok
19:07:54.0058 4740  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:07:54.0073 4740  volmgrx - ok
19:07:54.0073 4740  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
19:07:54.0089 4740  volsnap - ok
19:07:54.0104 4740  [ 18507BDC6C15BD464DE9AB18B6AF1C23 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
19:07:54.0120 4740  vpnagent - ok
19:07:54.0136 4740  [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
19:07:54.0136 4740  vpnva - ok
19:07:54.0151 4740  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:07:54.0167 4740  vsmraid - ok
19:07:54.0182 4740  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:07:54.0245 4740  VSS - ok
19:07:54.0245 4740  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:07:54.0260 4740  vwifibus - ok
19:07:54.0276 4740  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:07:54.0307 4740  W32Time - ok
19:07:54.0307 4740  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:07:54.0323 4740  WacomPen - ok
19:07:54.0323 4740  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:07:54.0354 4740  WANARP - ok
19:07:54.0370 4740  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:07:54.0385 4740  Wanarpv6 - ok
19:07:54.0416 4740  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:07:54.0448 4740  WatAdminSvc - ok
19:07:54.0479 4740  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:07:54.0510 4740  wbengine - ok
19:07:54.0526 4740  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:07:54.0541 4740  WbioSrvc - ok
19:07:54.0541 4740  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:07:54.0572 4740  wcncsvc - ok
19:07:54.0572 4740  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:07:54.0588 4740  WcsPlugInService - ok
19:07:54.0588 4740  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:07:54.0604 4740  Wd - ok
19:07:54.0619 4740  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:07:54.0650 4740  Wdf01000 - ok
19:07:54.0650 4740  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:07:54.0682 4740  WdiServiceHost - ok
19:07:54.0682 4740  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:07:54.0697 4740  WdiSystemHost - ok
19:07:54.0713 4740  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:07:54.0728 4740  WebClient - ok
19:07:54.0744 4740  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:07:54.0775 4740  Wecsvc - ok
19:07:54.0775 4740  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:07:54.0806 4740  wercplsupport - ok
19:07:54.0822 4740  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:07:54.0853 4740  WerSvc - ok
19:07:54.0853 4740  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:07:54.0884 4740  WfpLwf - ok
19:07:54.0884 4740  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:07:54.0900 4740  WIMMount - ok
19:07:54.0900 4740  WinDefend - ok
19:07:54.0900 4740  WinHttpAutoProxySvc - ok
19:07:54.0916 4740  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:07:54.0947 4740  Winmgmt - ok
19:07:54.0978 4740  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:07:55.0040 4740  WinRM - ok
19:07:55.0056 4740  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:07:55.0072 4740  WinUsb - ok
19:07:55.0087 4740  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:07:55.0103 4740  Wlansvc - ok
19:07:55.0150 4740  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:07:55.0196 4740  wlidsvc - ok
19:07:55.0196 4740  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:07:55.0212 4740  WmiAcpi - ok
19:07:55.0228 4740  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:07:55.0243 4740  wmiApSrv - ok
19:07:55.0243 4740  WMPNetworkSvc - ok
19:07:55.0243 4740  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:07:55.0259 4740  WPCSvc - ok
19:07:55.0259 4740  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:07:55.0274 4740  WPDBusEnum - ok
19:07:55.0274 4740  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:07:55.0306 4740  ws2ifsl - ok
19:07:55.0321 4740  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:07:55.0337 4740  wscsvc - ok
19:07:55.0337 4740  WSearch - ok
19:07:55.0368 4740  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:07:55.0430 4740  wuauserv - ok
19:07:55.0430 4740  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:07:55.0446 4740  WudfPf - ok
19:07:55.0446 4740  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:07:55.0462 4740  WUDFRd - ok
19:07:55.0462 4740  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:07:55.0477 4740  wudfsvc - ok
19:07:55.0493 4740  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:07:55.0508 4740  WwanSvc - ok
19:07:55.0508 4740  ================ Scan global ===============================
19:07:55.0524 4740  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:07:55.0524 4740  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:07:55.0540 4740  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:07:55.0540 4740  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:07:55.0540 4740  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:07:55.0555 4740  [Global] - ok
19:07:55.0555 4740  ================ Scan MBR ==================================
19:07:55.0555 4740  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:07:55.0586 4740  \Device\Harddisk0\DR0 - ok
19:07:55.0586 4740  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:07:55.0633 4740  \Device\Harddisk1\DR1 - ok
19:07:55.0633 4740  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
19:07:55.0867 4740  \Device\Harddisk2\DR2 - ok
19:07:55.0867 4740  ================ Scan VBR ==================================
19:07:55.0867 4740  [ CDBB4112D6091FEF6EB9B121B9902B67 ] \Device\Harddisk0\DR0\Partition1
19:07:55.0883 4740  \Device\Harddisk0\DR0\Partition1 - ok
19:07:55.0898 4740  [ 7A282A25B62C2A0F0AE57BA7227E051B ] \Device\Harddisk2\DR2\Partition1
19:07:55.0898 4740  \Device\Harddisk2\DR2\Partition1 - ok
19:07:55.0914 4740  [ BE00D704D5127B474C0D5E7E23B9C649 ] \Device\Harddisk2\DR2\Partition2
19:07:55.0914 4740  \Device\Harddisk2\DR2\Partition2 - ok
19:07:55.0930 4740  [ C015333ACE1F5D31F3A9B02D582032A2 ] \Device\Harddisk2\DR2\Partition3
19:07:55.0930 4740  \Device\Harddisk2\DR2\Partition3 - ok
19:07:55.0930 4740  ============================================================
19:07:55.0930 4740  Scan finished
19:07:55.0930 4740  ============================================================
19:07:55.0930 4636  Detected object count: 2
19:07:55.0930 4636  Actual detected object count: 2
19:08:08.0176 4636  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:08.0176 4636  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:08:08.0176 4636  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:08.0176 4636  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:08:16.0444 1776  Deinitialize success

