Exploit.Java.CVE-2013-0422d von Kaspersky gefunden und gelöscht/desinfiziert. Was nun?

elwebber · 28.02.2013, 22:48

Hallo!

Erst mal vorweg: Oben genannten Trojaner wurde von meine Kaspersky bei einem vollständigen Scan entdeckt und gelöscht/desinfiziert. Über die Googlesuche bin ich auf dieses Board hier gestoßen und muß schon sagen - Klasse Arbeit hier. Daher bin ich auch voller Hoffnung, daß ihr mir auch helfen könnt. Leider bin ich mit Viren/Trojanern nicht sonderlich bewandert, habe aber die Einleitungen und Anleitungen gelesen und hoffe alles richtig verstanden zu haben.

Daher lege ich erst mal los und stelle die gewünschten Sachen erst mal ein. Falls was nicht korrekt ist oder fehlt, bitte ich um entsprechende Anweisungen.

Mir stellen sich erst mal prinzipielle Fragen:
- Nachdem der Trojaner gelöscht/desinfiziert wurde, muß ich überhaupt noch was machen, oder ist jetzt wieder alles gut?
- Ist mein System noch zu retten oder muß ich neu aufsetzen?
- Da ich mein 1-Mann-Unternehmen darüber laufen habe: Ist das System kompromittiert?
- Sind Daten (z.B. Onlinebanking) nach aussen gelangt?

Danke schon mal vorab für eure Mühen.

Liebe Grüße, Martin

Erst mal die OTL.txt:

Code:

ATTFilter

OTL logfile created on: 28.02.2013 21:35:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Eigene Dateien\Trojaner
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,55% Memory free
5,99 Gb Paging File | 4,91 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,62 Gb Total Space | 19,75 Gb Free Space | 14,04% Space Free | Partition Type: NTFS
Drive D: | 157,46 Gb Total Space | 8,33 Gb Free Space | 5,29% Space Free | Partition Type: NTFS
 