cosinus · 16.02.2013, 19:59

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

tomuhl · 17.02.2013, 10:24

Ok, ComboFix auch durchgelaufen. Hier ist das entsprechende Log-File

Code:

ATTFilter

ComboFix 13-02-15.01 - Tom 17.02.2013   9:49.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.41.1033.18.7167.5638 [GMT 1:00]
ausgeführt von:: c:\users\Tom\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tom\AppData\Roaming\skype.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-17 bis 2013-02-17  ))))))))))))))))))))))))))))))
.
.
2013-02-17 08:53 . 2013-02-17 08:53	--------	d-----w-	c:\users\Xcalibur_System\AppData\Local\temp
2013-02-17 08:53 . 2013-02-17 08:53	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-02-17 08:53 . 2013-02-17 08:53	--------	d-----w-	c:\users\UpdatusUser.SONEA\AppData\Local\temp
2013-02-17 08:53 . 2013-02-17 08:53	--------	d-----w-	c:\users\Sonja\AppData\Local\temp
2013-02-17 08:53 . 2013-02-17 08:53	--------	d-----w-	c:\users\ExactiveUser\AppData\Local\temp
2013-02-17 08:53 . 2013-02-17 08:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-17 08:40 . 2009-08-19 22:50	24416	----a-r-	c:\windows\system32\AdobePDFUI.dll
2013-02-15 08:24 . 2013-02-15 08:24	--------	d-----w-	c:\program files (x86)\7-Zip
2013-02-15 06:35 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 06:35 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:49 . 2013-02-13 17:49	--------	d-----w-	c:\users\Sonja\AppData\Roaming\Malwarebytes
2013-02-13 17:48 . 2013-02-13 17:48	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-13 17:48 . 2013-02-13 17:48	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-13 17:48 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-13 17:48 . 2013-02-13 17:48	--------	d-----w-	c:\users\Sonja\AppData\Local\Programs
2013-02-13 16:47 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 16:47 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 16:47 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 16:47 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 16:47 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 16:47 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 16:47 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 16:47 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 16:47 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 16:47 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 16:47 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 16:47 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 05:49 . 2013-02-13 05:52	--------	d-----w-	C:\NBRT
2013-02-12 18:13 . 2012-07-26 05:32	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-02-12 18:13 . 2012-07-26 05:32	125872	----a-w-	c:\windows\system32\GEARAspi64.dll
2013-02-12 18:13 . 2012-07-26 05:32	106928	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2013-02-12 18:13 . 2013-02-12 18:13	--------	d-----w-	c:\windows\system32\drivers\NBRTWizardx64
2013-02-12 18:13 . 2013-02-12 18:13	--------	d-----w-	c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2013-01-27 12:02 . 2013-01-27 12:02	--------	d-----w-	c:\program files (x86)\Private Tax 2012
2013-01-25 17:12 . 2013-01-26 13:23	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-01-23 16:56 . 2013-01-25 17:10	--------	d-----w-	c:\windows\system32\drivers\NISx64\1402010.016
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-17 08:55 . 2012-02-25 08:20	4194304	----a-w-	c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-02-14 17:18 . 2012-02-04 19:13	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-12 18:04 . 2012-05-28 14:50	697712	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-12 18:04 . 2012-02-05 14:23	74096	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-04 04:43 . 2013-02-13 16:47	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-29 09:08 . 2012-12-29 09:08	177312	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-12-16 17:11 . 2012-12-21 16:29	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 16:29	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 16:29	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 16:29	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-10 16:48	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-10 16:48	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-10 16:48	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-10 16:48	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-10 16:48	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-10 16:48	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-10 16:48	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-10 16:48	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-10 16:48	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-10 16:48	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-10 16:48	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-10 16:48	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-10 16:48	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-10 16:48	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-10 16:48	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-10 16:48	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-10 16:48	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-10 16:48	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-10 16:48	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-10 16:48	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-10 16:48	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-10 16:48	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-10 16:48	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-10 16:48	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-10 16:48	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-10 16:48	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-10 16:48	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-10 16:48	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-10 16:48	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-10 16:48	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-10 16:48	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-10 16:48	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-11-30 05:45 . 2013-01-10 16:48	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-10 16:48	243200	----a-w-	c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-10 16:48	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-10 16:48	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-10 16:48	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-10 16:48	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-10 16:48	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-10 16:48	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-10 16:48	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-12-19 44280]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-12-18 642816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Persbackup.lnk - c:\program files (x86)\Personal Backup 5\Persbackup.exe [2012-4-22 5662720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe [2010-7-26 7667970]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-06-07 107432]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-05 1038088]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2010-03-30 15360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-04 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1402010.016\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1402010.016\SYMEFA64.SYS [2012-10-04 1133216]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1402010.016\ccSetx64.sys [2012-08-20 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130215.001\IDSvia64.sys [2012-12-28 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1402010.016\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1402010.016\SYMNETS.SYS [2012-09-07 432800]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Exactive;Thermo Exactive;g:\software\bin\ExactiveService.exe [2011-11-03 315904]
S2 Finnigan Auto Log Off;Thermo Foundation AutoLogoffService;g:\software\FinAutoLogOff.exe [2011-08-16 24576]
S2 Finnigan Security Server;Finnigan Security Server;g:\software\system\programs\finSS_Server.exe [2011-08-12 65536]
S2 FinniganDatabaseService;Thermo Foundation DatabaseService;g:\software\CFRDBService.exe [2011-08-16 40960]
S2 FinniganSecurityService;Thermo Foundation SecurityService;g:\software\ThermoFisher.Foundation.Auditing.FinSecurityService.exe [2011-08-16 24576]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 143928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 Thermo.Foundation.Acquisition.Service.Monitor;Thermo Foundation Acquisition Service Monitor;g:\software\ThermoFisher.Foundation.AcquisitionMonitor.exe [2011-08-16 22528]
S2 ThermoFisher.Foundation.AcquisitionService;Thermo Foundation Acquisition;g:\software\ThermoFisher.Foundation.AcquisitionService.exe [2011-08-16 282624]
S2 TMODevMsgDispatcher;TMODevMsgDispatcher;g:\software\TMODeviceMsgDispatcher.exe [2011-08-16 18432]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-06-07 478712]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-29 138912]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 18:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP LaserJet Professional M1530 MFP Series Fax"="c:\program files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 3706424]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\fbgnlz8l.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-17  10:06:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-17 09:06
.
Vor Suchlauf: 9'852'555'264 bytes free
Nach Suchlauf: 9'480'339'456 bytes free
.
- - End Of File - - F1E686C6637767184DF3BF4C44B24D85

cosinus · 18.02.2013, 16:41

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

tomuhl · 18.02.2013, 17:58

Hallo cosinus,

ich hoffe dein Start in die neue Woche war soweit gut.

hier die nächsten Log files:

AdwCleaner

Code:

ATTFilter

# AdwCleaner v2.112 - Logfile created 02/18/2013 at 17:42:38
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tom - SONEA
# Boot Mode : Normal
# Running from : C:\Users\Tom\Desktop\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (de)

File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\fbgnlz8l.default\prefs.js

[OK] File is clean.

File : C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\pnov5m7r.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [773 octets] - [18/02/2013 17:42:38]

########## EOF - C:\AdwCleaner[S1].txt - [832 octets] ##########

und OTL

Code:

ATTFilter

OTL logfile created on: 18.02.2013 17:49:41 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
7.00 Gb Total Physical Memory | 5.55 Gb Available Physical Memory | 79.28% Memory free
10.90 Gb Paging File | 9.35 Gb Available in Paging File | 85.71% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.90 Gb Total Space | 9.06 Gb Free Space | 16.22% Space Free | Partition Type: NTFS
Drive D: | 853.39 Gb Total Space | 645.48 Gb Free Space | 75.64% Space Free | Partition Type: NTFS
Drive G: | 69.34 Gb Total Space | 29.42 Gb Free Space | 42.43% Space Free | Partition Type: NTFS
Drive X: | 853.51 Gb Total Space | 760.93 Gb Free Space | 89.15% Space Free | Partition Type: NTFS
Drive Y: | 8.66 Gb Total Space | 6.01 Gb Free Space | 69.39% Space Free | Partition Type: NTFS
Drive Z: | 78.03 Gb Total Space | 71.12 Gb Free Space | 91.15% Space Free | Partition Type: NTFS
 