Computer Name: ASPIRE-6930 | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.28 21:33:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Trojaner\OTL.exe
PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013.01.11 12:11:48 | 008,338,160 | ---- | M] (AceBIT GmbH) -- C:\Program Files\AceBIT\Password Depot 6\PasswordDepot.exe
PRC - [2012.12.20 10:44:32 | 000,844,296 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.12.20 10:44:28 | 000,310,280 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.12.20 10:44:26 | 001,476,104 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2012.12.12 10:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files\pdf24\pdf24.exe
PRC - [2012.12.03 19:35:00 | 001,044,320 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011.10.07 10:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011.09.27 20:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011.07.31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2011.04.08 13:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.10 13:45:48 | 000,239,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
PRC - [2011.01.10 13:43:50 | 000,608,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSTrayApp.exe
PRC - [2011.01.10 13:43:46 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe
PRC - [2011.01.10 13:43:46 | 000,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\esClient.exe
PRC - [2010.09.30 13:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010.09.30 13:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe
PRC - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009.11.27 21:38:38 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Martin\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009.06.05 16:12:47 | 000,036,864 | ---- | M] (AxoNet Software GmbH) -- C:\Program Files\Windows Home Server\LightsOutClientService.exe
PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.02.05 23:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009.01.12 08:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.16 16:49:44 | 006,332,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\55526078cc179d52a27d1731af7a219e\DeviceHost.ni.dll
MOD - [2013.02.16 16:49:32 | 002,212,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\588a5360aebb2b8371f9c6ff7215616e\Kies.Common.Multimedia.ni.dll
MOD - [2013.02.16 16:49:29 | 000,279,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\b04785775fdd28cb54ff837f57762aa0\Kies.Common.Util.ni.dll
MOD - [2013.02.16 16:49:29 | 000,206,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\27b7e5803ef4dfce348222b595f4aba1\Kies.Common.MainUI.ni.dll
MOD - [2013.02.16 16:49:28 | 001,920,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\75568f572017a624789552ac1d070731\Kies.UI.ni.dll
MOD - [2013.02.16 16:49:26 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f69842a59a80267c673735eab7b0bcd3\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013.02.16 16:49:24 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.02.16 16:49:11 | 002,064,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\4ec3b8c59353fcd0598cfc2590586879\Kies.ni.exe
MOD - [2013.02.16 16:40:32 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll
MOD - [2013.01.09 15:10:37 | 013,033,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\8db51a0e07118635fb71b05f21937db8\Kies.Theme.ni.dll
MOD - [2013.01.09 15:10:36 | 000,615,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\b07ff83c3ce2fd8d3a938889f020552d\DevicePodcast.ni.dll
MOD - [2013.01.09 15:10:36 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\54c3c22053264729fde00785baf21eb9\DummyStorePlugin.ni.dll
MOD - [2013.01.09 15:10:35 | 000,293,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\aaa553d73526328d450a142814849e40\DeviceVideo.ni.dll
MOD - [2013.01.09 15:10:34 | 000,347,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\e5334ab5e29c40a7af6223175123263b\DevicePhoto.ni.dll
MOD - [2013.01.09 15:10:33 | 000,305,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\233972a5ba7f8718ba70734134186b1a\DeviceMusic.ni.dll
MOD - [2013.01.09 15:10:32 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\e2689f807ac87966b7e78f74ab677453\VideoManager.ni.dll
MOD - [2013.01.09 15:10:31 | 000,774,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\c8a238c49512fddf15119a48f1c8e520\PhotoManager.ni.dll
MOD - [2013.01.09 15:10:30 | 001,123,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\fb3e807ec2b98abd1a057ef3694499eb\Podcaster.ni.dll
MOD - [2013.01.09 15:10:14 | 000,038,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ff3157a926a4c62bd7c4fc462b44d4ae\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013.01.09 15:10:05 | 003,536,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Pims\1d4bc56464a498daefb0b76677cdaac2\Kies.Common.Pims.ni.dll
MOD - [2013.01.09 15:10:02 | 001,937,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\521e8f5d3e1452cabfea9ea69659c679\Phonebook.ni.dll
MOD - [2013.01.09 15:10:00 | 000,700,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\ae43674e7f32b74f7713c0801bccc2fa\DeviceCommonLib.ni.dll
MOD - [2013.01.09 15:10:00 | 000,024,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\lib_Samsung_WitchPl#\0f6a68e21e4894592e16856189b20199\lib_Samsung_WitchPlaylist_v0.1.ni.dll
MOD - [2013.01.09 15:09:59 | 000,721,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\7b10f766948b52ef6d261b1a1aa8ee0a\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013.01.09 15:09:57 | 000,944,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\65f0d5e5052a4a71f5a72d778fa2cbb6\MusicManager.ni.dll
MOD - [2013.01.09 15:09:56 | 000,403,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\8bf212e316537432a2356c88f3bb6f4d\BATPlugin.ni.dll
MOD - [2013.01.09 15:09:52 | 000,516,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\8bb1cf762dcfd25fa6fec281620a67e3\Kies.Common.MediaDB.ni.dll
MOD - [2013.01.09 15:09:52 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\017429623044d5a3e9aa2aeef7d00017\Kies.Common.StoreManager.ni.dll
MOD - [2013.01.09 15:09:51 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll
MOD - [2013.01.09 15:09:50 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ca0b9f739dc8a16a0b45b07b6f1deae0\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013.01.09 15:09:50 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\3b13bd2ffd57d5a08bfb85636513922d\Kies.Common.AllShare.ni.dll
MOD - [2013.01.09 15:09:50 | 000,043,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\7296ee8d41eeb2bcc543df81eea19ebe\Interop.FUSCryptLib.ni.dll
MOD - [2013.01.09 15:09:49 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\68bf9214584209eb5ebf209d1b95ac1e\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013.01.09 15:09:49 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.CDBurnCOMLib\c1739a9b18cf8b334e60bfc1e4d126db\Interop.CDBurnCOMLib.ni.dll
MOD - [2013.01.09 15:09:48 | 000,571,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5ff671ad98a74cfc1dee4a439fb8728e\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013.01.09 15:09:48 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\d1baf93e68f207b043f0861c5ee2d7ea\Interop.DevFileServiceLib.ni.dll
MOD - [2013.01.09 15:09:47 | 000,624,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\57a3553bbf6667ae14d38bdb66f605a2\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013.01.09 15:09:47 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.SyncService#\6169b94e04d363fb40d22ff30aaf24df\Interop.SyncServiceLib.ni.dll
MOD - [2013.01.09 15:09:46 | 000,083,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceManag#\d410d0b24dd23bff0ee0803559dd90ea\Interop.DeviceManagerLib.ni.dll
MOD - [2013.01.09 15:09:46 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\ed97f510e91aff4e4f00987ec1fb8b70\Interop.DeviceServiceModelDBLib.ni.dll
MOD - [2013.01.09 15:09:45 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2c72efd53cc6951822e9782f762e0950\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013.01.09 15:09:45 | 000,062,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceDataS#\0a17379e34031a7d1828d29a442a0b66\Interop.DeviceDataServiceLib.ni.dll
MOD - [2013.01.09 15:09:45 | 000,053,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.ConnectionM#\9f58a36246af15635bcce1b3ccc1c6d3\Interop.ConnectionManagerLib.ni.dll
MOD - [2013.01.09 15:09:44 | 000,916,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6e4f1bc2e9b41f984d67aa1cd7f65c3d\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013.01.09 15:09:43 | 001,069,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\016586bd2a1964a0a519cbc522d2906d\Kies.Common.DeviceService.ni.dll
MOD - [2013.01.09 15:09:41 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013.01.09 15:09:41 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013.01.09 15:09:41 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013.01.09 15:09:41 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\7316848f01ce1da27fc2d701f32cae0d\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013.01.09 15:09:35 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\2a6cd90bb628de35d70c9dba6897d013\Kies.Common.DBManager.ni.dll
MOD - [2013.01.09 15:09:31 | 000,743,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0969ff5a4924da7d8c6ebd3fca8f154b\ICSharpCode.SharpZipLib.ni.dll
MOD - [2013.01.09 15:09:31 | 000,108,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\c7db33ddaee23e7ec8a3458fde5b50eb\Kies.Common.CRMManager.ni.dll
MOD - [2013.01.09 15:09:30 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll
MOD - [2013.01.09 15:09:29 | 001,558,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\83ea8d246c90eeee2b100f01994eef5b\Kies.Locale.ni.dll
MOD - [2013.01.09 15:09:29 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll
MOD - [2013.01.09 15:09:28 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\0bbdc52b6dd44363e4a194ee8bd8a460\Kies.MVVM.ni.dll
MOD - [2013.01.09 15:09:24 | 001,223,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\7ed89054a3bdd9dbbf1cce0e0b592d78\Kies.Interface.ni.dll
MOD - [2013.01.09 15:08:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 15:08:48 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.09 13:05:50 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.01.09 13:05:46 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
MOD - [2013.01.09 13:05:35 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll
MOD - [2013.01.09 13:05:32 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.09 13:05:31 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.01.09 13:05:25 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.01.09 13:05:21 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.01.09 13:05:18 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.09 13:05:11 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2012.11.29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2012.09.08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012.09.08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011.10.07 10:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.09.30 13:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe
MOD - [2009.07.14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2008.12.22 08:50:28 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008.11.21 12:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.27 23:27:47 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.06 08:38:00 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012.10.31 19:03:46 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011.09.27 20:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.01.10 13:45:48 | 000,239,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV - [2011.01.10 13:43:46 | 000,376,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2011.01.10 13:43:46 | 000,097,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\esClient.exe -- (esClient)
SRV - [2011.01.04 20:55:12 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.09.30 13:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.09.18 15:16:16 | 000,493,144 | ---- | M] (PacketVideo) [On_Demand | Stopped] -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe -- (TwonkyMedia)
SRV - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.05 16:12:47 | 000,036,864 | ---- | M] (AxoNet Software GmbH) [Auto | Running] -- C:\Program Files\Windows Home Server\LightsOutClientService.exe -- (LoClntService)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - [2012.10.31 19:05:25 | 000,586,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.09.20 05:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.09.20 05:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.01.29 12:10:06 | 007,522,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2011.09.02 07:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 07:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011.03.10 17:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011.03.04 12:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 12:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2010.12.01 20:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.16 16:01:30 | 000,059,464 | ---- | M] (Ross-Tech LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT-USB.SYS -- (RT-USB)
DRV - [2010.03.29 11:15:37 | 000,055,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009.11.27 21:45:28 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.11.18 21:10:14 | 006,000,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2009.11.12 12:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.10.29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.10.29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.10.29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.29 18:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.10.07 15:28:18 | 000,044,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BackupReader.sys -- (BackupReader)
DRV - [2009.07.28 07:56:00 | 009,791,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.24 14:03:02 | 000,044,544 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb178?a=6PQK6FBRDi&i=26
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 3D 1F 80 FA 78 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=E561C671-3322-472F-8D3B-B1C50721FEB9&apn_sauid=E91ECF2D-5B77-4B4E-8C94-66E1C1F4A789
IE - HKCU\..\SearchScopes\{BD00FBCD-B3F9-492D-97D5-68C2CE36DAC1}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6PQK6FBRDi&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7BB0D70E72-2FC1-4b9f-A3D4-5921C854D906%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7Bb749fc7c-e949-447f-926c-3f4eed6accfe%7D:0.7.1.1
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: fdm_ffext%40freedownloadmanager.org:1.5.7.6
FF - prefs.js..extensions.enabledAddons: passworddepot%40acebit.com:6.2.2.0
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.7
FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\passworddepot@acebit.com: C:\Program Files\AceBIT\Password Depot 6\Firefox\ [2013.01.17 09:28:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.02.27 23:30:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 23:36:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 23:36:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 23:36:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 23:36:19 | 000,000,000 | ---D | M]
 