Computer Name: SONEA | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - G:\Software\bin\ExactiveService.exe (Thermo Fisher Scientific Inc.)
PRC - G:\Software\ThermoFisher.Foundation.AcquisitionService.exe (Thermo Fisher Scientific Inc.)
PRC - G:\Software\ThermoFisher.Foundation.AcquisitionMonitor.exe (Thermo Fisher Scientific Inc.)
PRC - G:\Software\CFRDBService.exe (Thermo Fisher Scientific Inc.)
PRC - G:\Software\ThermoFisher.Foundation.Auditing.FinSecurityService.exe (Thermo Fisher Scientific Inc.)
PRC - G:\Software\FinAutoLogOff.exe (Thermo Fisher Scientific Inc.)
PRC - G:\Software\TMODeviceMsgDispatcher.exe (Thermo Fisher Scientific Inc.)
PRC - G:\Software\system\programs\finSS_Server.exe (Thermo Electron Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\wincfi39.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Exactive) -- G:\Software\bin\ExactiveService.exe (Thermo Fisher Scientific Inc.)
SRV - (ThermoFisher.Foundation.AcquisitionService) -- G:\Software\ThermoFisher.Foundation.AcquisitionService.exe (Thermo Fisher Scientific Inc.)
SRV - (Thermo.Foundation.Acquisition.Service.Monitor) -- G:\Software\ThermoFisher.Foundation.AcquisitionMonitor.exe (Thermo Fisher Scientific Inc.)
SRV - (FinniganDatabaseService) -- G:\Software\CFRDBService.exe (Thermo Fisher Scientific Inc.)
SRV - (FinniganSecurityService) -- G:\Software\ThermoFisher.Foundation.Auditing.FinSecurityService.exe (Thermo Fisher Scientific Inc.)
SRV - (Finnigan Auto Log Off) -- G:\Software\FinAutoLogOff.exe (Thermo Fisher Scientific Inc.)
SRV - (TMODevMsgDispatcher) -- G:\Software\TMODeviceMsgDispatcher.exe (Thermo Fisher Scientific Inc.)
SRV - (Finnigan Security Server) -- G:\Software\system\programs\finSS_Server.exe (Thermo Electron Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (Spyder3) -- C:\Windows\SysNative\drivers\Spyder3.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130216.009\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130216.009\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130215.001\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1569863009-3035716055-2900962597-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1569863009-3035716055-2900962597-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1569863009-3035716055-2900962597-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\S-1-5-21-1569863009-3035716055-2900962597-1004\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1569863009-3035716055-2900962597-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\S-1-5-21-1569863009-3035716055-2900962597-1005\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}:0.7.7
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\ [2012.12.29 10:08:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ [2013.02.18 17:45:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.20 15:48:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.25 18:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.02.04 21:12:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2012.10.24 16:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\fbgnlz8l.default\extensions
[2012.10.14 07:52:49 | 000,000,000 | ---D | M] (German Dictionary (Switzerland)) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\fbgnlz8l.default\extensions\de-CH@dictionaries.addons.mozilla.org
[2012.02.06 07:12:38 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\fbgnlz8l.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.08.26 10:55:47 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\fbgnlz8l.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2012.02.04 21:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.02.25 08:32:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.02.17 10:04:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HP LaserJet Professional M1530 MFP Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1569863009-3035716055-2900962597-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1569863009-3035716055-2900962597-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1569863009-3035716055-2900962597-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1569863009-3035716055-2900962597-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = C:\Program Files (x86)\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1569863009-3035716055-2900962597-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1569863009-3035716055-2900962597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1569863009-3035716055-2900962597-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1569863009-3035716055-2900962597-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61B01DD3-7976-4629-9656-A7D3B9E39E2E}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.17 10:26:27 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.17 10:26:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.17 10:26:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.17 10:26:22 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.17 10:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.17 10:06:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.17 10:04:09 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.02.17 09:48:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.17 09:48:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.17 09:48:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.17 09:44:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.17 09:44:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.17 09:40:45 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2013.02.17 09:39:08 | 005,033,715 | R--- | C] (Swearware) -- C:\Users\Tom\Desktop\ComboFix.exe
[2013.02.16 19:06:39 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tom\Desktop\tdsskiller.exe
[2013.02.15 17:44:50 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Tom\Desktop\aswMBR.exe
[2013.02.15 17:39:48 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\mbar
[2013.02.15 09:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.02.15 09:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.02.15 07:45:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2013.02.14 18:15:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 18:15:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 18:15:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 18:15:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 18:15:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 18:15:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 18:15:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 18:15:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 18:15:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 18:15:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 18:15:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 18:15:24 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 18:15:23 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 18:15:23 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 18:15:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 18:48:48 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.13 18:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.13 18:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.13 18:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.13 17:47:33 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 17:47:32 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 17:47:32 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 17:47:30 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 17:47:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 17:47:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 17:47:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 17:47:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 17:47:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 17:47:28 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.13 06:49:04 | 000,000,000 | ---D | C] -- C:\NBRT
[2013.02.12 19:13:42 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013.02.12 19:13:41 | 000,125,872 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2013.02.12 19:13:40 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2013.02.12 19:13:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2013.02.12 19:13:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A
[2013.02.12 19:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2013.02.12 19:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2013.01.27 13:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Private Tax 2012
[2013.01.25 18:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.18 17:48:30 | 000,739,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.18 17:48:30 | 000,622,794 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.18 17:48:30 | 000,111,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.18 17:44:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.18 17:43:14 | 000,010,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 17:43:14 | 000,010,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 17:40:54 | 000,587,671 | ---- | M] () -- C:\Users\Tom\Desktop\adwcleaner0.exe
[2013.02.17 22:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.17 10:26:19 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.17 10:26:19 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.17 10:26:19 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.17 10:26:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.17 10:26:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.17 10:26:19 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.17 10:04:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.17 09:34:01 | 005,033,715 | R--- | M] (Swearware) -- C:\Users\Tom\Desktop\ComboFix.exe
[2013.02.16 19:04:16 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tom\Desktop\tdsskiller.exe
[2013.02.16 16:05:47 | 000,000,512 | ---- | M] () -- C:\Users\Tom\Desktop\MBR.dat
[2013.02.15 17:44:35 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Tom\Desktop\aswMBR.exe
[2013.02.15 09:29:41 | 000,013,277 | ---- | M] () -- C:\Users\Tom\Desktop\Logfiles.7z
[2013.02.15 07:46:43 | 000,000,000 | ---- | M] () -- C:\Users\Tom\defogger_reenable
[2013.02.15 07:41:22 | 000,365,568 | ---- | M] () -- C:\Users\Tom\Desktop\gmer_2.0.18454.exe
[2013.02.15 07:40:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2013.02.15 07:40:34 | 000,050,477 | ---- | M] () -- C:\Users\Tom\Desktop\Defogger.exe
[2013.02.15 07:35:46 | 001,894,210 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\Cat.DB
[2013.02.15 07:32:23 | 002,908,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.12 19:04:11 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.12 19:04:10 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.27 13:00:26 | 048,420,936 | ---- | M] (Information Factory AG) -- C:\Users\Tom\Documents\ptw11.ck.exe
[2013.01.26 14:23:52 | 000,002,114 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013.01.25 18:10:05 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\VT20130115.021
[2013.01.23 19:12:10 | 000,002,228 | -H-- | M] () -- C:\Users\Tom\Documents\Default.rdp
 