[2009.11.27 10:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2013.02.20 09:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\1adnpaxy.default\extensions
[2012.12.13 23:05:09 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\1adnpaxy.default\extensions\fdm_ffext@freedownloadmanager.org
[2013.02.20 09:27:05 | 000,530,982 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.11 17:00:53 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2011.04.04 19:50:01 | 000,013,074 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi
[2012.01.09 22:25:57 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2013.02.16 20:44:03 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.22 07:11:23 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.09.01 19:32:28 | 000,002,299 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\searchplugins\askcom.xml
[2013.02.06 08:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.02.06 08:37:54 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2013.02.06 08:37:55 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2013.02.06 08:37:55 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2013.02.06 08:37:55 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2013.01.17 09:28:39 | 000,000,000 | ---D | M] (Password Depot Extension) -- C:\PROGRAM FILES\ACEBIT\PASSWORD DEPOT 6\FIREFOX
[2013.02.27 23:30:59 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013.02.06 08:38:00 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.06.20 20:28:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2013.02.27 23:30:34 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.02.26 16:04:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.02 07:03:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.26 16:04:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.26 16:04:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.26 16:04:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.26 16:04:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files\AceBIT\Password Depot 6\pdIEAddOn32.dll (AceBIT)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Password Depot] C:\Program Files\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O4 - HKCU..\Run: [POEngine5]  File not found
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Subscribe in RSS Popper - C:\Program Files\RSS Popper\ie_subscribe.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.15.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A4950E4-B26C-4362-A461-946B325BAA3A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3B8199C-F02E-41DB-A5A5-8328054E4992}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9f31bd0c-dae0-11de-b11f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9f31bd0c-dae0-11de-b11f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE /AUTORUN
O33 - MountPoints2\{9f31bd0c-dae0-11de-b11f-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{9f31bd0c-dae0-11de-b11f-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.28 21:02:33 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Trojaner
[2013.02.28 20:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013.02.28 20:39:07 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Real
[2013.02.27 23:31:42 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\RealNetworks
[2013.02.27 23:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013.02.27 23:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013.02.27 23:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013.02.27 23:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013.02.27 23:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2013.02.27 23:25:41 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\vlc
[2013.02.27 23:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.02.27 23:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.02.27 23:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.02.27 23:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.02.08 13:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.02.06 08:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.31 17:21:36 | 004,940,344 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxXtreme110.dll
[2013.01.31 17:21:36 | 000,104,504 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxUISettingsN100.dll
[2013.01.31 17:21:34 | 000,026,168 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxTPSW100.dll
[2013.01.31 17:21:32 | 001,360,952 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxTool110.dll
[2013.01.31 17:21:32 | 000,063,544 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxPXTree100.dll
[2013.01.31 17:21:28 | 000,127,544 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxMail100.dll
[2013.01.31 17:21:22 | 000,049,720 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXCurr100.dll
[2013.01.31 17:21:18 | 000,068,152 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxCI12.dll
[2013.01.31 17:21:16 | 000,207,416 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxBasics100.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.28 21:34:56 | 000,002,737 | ---- | M] () -- C:\Users\Martin\Desktop\OTL - Verknüpfung.lnk
[2013.02.28 21:30:58 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 21:30:58 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 21:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.28 21:22:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.28 21:22:40 | 2411,876,352 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.28 21:04:18 | 000,000,190 | ---- | M] () -- C:\Users\Martin\defogger_reenable
[2013.02.27 23:31:04 | 000,001,284 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013.02.27 23:25:07 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.25 15:15:05 | 000,004,903 | ---- | M] () -- D:\Eigene Dateien\test.CSV
[2013.02.25 15:15:04 | 000,009,309 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Kommagetrennte Werte (Windows).EML
[2013.02.25 14:56:38 | 000,001,023 | ---- | M] () -- C:\Users\Martin\Desktop\Dropbox.lnk
[2013.02.20 11:52:53 | 000,759,812 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.20 11:52:53 | 000,704,022 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.20 11:52:53 | 000,169,690 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.20 11:52:53 | 000,138,646 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.16 18:21:55 | 000,371,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.08 22:08:55 | 000,002,751 | ---- | M] () -- C:\Users\Public\Desktop\Lexware financial office.lnk
[2013.02.08 13:06:50 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.08 13:06:50 | 000,001,964 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.01.31 17:21:36 | 004,940,344 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxXtreme110.dll
[2013.01.31 17:21:36 | 000,104,504 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxUISettingsN100.dll
[2013.01.31 17:21:34 | 000,026,168 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxTPSW100.dll
[2013.01.31 17:21:32 | 001,360,952 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxTool110.dll
[2013.01.31 17:21:32 | 000,063,544 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxPXTree100.dll
[2013.01.31 17:21:28 | 000,127,544 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxMail100.dll
[2013.01.31 17:21:22 | 000,049,720 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXCurr100.dll
[2013.01.31 17:21:18 | 000,068,152 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxCI12.dll
[2013.01.31 17:21:16 | 000,207,416 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxBasics100.dll
 
========== Files Created - No Company Name ==========
 
[2013.02.28 21:35:01 | 000,002,737 | ---- | C] () -- C:\Users\Martin\Desktop\OTL - Verknüpfung.lnk
[2013.02.28 21:03:58 | 000,000,190 | ---- | C] () -- C:\Users\Martin\defogger_reenable
[2013.02.27 23:31:04 | 000,001,284 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013.02.27 23:25:07 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.25 15:15:04 | 000,009,309 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Kommagetrennte Werte (Windows).EML
[2013.02.25 15:14:54 | 000,004,903 | ---- | C] () -- D:\Eigene Dateien\test.CSV
[2013.02.08 13:06:50 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.09 12:09:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.01.09 12:09:00 | 000,014,624 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.10.29 12:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.10.29 12:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.10.29 12:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.10.29 12:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.10.29 12:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.10.15 08:22:43 | 000,007,625 | ---- | C] () -- C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
[2012.10.07 12:23:10 | 000,207,488 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2011.12.01 20:35:34 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.07.05 20:54:20 | 000,017,408 | ---- | C] () -- C:\Users\Martin\AppData\Local\WebpageIcons.db
[2011.05.13 09:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2011.05.13 09:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2011.05.13 09:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2011.03.11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2010.10.15 21:09:14 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2010.10.06 14:03:04 | 000,004,096 | -H-- | C] () -- C:\Users\Martin\AppData\Local\keyfile3.drm
[2010.05.20 20:36:05 | 000,000,072 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.04.29 23:04:54 | 000,001,235 | ---- | C] () -- C:\Users\Martin\ASPIREHOME - Verknüpfung.lnk
[2010.01.21 20:41:41 | 000,211,456 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.07 11:40:05 | 000,000,094 | ---- | C] () -- C:\Users\Martin\AppData\Local\fusioncache.dat
[2009.12.05 10:19:57 | 000,065,943 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\mdbu.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012.08.21 14:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.08.17 15:09:26 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\AceBIT
[2010.01.11 15:15:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Akademische Arbeitsgemeinschaft
[2010.11.26 10:18:28 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Avery
[2013.02.25 22:10:05 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\BOM
[2011.01.21 22:01:33 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Buhl Data Service
[2010.03.31 12:14:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Canneverbe Limited
[2011.02.25 14:42:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ContactConversionWizard
[2012.10.12 18:24:02 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
[2009.12.02 22:47:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DataDesign
[2013.02.26 11:41:56 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dropbox
[2012.10.04 21:28:33 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft
[2012.10.04 21:27:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.16 19:47:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\EPSON
[2013.02.21 15:39:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FileZilla
[2009.12.08 21:26:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Foxit
[2009.12.09 18:27:18 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Foxit Software
[2012.12.27 19:21:36 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Free Download Manager
[2010.03.03 11:33:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FRITZ!
[2010.01.16 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.03.23 23:03:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GrabPro
[2010.03.08 17:16:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Haufe
[2011.01.31 14:38:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\hdbADS
[2010.04.20 20:07:52 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ImgBurn
[2012.11.26 07:57:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\IrfanView
[2011.01.11 14:53:40 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech
[2010.07.26 12:54:12 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Lexware
[2011.04.03 19:39:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Orbit
[2011.12.01 20:35:37 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\pdfforge
[2012.07.15 15:55:52 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PhotoSync
[2011.03.23 23:04:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ProgSense
[2013.02.28 21:21:49 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\RssPopper
[2012.12.20 23:24:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Samsung
[2012.10.31 19:04:49 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SecondLife
[2012.09.19 10:56:18 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Software4u
[2009.12.07 11:42:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\T-Online
[2009.11.27 01:18:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Windows Home Server
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:74022CF48867CE37

< End of report >

Dann die EXTRA.txt:

Code:

ATTFilter

OTL Extras logfile created on: 28.02.2013 21:35:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Eigene Dateien\Trojaner
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,55% Memory free
5,99 Gb Paging File | 4,91 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,62 Gb Total Space | 19,75 Gb Free Space | 14,04% Space Free | Partition Type: NTFS
Drive D: | 157,46 Gb Total Space | 8,33 Gb Free Space | 5,29% Space Free | Partition Type: NTFS
 
Computer Name: ASPIRE-6930 | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A2D4735-93C5-4DF8-BBBA-4C57961988EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1586021A-F243-4505-B546-38B43F585684}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{17BEE3BD-968C-42F1-AD7D-63BA28C577DA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1D5D2C54-2D1B-40D3-9E02-C3ACA6F594EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1DF731B8-678F-4B37-8919-659700CDF1B1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{307FB5B6-CABE-4EC5-8EE0-6A985A4946CF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{37E0F4E6-CED9-42E6-A652-24A8AFBA07D7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{475A3DBE-0FA8-4519-AE1D-A9971425E29C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{56B0244E-2757-44E9-AD67-D3437B1034F4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{60BE370A-BFF8-47E3-8790-76604E41239D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{77108A95-17D2-4742-AC8D-4FA5D253BBFD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7A61AD38-A95A-4210-AE89-71AE1AEB88B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{801DAC19-A285-4576-9718-3C379B112095}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8D7AC2ED-C562-433C-AB80-E1C6D8F3899B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{90E5D086-C883-4F46-8761-8406098B204D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AAEBAE56-36FC-4317-A77E-D36A6A9651FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B6485AD6-DE65-4121-9368-9D74F07E2A69}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B73954DB-C9E3-4813-852E-437C69B29840}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BB5C48AB-8CFE-45E7-9011-3887DB8B2AF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C9A7DF88-2B57-408A-8208-B2AECBEEB98C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DB78429A-6AF2-433D-AD62-2772653DE55A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E24F0963-785B-4284-BB83-F1B215D94210}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E78B32CC-2D9C-4173-8B47-F17D80C10E4F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E88D5EC3-DD4C-4F6E-A32D-ADD2284A1EFF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F3444513-697A-487C-96A3-7F3B7F7E938A}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14AD98B9-FE6D-42D1-9E36-28C82F33C477}" = protocol=17 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe | 
"{1CCA7D1F-D414-4F5E-A13E-B80A21BADC46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{205550D1-B33A-4DA1-9AFB-CE330B74201C}" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3058EE40-D963-4DE4-9A44-20B9A8FCAB8B}" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{35D52E0E-E89D-48CB-8448-422DB069E783}" = protocol=6 | dir=out | app=system | 
"{580AF26B-2DCF-4CDF-8D66-DF75C8BCE8C6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5B2E9200-C88C-43A7-954E-74D73190CCAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6A7B65FD-0607-4AB0-8DBB-62DCB176C5A6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{7E01E5DF-A67F-4F15-BADD-F657AEA24F4E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8D106373-E5B7-4E53-A614-F79F73B531FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{91689A14-3698-4AEE-80E9-41EE4FA28B6B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9B3BE4EC-CE59-4D0F-ABC4-2444AB48D96F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3277B4C-8C4D-4C45-AAE8-A305E73C302A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B68F5F46-6DE5-4326-BC04-D702B72E6FE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BEEC77E1-6561-497E-81B5-8A79D96DB22E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BF130290-51F1-4F26-B344-914C708A0A97}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C7F057F9-E682-472F-A370-A2979206BC37}" = protocol=6 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe | 
"{D3E95EF8-1AD2-4193-BCF2-5AEA46A41456}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E2A4B924-8440-42E4-91C0-87675BDC8E7D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E62ED7CB-2472-4C36-ADC4-E068354C3DC3}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{E9F3111B-C2D5-4C43-99CF-92E48737DA6D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F8B7BCF0-57B4-43BE-87D9-ECBD9F5783FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F9B6A3FE-FC39-4C97-ABC5-72F11491E684}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FBA554BD-7E80-482D-BAFA-0999361019BF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{2EBC37F7-54B6-4477-9387-D7F55BF052F5}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{99DD22DC-4685-4294-8C9C-40B95D5C2DFD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{0F35038A-410E-4DEF-970D-77D08C23ABE6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{62B97621-E5BE-4293-A0F0-DB28247BB1A0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{119B91A7-1984-4256-BC34-348BA84143B1}" = Application Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D3858B1-226A-420D-9C9D-B51864E85429}" = Nuvoton CIR Device Driver
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C3B4D0D-7BA1-4CD8-8034-93D9A2175753}" = WISO Fahrtenbuch 2012
"{5AE08F40-EC9B-4B7E-B5A6-200A7E6DCB2A}" = Lexware financial office 2013
"{5EA333DC-8C33-4077-9BFE-2326F3FA505F}" = Lexware online banking
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{692F4201-AB4C-4795-9F42-123F0601F8B7}" = LightsOut Client
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CC673E7-5271-409D-B196-BB76DA60300B}" = TwonkyMedia Windows Components
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}" = LightScribe Applications
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A23AADDA-3DBF-11E2-A6F2-984BE15F174E}" = Evernote v. 4.6
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1" = Password Depot 6
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{BE618A02-45E7-4456-8277-D05BE76B9E1A}" = Geldtipps Homebanking 2011 1und1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
"{D9B00587-D56E-470C-9C89-106552A35FFA}" = PhotoSync
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E98E2A33-05D1-476B-B81B-40F4BD957056}" = Windows Home Server Home Computer Restore CD (Dual Boot)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F72E9C08-197C-4677-BE2B-1CBC90DAAD07}" = Lexware Elster
"{F8C279EA-C67F-4B99-8FAA-EF526D98D39C}" = WISO Fahrtenbuch 2011
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU 
"{FF748561-FFFE-11D3-A06B-00E02939A7B1}" = dakota.ag
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"0630-0716-3135-7887" = JDownloader 2
"3A22385941281AFEE4CDB6EE09AB8D0BF418CE17" = Windows Driver Package - Acer, Inc (androidusb) USB  (12/20/2011 1.0.0010.00000)
"812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1" = Outlook Backup Assistant 5 (Vollversion)
"AAA1ACCA6262EC232B355F1427BDDE4D745AFBC1" = Windows Driver Package - Linux Developer Community Net  (12/08/2011 5.1.2600.2781)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"A-Ray Scanner" = A-Ray Scanner 2.0.2.3
"AudibleDownloadManager" = Audible Download Manager
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"B4DFFB06B716298277125094C48185BFE8B5A7E1" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"Biet-O-Matic v2.12.5" = Biet-O-Matic v2.12.5
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"EPSON BX610FW Series" = Druckerdeinstallation für EPSON BX610FW Series
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Epson Stylus Office BX610FW_Office TX610FW_SX610FW Benutzerhandbuch" = Epson Stylus Office BX610FW_Office TX610FW_SX610FW Handbuch
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"FileZilla Client" = FileZilla Client 3.6.0.2
"Foxit Reader" = Foxit Reader
"Free Download Manager_is1" = Free Download Manager 3.9.2
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Google Calendar Sync" = Google Calendar Sync
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KONICA MINOLTA magicolor 2430DL" = KONICA MINOLTA magicolor 2430DL
"Lidl-Fotos_is1" = Lidl-Fotos
"LightsOut Client" = LightsOut Client
"Macro Express 3" = Macro Express 3
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 16.0" = RealPlayer
"RSS Popper" = RSS Popper
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TwonkyManager" = TwonkyManager
"VCDS PCI" = VCDS PCI 11.11
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.02.2013 15:59:16 | Computer Name = Aspire-6930 | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\outlook
 backup assistant\AddIn\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\outlook backup assistant\AddIn\adxloader.dll.Manifest" in Zeile
 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 22.02.2013 15:59:17 | Computer Name = Aspire-6930 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 25.02.2013 10:14:22 | Computer Name = Aspire-6930 | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 25.02.2013 10:45:00 | Computer Name = Aspire-6930 | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\outlook
 backup assistant\AddIn\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\outlook backup assistant\AddIn\adxloader.dll.Manifest" in Zeile
 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 25.02.2013 10:45:00 | Computer Name = Aspire-6930 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 25.02.2013 13:50:24 | Computer Name = Aspire-6930 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 11.0.8326.0,
 Zeitstempel: 0x4c1c2372  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x4c0  Startzeit der fehlerhaften Anwendung: 0x01ce136a7c844655  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: d4664ab4-7f73-11e2-a5a7-00238b1c39c6
 