========== Files Created - No Company Name ==========
 
[2013.02.18 17:41:07 | 000,587,671 | ---- | C] () -- C:\Users\Tom\Desktop\adwcleaner0.exe
[2013.02.17 09:48:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.17 09:48:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.17 09:48:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.17 09:48:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.17 09:48:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.16 16:05:47 | 000,000,512 | ---- | C] () -- C:\Users\Tom\Desktop\MBR.dat
[2013.02.15 09:29:41 | 000,013,277 | ---- | C] () -- C:\Users\Tom\Desktop\Logfiles.7z
[2013.02.15 07:46:43 | 000,000,000 | ---- | C] () -- C:\Users\Tom\defogger_reenable
[2013.02.15 07:45:40 | 000,365,568 | ---- | C] () -- C:\Users\Tom\Desktop\gmer_2.0.18454.exe
[2013.02.15 07:45:35 | 000,050,477 | ---- | C] () -- C:\Users\Tom\Desktop\Defogger.exe
[2013.02.12 19:13:29 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A\isolate.ini
[2012.02.24 17:17:41 | 000,007,606 | ---- | C] () -- C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
[2012.02.04 22:35:16 | 000,000,079 | ---- | C] () -- C:\Users\Tom\AppData\Local\CrystalDiskMark30.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2012.01.08 19:44:32 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extras

Code:

ATTFilter

OTL Extras logfile created on: 18.02.2013 17:49:41 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
7.00 Gb Total Physical Memory | 5.55 Gb Available Physical Memory | 79.28% Memory free
10.90 Gb Paging File | 9.35 Gb Available in Paging File | 85.71% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.90 Gb Total Space | 9.06 Gb Free Space | 16.22% Space Free | Partition Type: NTFS
Drive D: | 853.39 Gb Total Space | 645.48 Gb Free Space | 75.64% Space Free | Partition Type: NTFS
Drive G: | 69.34 Gb Total Space | 29.42 Gb Free Space | 42.43% Space Free | Partition Type: NTFS
Drive X: | 853.51 Gb Total Space | 760.93 Gb Free Space | 89.15% Space Free | Partition Type: NTFS
Drive Y: | 8.66 Gb Total Space | 6.01 Gb Free Space | 69.39% Space Free | Partition Type: NTFS
Drive Z: | 78.03 Gb Total Space | 71.12 Gb Free Space | 91.15% Space Free | Partition Type: NTFS
 
Computer Name: SONEA | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1569863009-3035716055-2900962597-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DA4345-430F-4F1F-8907-BB1FD3BECE48}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1C1D6DD7-753D-4EB2-9CE4-E955FBC1D20E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{242F999F-8E3B-42F0-B7A1-C7090F6960D1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2662A6E6-BD61-4119-BD81-FEAE1116632C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2EDD618B-F0E4-4735-998E-3A6F8F358754}" = rport=138 | protocol=17 | dir=out | app=system | 
"{430D118C-561F-4991-B1BC-502F85DA9232}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4487CB3F-743A-43B7-9E83-27F764B3E143}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5A8FCD26-5D2D-41FD-81BA-2806DE7F530B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{63BFDEC7-EF6F-4039-AC8F-17CF030FC02A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{781B0351-25A3-4EC2-A933-D71946131281}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7886F191-3EBE-467D-B36C-A10887937F0A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7C55C27D-0E0B-4DBA-90D3-B0E9D6CB1A56}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8BA27591-2728-47D9-981B-4BEDC7FD6E5B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{90364936-A5CE-4CFF-BDA6-0AE9494C0414}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{91FBCE6F-9217-4F1D-95F5-2811727B4D60}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A21B2CA8-AB05-4C8A-A3E5-8C793A3C65C9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B513024C-9FD5-4CCD-AFB7-6CB7306C364B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E2258624-1109-4039-9BDB-4BA02D263DC4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E77F158C-8E63-4532-AA13-C3C43A7575D2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E8303C81-5A52-4C12-A71C-D20E1C73FE11}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EBC0CCCE-A4AB-473D-B674-8A3CB6A35A64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EE757FA8-CD6C-4EA3-A593-2209087BE4A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FC5F74FA-4A62-4D95-8FE8-9517C27A9D25}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FE45D44F-C7CF-4C4D-9AED-46BBD7A6BFAA}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E5E9042-6AD2-44B2-96D5-A0C7CB1C2A45}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{185D245D-D742-4C1D-AA75-984B1A53FD52}" = dir=in | app=g:\software\bin\exactiveservice.exe | 
"{262CB613-15CF-4D3C-9F56-FA22A5ED9FE4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4463A879-D6B6-4923-B54F-83A0BA468DE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{489545ED-9120-4955-8E2C-6DD492410DB8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4ABB1208-67B3-46CA-AF89-B7C81F4B6D23}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe | 
"{602C4F2B-F8AF-4F41-A2C2-7FD1CC46F9CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{660F05C3-177C-4E86-995A-62F5707B4F33}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6967D3EC-A4F1-41A0-9D5B-FC9CE804331F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{72153866-E692-4025-B6A1-9CDDACFF7559}" = protocol=6 | dir=in | app=g:\software\system\programs\homepage.exe | 
"{7C0129FF-4EAD-43FF-B60E-CB0A8E1026CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8C97BDC8-43DA-41ED-9524-83B2D2989388}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe | 
"{917C7BBC-8FD6-416D-938E-4C43E6B37C4F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{94FB867B-DB45-47D2-B43D-9C90E3D5FF98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E31E112-C2A8-4E37-906C-53AE9841AEB9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{9F89B106-5D38-40EA-9954-0BD81D0BA0C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9FC75E55-E1DF-4CD8-A25F-6CB220945241}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{A95E90DF-AE14-45E1-A896-EF5C4A17F69E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB37AE6F-04E7-4977-9C2A-90589C49079E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B33F5B33-FC05-4E1C-90DA-3F15E7758DD7}" = protocol=6 | dir=out | app=system | 
"{B8D87209-65E0-453A-8016-C79AD00755EF}" = protocol=17 | dir=in | app=g:\software\system\programs\homepage.exe | 
"{BE99E2C0-5756-41F7-B9C1-DBD4248B66DC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D08E78EF-F677-45E1-BD50-19CE13482090}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D444B854-1D01-4529-93D5-92558A70F9A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DA070946-8AEA-45B9-A9A9-BE1D92DF0A8F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EA27ACEB-B6E1-4D88-BFC8-7B3FAC1D5B8F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB7684B6-785E-4A65-8943-3C5F497BD2BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F4CE0997-2637-4184-BAF4-3DAA9BCC273D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F7749BF3-60E0-4FF5-922F-10599946AD70}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}" = Eraser 6.0.9.2343
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D759947B-8C5A-4480-B0DB-FC391F061C85}" = Adobe Photoshop Lightroom 4.3 64-bit
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"VueScan" = VueScan
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{103D15F5-ACA7-4FDE-8414-F84B9F8BE71E}" = Cisco AnyConnect Start Before Login Module
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{13E39940-CCD6-4D87-8F26-F7D6E029CA73}" = Thermo Xcalibur
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2A2D34C3-624C-4DC8-AB36-28D6E4FA0B00}" = Thermo Foundation 2.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{377FD9B9-8377-49B9-A052-17BEFFEEE4A2}" = Adobe Creative Suite 4 Web Premium
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39873B83-16BF-47BB-8ADC-CD288DD352F0}" = Thermo Foundation 2.0
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{74280B5D-A0AF-46c5-9C85-D9EA078262F1}" = HP LaserJet Professional M1530 MFP Series
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7AAC4B2B-C3D2-465C-9F2C-B9DCF0D7FDB8}" = Adobe Setup
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{865E1902-B6FE-4AF0-B61D-A82EBC53569E}" = hppSendFaxM1530
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client
"{A82D0C46-EBDF-4B27-A731-D06EF2056E81}" = HP FWUpdateEDO3
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_953" = Adobe Acrobat 9.5.3 - CPSID_83708
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C05002F1-06F8-4A15-B6F8-E4DC655C28AA}" = HP LJ M1530 MFP Series HP Scan
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C462F75B-9A35-4A84-AE52-E8C9112AAE87}" = hppFaxUtilityM1530
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEDA9F98-15B1-4EC8-B929-11F04B50F4C5}" = Thermo Xcalibur
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E375A980-147A-4287-9172-FE4A3BCF8FA2}" = Thermo Exactive Series 2.0 SP2
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD575F8B-6141-455A-8AE5-F2D2E08520FC}" = hppFaxDrvM1530
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"4095-7861-2728-4611" = Private Tax 2011 1.5
"6753-7911-9438-6061" = Private Tax 2012 2.1
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_4db064343401efd6449f33f8411c14b" = Adobe Creative Suite 4 Web Premium
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.2.0a
"ImgBurn" = ImgBurn
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{E375A980-147A-4287-9172-FE4A3BCF8FA2}" = Thermo Exactive Series 2.0 SP2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NIS" = Norton Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Personal Backup 5_is1" = Personal Backup 5.4
"Spyder3Pro" = Spyder3Pro
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.02.2013 11:03:02 | Computer Name = Sonea | Source = Exactive | ID = 0
Description = [Time=2013-02-16 16:03:02.352+01:00][Acc=SONEA\ExactiveUser][User=ExactiveUser][Comp=SONEA][App=ExactiveService][PID=1724][Type=FATAL
 error]Boot service: Cannot determine any suitable network to serve automatically.
 