Error - 26.02.2013 10:30:39 | Computer Name = Aspire-6930 | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\outlook
 backup assistant\AddIn\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\outlook backup assistant\AddIn\adxloader.dll.Manifest" in Zeile
 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 26.02.2013 10:30:39 | Computer Name = Aspire-6930 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 27.02.2013 10:18:41 | Computer Name = Aspire-6930 | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\outlook
 backup assistant\AddIn\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\outlook backup assistant\AddIn\adxloader.dll.Manifest" in Zeile
 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 27.02.2013 10:18:42 | Computer Name = Aspire-6930 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 26.02.2013 12:57:18 | Computer Name = Aspire-6930 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?02.?2013 um 15:47:21 unerwartet heruntergefahren.
 
Error - 26.02.2013 12:58:01 | Computer Name = Aspire-6930 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 LightsOut Client Dienst erreicht.
 
Error - 27.02.2013 14:25:38 | Computer Name = Aspire-6930 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?02.?2013 um 19:24:41 unerwartet heruntergefahren.
 
Error - 27.02.2013 16:12:34 | Computer Name = Aspire-6930 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?02.?2013 um 21:10:27 unerwartet heruntergefahren.
 
Error - 27.02.2013 16:13:23 | Computer Name = Aspire-6930 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 LightsOut Client Dienst erreicht.
 
Error - 27.02.2013 16:13:53 | Computer Name = Aspire-6930 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Net.Tcp Port Sharing Service erreicht.
 
Error - 27.02.2013 16:13:53 | Computer Name = Aspire-6930 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Net.Tcp Port Sharing Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 27.02.2013 16:14:58 | Computer Name = Aspire-6930 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Net.Tcp Listener Adapter" ist vom Dienst "Net.Tcp Port
 Sharing Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
   %%1053
 
Error - 28.02.2013 15:38:55 | Computer Name = Aspire-6930 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?02.?2013 um 23:45:47 unerwartet heruntergefahren.
 
Error - 28.02.2013 16:24:42 | Computer Name = Aspire-6930 | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
 initialisieren.
 
 
< End of report >

Dann die Gmer.log:

Code:

ATTFilter

GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-02-28 22:32:01
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0303 298,09GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\Martin\AppData\Local\Temp\kwdoqkod.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwAdjustPrivilegesToken [0x91567392]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwAlpcConnectPort [0x9158224A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwAlpcCreatePort [0x91582580]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwAlpcSendWaitReceivePort [0x915828F6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwClose [0x91567E0C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwConnectPort [0x91581F32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwCreateEvent [0x9156837E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwCreateMutant [0x9156826C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwCreatePort [0x915823F0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwCreateSection [0x9156714E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwCreateSemaphore [0x91568496]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwCreateThread [0x915679C2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwCreateThreadEx [0x91567B32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwCreateUserProcess [0x915685AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwCreateWaitablePort [0x915824B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwDebugActiveProcess [0x91568856]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwDeviceIoControlFile [0x91567E4E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwDuplicateObject [0x91569858]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwLoadDriver [0x91568948]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwMapViewOfSection [0x91568EB4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwNotifyChangeKey [0x91580722]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwOpenEvent [0x91568410]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwOpenMutant [0x915682F8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwOpenProcess [0x915675CC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwOpenSection [0x91568C98]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwOpenSemaphore [0x91568528]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwOpenThread [0x915674C0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwQueryDirectoryObject [0x91568664]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwQueryObject [0x9158091A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwQuerySection [0x915691DA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwQueueApcThread [0x91568AE8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwReplyPort [0x915826E4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwReplyWaitReceivePort [0x91582632]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwRequestWaitReplyPort [0x91582750]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwResumeThread [0x915696FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwSecureConnectPort [0x915820BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwSetContextThread [0x91567CAC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwSetInformationToken [0x91568702]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwSetSystemInformation [0x9156932A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwSuspendProcess [0x9156941E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwSuspendThread [0x91569558]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwSystemDebugControl [0x91568778]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwTerminateProcess [0x9156776C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwTerminateThread [0x915676C2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwUnmapViewOfSection [0x91569092]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                           ZwWriteVirtualMemory [0x91567858]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                       830799E9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                         830B31C2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                                            830BA1EC 4 Bytes  [92, 73, 56, 91] {XCHG EDX, EAX; JAE 0x59; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                            830BA214 8 Bytes  [4A, 22, 58, 91, 80, 25, 58, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                                            830BA258 4 Bytes  [F6, 28, 58, 91] {IMUL BYTE [EAX]; POP EAX; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                                            830BA284 4 Bytes  [0C, 7E, 56, 91] {OR AL, 0x7e; PUSH ESI; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                                            830BA2A8 4 Bytes  [32, 1F, 58, 91] {XOR BL, [EDI]; POP EAX; XCHG ECX, EAX}
.text           ...                                                                                                            

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4376] ntdll.dll!DbgBreakPoint               77CA410C 1 Byte  [C3]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                        Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                        Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                        kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                        kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                      kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269dee1e3                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269dee1e3@94dbc9a85778                       0x41 0x05 0xCE 0x10 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                            0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                         0xCE 0x38 0x39 0xBC ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                            C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                   0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                0x8B 0xD5 0xAC 0xB7 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                            0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                            1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                         0x6B 0xB5 0xE5 0xA5 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269dee1e3 (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269dee1e3@94dbc9a85778                           0x41 0x05 0xCE 0x10 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)           
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                             0xCE 0x38 0x39 0xBC ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                       0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                    0x8B 0xD5 0xAC 0xB7 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)           
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                1
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                             0x6C 0xC0 0x0B 0x1A ...

---- EOF - GMER 2.1 ----

Ach ja: Defogger hab ich durchgeführt.

Leider konnte ich bei Kaspersky KIS 2012 keine Log-Dateien finden. Nur der Bericht im Programm. Kann man da auch irgendwelche Logs finden?

Liebe Grüße, Martin

cosinus · 01.03.2013, 16:26

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten

MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

elwebber · 01.03.2013, 18:14

Hallo Cosinus,

vielen Dank, daß du dir die Zeit nimmst, mir zu helfen.