Error - 16.02.2013 14:02:46 | Computer Name = Sonea | Source = Exactive | ID = 0
Description = [Time=2013-02-16 19:02:46.837+01:00][Acc=SONEA\ExactiveUser][User=ExactiveUser][Comp=SONEA][App=ExactiveService][PID=1732][Type=FATAL
 error]Boot service: Cannot determine any suitable network to serve automatically.
 
Error - 17.02.2013 04:32:37 | Computer Name = Sonea | Source = Exactive | ID = 0
Description = [Time=2013-02-17 09:32:37.345+01:00][Acc=SONEA\ExactiveUser][User=ExactiveUser][Comp=SONEA][App=ExactiveService][PID=1736][Type=FATAL
 error]Boot service: Cannot determine any suitable network to serve automatically.
 
Error - 17.02.2013 04:42:14 | Computer Name = Sonea | Source = Exactive | ID = 0
Description = [Time=2013-02-17 09:42:14.872+01:00][Acc=SONEA\ExactiveUser][User=ExactiveUser][Comp=SONEA][App=ExactiveService][PID=1740][Type=FATAL
 error]Boot service: Cannot determine any suitable network to serve automatically.
 
Error - 17.02.2013 04:43:23 | Computer Name = Sonea | Source = Application Error | ID = 1000
Description = Faulting application name: nvtray.exe, version: 7.17.13.697, time 
stamp: 0x506b3bc0  Faulting module name: nvLsp64.dll, version: 2.2.0.7305, time stamp:
 0x49eb4409  Exception code: 0x40000015  Fault offset: 0x0000000000014dae  Faulting process
 id: 0xc60  Faulting application start time: 0x01ce0ceab797c2e0  Faulting application
 path: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe  Faulting module path:
 C:\Windows\system32\nvLsp64.dll  Report Id: 1627cc60-78de-11e2-998e-00241d1c3cf6
 
Error - 17.02.2013 04:55:06 | Computer Name = Sonea | Source = Exactive | ID = 0
Description = [Time=2013-02-17 09:55:06.142+01:00][Acc=SONEA\ExactiveUser][User=ExactiveUser][Comp=SONEA][App=ExactiveService][PID=1720][Type=FATAL
 error]Boot service: Cannot determine any suitable network to serve automatically.
 
Error - 17.02.2013 05:19:25 | Computer Name = Sonea | Source = Exactive | ID = 0
Description = [Time=2013-02-17 10:19:25.575+01:00][Acc=SONEA\ExactiveUser][User=ExactiveUser][Comp=SONEA][App=ExactiveService][PID=1744][Type=FATAL
 error]Boot service: Cannot determine any suitable network to serve automatically.
 
Error - 17.02.2013 16:44:40 | Computer Name = Sonea | Source = Exactive | ID = 0
Description = [Time=2013-02-17 21:44:40.333+01:00][Acc=SONEA\ExactiveUser][User=ExactiveUser][Comp=SONEA][App=ExactiveService][PID=1728][Type=FATAL
 error]Boot service: Cannot determine any suitable network to serve automatically.
 
Error - 18.02.2013 12:39:20 | Computer Name = Sonea | Source = Exactive | ID = 0
Description = [Time=2013-02-18 17:39:19.983+01:00][Acc=SONEA\ExactiveUser][User=ExactiveUser][Comp=SONEA][App=ExactiveService][PID=1732][Type=FATAL
 error]Boot service: Cannot determine any suitable network to serve automatically.
 