Ich habe mal die deine Schritte durchgeführt:

1.) MBAR

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.03.01.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Martin :: ASPIRE-6930 [administrator]

01.03.2013 17:05:19
mbar-log-2013-03-01 (17-05-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30680
Time elapsed: 12 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

2.) aswMBR

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-01 17:24:01
-----------------------------
17:24:01.393    OS Version: Windows 6.1.7601 Service Pack 1
17:24:01.393    Number of processors: 2 586 0x1706
17:24:01.393    ComputerName: ASPIRE-6930  UserName: Martin
17:24:02.032    Initialize success
17:24:09.364    AVAST engine defs: 13030100
17:24:13.857    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:24:13.857    Disk 0 Vendor: ST932032 0303 Size: 305245MB BusType: 3
17:24:13.888    Disk 0 MBR read successfully
17:24:13.888    Disk 0 MBR scan
17:24:13.904    Disk 0 Windows 7 default MBR code
17:24:13.904    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       144000 MB offset 2048
17:24:13.935    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       161243 MB offset 294914048
17:24:13.951    Disk 0 scanning sectors +625139712
17:24:14.075    Disk 0 scanning C:\Windows\system32\drivers
17:24:30.705    Service scanning
17:24:41.563    Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
17:24:41.594    Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
17:24:41.750    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
17:24:41.812    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
17:25:02.031    Modules scanning
17:25:14.105    Disk 0 trace - called modules:
17:25:14.137    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 
17:25:14.152    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87919718]
17:25:14.168    3 CLASSPNP.SYS[8c5a059e] -> nt!IofCallDriver -> [0x86aec368]
17:25:14.183    5 ACPI.sys[842a13d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86acd028]
17:25:14.839    AVAST engine scan C:\Windows
17:25:17.007    AVAST engine scan C:\Windows\system32
17:29:33.863    AVAST engine scan C:\Windows\system32\drivers
17:29:52.927    AVAST engine scan C:\Users\Martin
17:41:43.278    AVAST engine scan C:\ProgramData
17:51:41.183    Scan finished successfully
17:52:01.338    Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
17:52:01.338    The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"

3.) TDSS-Killer:

Da habe ich leider keine Möglichkeit zum speichern gefunden. Ich kann den Report in einem neuen Fenster aufrufen, aber eine Möglichkeit zum Speichern eines Log-Files kann ich nirgends entdecken. Ich habe den Report per Paste&Copy hier mal reingesetzt. Da er zu lang ist, musste ich ihn aufteilen...

Teil1:

Code:

ATTFilter

17:57:08.0008 1024  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:57:08.0039 1024  ============================================================
17:57:08.0039 1024  Current date / time: 2013/03/01 17:57:08.0039
17:57:08.0039 1024  SystemInfo:
17:57:08.0039 1024  
17:57:08.0039 1024  OS Version: 6.1.7601 ServicePack: 1.0
17:57:08.0039 1024  Product type: Workstation
17:57:08.0039 1024  ComputerName: ASPIRE-6930
17:57:08.0039 1024  UserName: Martin
17:57:08.0039 1024  Windows directory: C:\Windows
17:57:08.0039 1024  System windows directory: C:\Windows
17:57:08.0039 1024  Processor architecture: Intel x86
17:57:08.0039 1024  Number of processors: 2
17:57:08.0039 1024  Page size: 0x1000
17:57:08.0039 1024  Boot type: Normal boot
17:57:08.0039 1024  ============================================================
17:57:08.0476 1024  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:57:08.0491 1024  ============================================================
17:57:08.0491 1024  \Device\Harddisk0\DR0:
17:57:08.0491 1024  MBR partitions:
17:57:08.0491 1024  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x11940000
17:57:08.0491 1024  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11940800, BlocksNum 0x13AED800
17:57:08.0491 1024  ============================================================
17:57:08.0522 1024  C: <-> \Device\Harddisk0\DR0\Partition1
17:57:08.0569 1024  D: <-> \Device\Harddisk0\DR0\Partition2
17:57:08.0569 1024  ============================================================
17:57:08.0569 1024  Initialize success
17:57:08.0569 1024  ============================================================
17:57:16.0323 1140  ============================================================
17:57:16.0323 1140  Scan started
17:57:16.0323 1140  Mode: Manual; SigCheck; TDLFS; 
17:57:16.0323 1140  ============================================================
17:57:16.0713 1140  ================ Scan system memory ========================
17:57:16.0713 1140  System memory - ok
17:57:16.0713 1140  ================ Scan services =============================
17:57:16.0947 1140  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:57:17.0071 1140  1394ohci - ok
17:57:17.0181 1140  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
17:57:17.0227 1140  AAV UpdateService - ok
17:57:17.0290 1140  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:57:17.0321 1140  ACPI - ok
17:57:17.0368 1140  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:57:17.0399 1140  AcpiPmi - ok
17:57:17.0524 1140  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:57:17.0555 1140  AdobeFlashPlayerUpdateSvc - ok
17:57:17.0602 1140  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:57:17.0633 1140  adp94xx - ok
17:57:17.0649 1140  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:57:17.0664 1140  adpahci - ok
17:57:17.0680 1140  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:57:17.0695 1140  adpu320 - ok
17:57:17.0727 1140  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:57:17.0742 1140  AeLookupSvc - ok
17:57:17.0805 1140  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
17:57:17.0836 1140  AFD - ok
17:57:17.0883 1140  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
17:57:17.0929 1140  agp440 - ok
17:57:17.0961 1140  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
17:57:17.0976 1140  aic78xx - ok
17:57:18.0007 1140  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
17:57:18.0039 1140  ALG - ok
17:57:18.0054 1140  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:57:18.0070 1140  aliide - ok
17:57:18.0085 1140  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:57:18.0101 1140  amdagp - ok
17:57:18.0132 1140  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:57:18.0148 1140  amdide - ok
17:57:18.0179 1140  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:57:18.0195 1140  AmdK8 - ok
17:57:18.0210 1140  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:57:18.0226 1140  AmdPPM - ok
17:57:18.0257 1140  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:57:18.0304 1140  amdsata - ok
17:57:18.0319 1140  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:57:18.0335 1140  amdsbs - ok
17:57:18.0351 1140  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:57:18.0366 1140  amdxata - ok
17:57:18.0444 1140  [ 40C279A23BD43553BFBA6E88A9B38AE2 ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
17:57:18.0491 1140  AnyDVD - ok
17:57:18.0585 1140  [ D1AF38FBAC0DC7E6D796B0ED01707EE0 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
17:57:18.0631 1140  AppHostSvc - ok
17:57:18.0663 1140  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
17:57:18.0694 1140  AppID - ok
17:57:18.0725 1140  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:57:18.0741 1140  AppIDSvc - ok
17:57:18.0803 1140  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
17:57:18.0850 1140  Appinfo - ok
17:57:18.0943 1140  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:57:18.0959 1140  Apple Mobile Device - ok
17:57:19.0006 1140  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:57:19.0021 1140  arc - ok
17:57:19.0021 1140  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:57:19.0037 1140  arcsas - ok
17:57:19.0115 1140  [ 62893926092AD61C8839ED73D1DFE338 ] arXfrSvc        C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
17:57:19.0146 1140  arXfrSvc - ok
17:57:19.0271 1140  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:57:19.0302 1140  aspnet_state - ok
17:57:19.0318 1140  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:57:19.0349 1140  AsyncMac - ok
17:57:19.0411 1140  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
17:57:19.0443 1140  atapi - ok
17:57:19.0489 1140  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:57:19.0521 1140  AudioEndpointBuilder - ok
17:57:19.0567 1140  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:57:19.0630 1140  Audiosrv - ok
17:57:19.0661 1140  AVP - ok
17:57:19.0723 1140  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:57:19.0739 1140  AxInstSV - ok
17:57:19.0786 1140  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
17:57:19.0801 1140  b06bdrv - ok
17:57:19.0833 1140  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:57:19.0848 1140  b57nd60x - ok
17:57:19.0926 1140  [ 659A3A415BF36775449C8D6AFEE4A8FC ] BackupReader    C:\Windows\system32\DRIVERS\BackupReader.sys
17:57:19.0942 1140  BackupReader - ok
17:57:19.0957 1140  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:57:19.0973 1140  BDESVC - ok
17:57:20.0004 1140  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:57:20.0051 1140  Beep - ok
17:57:20.0113 1140  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
17:57:20.0145 1140  BFE - ok
17:57:20.0191 1140  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
17:57:20.0254 1140  BITS - ok
17:57:20.0269 1140  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:57:20.0285 1140  blbdrive - ok
17:57:20.0379 1140  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:57:20.0410 1140  Bonjour Service - ok
17:57:20.0441 1140  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:57:20.0457 1140  bowser - ok
17:57:20.0488 1140  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:57:20.0503 1140  BrFiltLo - ok
17:57:20.0519 1140  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:57:20.0535 1140  BrFiltUp - ok
17:57:20.0566 1140  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
17:57:20.0613 1140  Browser - ok
17:57:20.0628 1140  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:57:20.0659 1140  Brserid - ok
17:57:20.0675 1140  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:57:20.0691 1140  BrSerWdm - ok
17:57:20.0706 1140  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:57:20.0722 1140  BrUsbMdm - ok
17:57:20.0737 1140  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:57:20.0753 1140  BrUsbSer - ok
17:57:20.0815 1140  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
17:57:20.0862 1140  BthEnum - ok
17:57:20.0862 1140  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:57:20.0878 1140  BTHMODEM - ok
17:57:20.0909 1140  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:57:20.0940 1140  BthPan - ok
17:57:21.0003 1140  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
17:57:21.0049 1140  BTHPORT - ok
17:57:21.0081 1140  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
17:57:21.0127 1140  bthserv - ok
17:57:21.0174 1140  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
17:57:21.0221 1140  BTHUSB - ok
17:57:21.0237 1140  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:57:21.0283 1140  cdfs - ok
17:57:21.0330 1140  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:57:21.0361 1140  cdrom - ok
17:57:21.0408 1140  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:57:21.0471 1140  CertPropSvc - ok
17:57:21.0502 1140  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:57:21.0517 1140  circlass - ok
17:57:21.0564 1140  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
17:57:21.0580 1140  CLFS - ok
17:57:21.0642 1140  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:57:21.0673 1140  clr_optimization_v2.0.50727_32 - ok
17:57:21.0736 1140  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:57:21.0767 1140  clr_optimization_v4.0.30319_32 - ok
17:57:21.0783 1140  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:57:21.0798 1140  CmBatt - ok
17:57:21.0814 1140  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:57:21.0829 1140  cmdide - ok
17:57:21.0876 1140  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:57:21.0923 1140  CNG - ok
17:57:21.0939 1140  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:57:21.0954 1140  Compbatt - ok
17:57:21.0970 1140  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:57:21.0985 1140  CompositeBus - ok
17:57:22.0001 1140  COMSysApp - ok
17:57:22.0032 1140  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:57:22.0032 1140  crcdisk - ok
17:57:22.0079 1140  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:57:22.0126 1140  CryptSvc - ok
17:57:22.0173 1140  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:57:22.0219 1140  DcomLaunch - ok
17:57:22.0251 1140  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:57:22.0282 1140  defragsvc - ok
17:57:22.0329 1140  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:57:22.0375 1140  DfsC - ok
17:57:22.0469 1140  [ 6CC6C4B9D7B906A151AA094CA087B9F0 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
17:57:22.0500 1140  dg_ssudbus - ok
17:57:22.0547 1140  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:57:22.0594 1140  Dhcp - ok
17:57:22.0609 1140  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
17:57:22.0641 1140  discache - ok
17:57:22.0656 1140  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:57:22.0672 1140  Disk - ok
17:57:22.0719 1140  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:57:22.0750 1140  Dnscache - ok
17:57:22.0797 1140  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:57:22.0812 1140  dot3svc - ok
17:57:22.0859 1140  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
17:57:22.0906 1140  DPS - ok
17:57:22.0921 1140  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:57:22.0937 1140  drmkaud - ok
17:57:22.0999 1140  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:57:23.0046 1140  DXGKrnl - ok
17:57:23.0093 1140  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
17:57:23.0109 1140  EapHost - ok
17:57:23.0233 1140  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
17:57:23.0280 1140  ebdrv - ok
17:57:23.0311 1140  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
17:57:23.0327 1140  EFS - ok
17:57:23.0389 1140  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:57:23.0436 1140  ehRecvr - ok
17:57:23.0467 1140  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
17:57:23.0483 1140  ehSched - ok
17:57:23.0545 1140  [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL        C:\Windows\system32\Drivers\ElbyCDFL.sys
17:57:23.0577 1140  ElbyCDFL - ok
17:57:23.0623 1140  [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
17:57:23.0639 1140  ElbyCDIO - ok
17:57:23.0686 1140  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:57:23.0717 1140  elxstor - ok
17:57:23.0764 1140  [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