Error - 18.02.2013 12:44:13 | Computer Name = Sonea | Source = Exactive | ID = 0
Description = [Time=2013-02-18 17:44:13.742+01:00][Acc=SONEA\ExactiveUser][User=ExactiveUser][Comp=SONEA][App=ExactiveService][PID=1752][Type=FATAL
 error]Boot service: Cannot determine any suitable network to serve automatically.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 18.02.2013 12:44:17 | Computer Name = Sonea | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
 70 Invoked Function: CapiCertUtils Return Code: -32767981 (0xFE0C0013) Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 18.02.2013 12:44:17 | Computer Name = Sonea | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiStore File: .\Certificates\CollectiveCertStore.cpp
Line:
 922 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32767981 (0xFE0C0013)
Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 18.02.2013 12:44:17 | Computer Name = Sonea | Source = acvpnagent | ID = 67108866
Description = Function: CWinsecApiImpersonateUser::searchProcessesForUserToken File:
 .\IPC\WinsecAPI.cpp Line: 1391 Invoked Function: Process32Next Return Code: 18 (0x00000012)
Description:
 There are no more files.   
 
Error - 18.02.2013 12:44:17 | Computer Name = Sonea | Source = acvpnagent | ID = 67108865
Description = Function: CWinsecApiImpersonateUser::acquireTokens File: .\IPC\WinsecAPI.cpp
Line:
 101 CWinsecApiImpersonateUser::getUserImpersonationToken returned NULL
 
Error - 18.02.2013 12:44:17 | Computer Name = Sonea | Source = acvpnagent | ID = 67108866
Description = Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser File:
 .\IPC\WinsecAPI.cpp Line: 81 Invoked Function: CWinsecApiImpersonateUser::acquireTokens
Return
 Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 18.02.2013 12:44:17 | Computer Name = Sonea | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
 92 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return 
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 18.02.2013 12:44:17 | Computer Name = Sonea | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
 70 Invoked Function: CapiCertUtils Return Code: -32767981 (0xFE0C0013) Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 18.02.2013 12:44:17 | Computer Name = Sonea | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
 40 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32767981 (0xFE0C0013)
Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 18.02.2013 12:44:17 | Computer Name = Sonea | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
 959 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
 -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 18.02.2013 12:44:20 | Computer Name = Sonea | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
[ System Events ]
Error - 19.08.2012 13:35:48 | Computer Name = Sonea | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 19.08.2012 13:35:48 | Computer Name = Sonea | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 20.08.2012 12:11:28 | Computer Name = Sonea | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 20.08.2012 12:13:28 | Computer Name = Sonea | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 20.08.2012 12:13:28 | Computer Name = Sonea | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 20.08.2012 14:01:09 | Computer Name = Sonea | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 20.08.2012 14:03:10 | Computer Name = Sonea | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 20.08.2012 14:03:10 | Computer Name = Sonea | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 20.08.2012 14:03:11 | Computer Name = Sonea | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.
 
Error - 21.08.2012 04:36:57 | Computer Name = Sonea | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
 
< End of report >

Gruss
Tom

cosinus · 19.02.2013, 14:47

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

tomuhl · 19.02.2013, 20:56

Fast durch ... hört sich gut an :-)

also hier die Log Files:

Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.19.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tom :: SONEA [Administrator]

Schutz: Aktiviert

19.02.2013 18:02:42
mbam-log-2013-02-19 (18-02-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 317462
Laufzeit: 1 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESETS

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=42e698fb75330b4ea2720cea7276b640
# engine=13193
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-19 05:33:43
# local_time=2013-02-19 06:33:43 (+0100, W. Europe Standard Time)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 91 1467933 123891808 0 0
# compatibility_mode=5893 16776574 100 94 22043249 112925073 0 0
# scanned=58255
# found=0
# cleaned=0
# scan_time=1132
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=42e698fb75330b4ea2720cea7276b640
# engine=13193
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-19 06:43:21
# local_time=2013-02-19 07:43:21 (+0100, W. Europe Standard Time)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 91 5364 123895986 0 0
# compatibility_mode=5893 16776574 100 94 22047427 112929251 0 0
# scanned=205888
# found=1
# cleaned=0
# scan_time=3843
sh=23D74453228E50CB726F9E0FE37C785E771C1B3C ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.CK trojan" ac=I fn="C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\310c2830-7fe60071"

cosinus · 20.02.2013, 16:20

Sieht soweit ok aus, nur ein Fund im Cache von Java, dazu bitte mal TFC ausführen um alle Cache und Temordner zu leeren:

TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

tomuhl · 20.02.2013, 17:23

OK, ich hab auch TFC laufen lassen, da war kein reboot nötig.

Das ist ja super wenn jetzt wieder alles OK ist! Das ganze hat mir doch einen Schrecken eingejagt, nach all den Jahren war dies doch meine erste Malware.

Dazu noch eine Frage. Hast du noch Tipps wie ich mein System sicherer machen kann? Der Norton Internet Security hat ja nicht so recht überzeugt.

Auf jeden Fall vielen herzlichen Dank! Mit deiner Hilfe ging das Säubern des Systems überraschend leicht.

Gruss
Tom

16.02.2013, 15:30	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	sauberer PC nach Polizei Trojaner Infektion? Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. __________________ Logfiles bitte immer in CODE-Tags posten

sauberer PC nach Polizei Trojaner Infektion?

Log-Analyse und Auswertung: sauberer PC nach Polizei Trojaner Infektion?