17:57:23.0779 1140  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
17:57:23.0779 1140  EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
17:57:23.0826 1140  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:57:23.0857 1140  ErrDev - ok
17:57:23.0904 1140  [ E91AB748B9EE327A8EE130F7E9C900F7 ] esClient        C:\Program Files\Windows Home Server\esClient.exe
17:57:23.0920 1140  esClient - ok
17:57:23.0967 1140  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
17:57:24.0013 1140  EventSystem - ok
17:57:24.0029 1140  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
17:57:24.0060 1140  exfat - ok
17:57:24.0076 1140  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:57:24.0107 1140  fastfat - ok
17:57:24.0169 1140  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
17:57:24.0216 1140  Fax - ok
17:57:24.0232 1140  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:57:24.0247 1140  fdc - ok
17:57:24.0263 1140  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
17:57:24.0294 1140  fdPHost - ok
17:57:24.0310 1140  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
17:57:24.0325 1140  FDResPub - ok
17:57:24.0357 1140  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:57:24.0372 1140  FileInfo - ok
17:57:24.0388 1140  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:57:24.0403 1140  Filetrace - ok
17:57:24.0435 1140  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:57:24.0450 1140  flpydisk - ok
17:57:24.0466 1140  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:57:24.0481 1140  FltMgr - ok
17:57:24.0544 1140  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
17:57:24.0559 1140  FontCache - ok
17:57:24.0622 1140  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:57:24.0653 1140  FontCache3.0.0.0 - ok
17:57:24.0669 1140  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:57:24.0684 1140  FsDepends - ok
17:57:24.0731 1140  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:57:24.0762 1140  Fs_Rec - ok
17:57:24.0809 1140  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:57:24.0825 1140  fvevol - ok
17:57:24.0871 1140  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:57:24.0903 1140  gagp30kx - ok
17:57:24.0965 1140  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:57:24.0996 1140  GEARAspiWDM - ok
17:57:25.0043 1140  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:57:25.0074 1140  gpsvc - ok
17:57:25.0090 1140  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:57:25.0105 1140  hcw85cir - ok
17:57:25.0168 1140  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:57:25.0199 1140  HdAudAddService - ok
17:57:25.0230 1140  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:57:25.0246 1140  HDAudBus - ok
17:57:25.0277 1140  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:57:25.0293 1140  HidBatt - ok
17:57:25.0308 1140  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:57:25.0324 1140  HidBth - ok
17:57:25.0339 1140  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:57:25.0355 1140  HidIr - ok
17:57:25.0386 1140  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
17:57:25.0417 1140  hidserv - ok
17:57:25.0464 1140  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
17:57:25.0480 1140  HidUsb - ok
17:57:25.0527 1140  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:57:25.0542 1140  hkmsvc - ok
17:57:25.0620 1140  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:57:25.0651 1140  HomeGroupListener - ok
17:57:25.0698 1140  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:57:25.0729 1140  HomeGroupProvider - ok
17:57:25.0745 1140  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:57:25.0745 1140  HpSAMD - ok
17:57:25.0807 1140  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:57:25.0885 1140  HTTP - ok
17:57:25.0917 1140  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:57:25.0932 1140  hwpolicy - ok
17:57:25.0979 1140  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:57:26.0010 1140  i8042prt - ok
17:57:26.0104 1140  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:57:26.0135 1140  IAANTMON - ok
17:57:26.0166 1140  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:57:26.0197 1140  iaStor - ok
17:57:26.0229 1140  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:57:26.0244 1140  iaStorV - ok
17:57:26.0322 1140  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:57:26.0369 1140  idsvc - ok
17:57:26.0385 1140  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:57:26.0400 1140  iirsp - ok
17:57:26.0463 1140  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:57:26.0541 1140  IKEEXT - ok
17:57:26.0650 1140  [ DA7DCB6565E68E3F95F043C4B01B8960 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:57:26.0697 1140  IntcAzAudAddService - ok
17:57:26.0743 1140  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:57:26.0759 1140  intelide - ok
17:57:26.0775 1140  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:57:26.0790 1140  intelppm - ok
17:57:26.0821 1140  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:57:26.0853 1140  IPBusEnum - ok
17:57:26.0868 1140  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:57:26.0884 1140  IpFilterDriver - ok
17:57:26.0962 1140  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:57:26.0993 1140  iphlpsvc - ok
17:57:27.0024 1140  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:57:27.0040 1140  IPMIDRV - ok
17:57:27.0071 1140  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:57:27.0087 1140  IPNAT - ok
17:57:27.0196 1140  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:57:27.0227 1140  iPod Service - ok
17:57:27.0243 1140  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:57:27.0258 1140  IRENUM - ok
17:57:27.0305 1140  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:57:27.0336 1140  isapnp - ok
17:57:27.0367 1140  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:57:27.0383 1140  iScsiPrt - ok
17:57:27.0399 1140  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:57:27.0414 1140  kbdclass - ok
17:57:27.0445 1140  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:57:27.0461 1140  kbdhid - ok
17:57:27.0461 1140  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
17:57:27.0477 1140  KeyIso - ok
17:57:27.0523 1140  [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
17:57:27.0539 1140  kl1 - ok
17:57:27.0570 1140  [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
17:57:27.0586 1140  kl2 - ok
17:57:27.0617 1140  [ D4C57824767D3ECBD89883A33F4FD87A ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
17:57:27.0633 1140  KLIF - ok
17:57:27.0711 1140  [ 6295A19003F935ECC6CCBE9E2376427B ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
17:57:27.0757 1140  KLIM6 - ok
17:57:27.0773 1140  [ 3DE1771C135328420315E21DDE229BBA ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
17:57:27.0789 1140  klmouflt - ok
17:57:27.0835 1140  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:57:27.0851 1140  KSecDD - ok
17:57:27.0898 1140  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:57:27.0913 1140  KSecPkg - ok
17:57:27.0945 1140  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:57:27.0976 1140  KtmRm - ok
17:57:28.0023 1140  [ 14F63A275C1BFF4D35E02DE1127E8A85 ] L1E             C:\Windows\system32\DRIVERS\L1E62x86.sys
17:57:28.0054 1140  L1E - ok
17:57:28.0069 1140  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:57:28.0101 1140  LanmanServer - ok
17:57:28.0132 1140  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:57:28.0194 1140  LanmanWorkstation - ok
17:57:28.0303 1140  [ 910344E2A984010435AE84783B25E5EB ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:57:28.0335 1140  LBTServ - ok
17:57:28.0413 1140  [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:57:28.0444 1140  LHidFilt - ok
17:57:28.0522 1140  [ AC2E68E3421AF857B8D438414E7AE31C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:57:28.0537 1140  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:57:28.0537 1140  LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:57:28.0553 1140  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:57:28.0600 1140  lltdio - ok
17:57:28.0615 1140  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:57:28.0647 1140  lltdsvc - ok
17:57:28.0662 1140  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:57:28.0678 1140  lmhosts - ok
17:57:28.0756 1140  [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:57:28.0803 1140  LMouFilt - ok
17:57:28.0849 1140  [ A67B289743CE824B930B54AC374926C1 ] LoClntService   C:\Program Files\Windows Home Server\LightsOutClientService.exe
17:57:28.0849 1140  LoClntService ( UnsignedFile.Multi.Generic ) - warning
17:57:28.0849 1140  LoClntService - detected UnsignedFile.Multi.Generic (1)
17:57:28.0881 1140  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:57:28.0927 1140  LSI_FC - ok
17:57:28.0943 1140  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:57:28.0959 1140  LSI_SAS - ok
17:57:28.0974 1140  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:57:28.0990 1140  LSI_SAS2 - ok
17:57:29.0005 1140  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:57:29.0005 1140  LSI_SCSI - ok
17:57:29.0037 1140  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
17:57:29.0068 1140  luafv - ok
17:57:29.0115 1140  [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter      C:\Windows\system32\drivers\massfilter.sys
17:57:29.0130 1140  massfilter - ok
17:57:29.0255 1140  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
17:57:29.0286 1140  McComponentHostService - ok
17:57:29.0333 1140  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:57:29.0349 1140  Mcx2Svc - ok
17:57:29.0380 1140  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:57:29.0380 1140  megasas - ok
17:57:29.0395 1140  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:57:29.0411 1140  MegaSR - ok
17:57:29.0442 1140  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
17:57:29.0473 1140  MMCSS - ok
17:57:29.0473 1140  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
17:57:29.0505 1140  Modem - ok
17:57:29.0536 1140  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:57:29.0551 1140  monitor - ok
17:57:29.0567 1140  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:57:29.0583 1140  mouclass - ok
17:57:29.0614 1140  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:57:29.0629 1140  mouhid - ok
17:57:29.0676 1140  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:57:29.0707 1140  mountmgr - ok
17:57:29.0817 1140  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:57:29.0863 1140  MozillaMaintenance - ok
17:57:29.0863 1140  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:57:29.0879 1140  mpio - ok
17:57:29.0910 1140  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:57:29.0941 1140  mpsdrv - ok
17:57:29.0988 1140  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:57:30.0035 1140  MpsSvc - ok
17:57:30.0066 1140  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:57:30.0082 1140  MRxDAV - ok
17:57:30.0144 1140  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:57:30.0160 1140  mrxsmb - ok
17:57:30.0207 1140  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:57:30.0222 1140  mrxsmb10 - ok
17:57:30.0238 1140  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:57:30.0253 1140  mrxsmb20 - ok
17:57:30.0300 1140  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
17:57:30.0331 1140  msahci - ok
17:57:30.0394 1140  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:57:30.0425 1140  msdsm - ok
17:57:30.0441 1140  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
17:57:30.0472 1140  MSDTC - ok
17:57:30.0487 1140  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:57:30.0519 1140  Msfs - ok
17:57:30.0534 1140  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:57:30.0565 1140  mshidkmdf - ok
17:57:30.0597 1140  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:57:30.0612 1140  msisadrv - ok
17:57:30.0643 1140  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:57:30.0675 1140  MSiSCSI - ok
17:57:30.0675 1140  msiserver - ok
17:57:30.0706 1140  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:57:30.0721 1140  MSKSSRV - ok
17:57:30.0737 1140  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:57:30.0768 1140  MSPCLOCK - ok
17:57:30.0784 1140  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:57:30.0815 1140  MSPQM - ok
17:57:30.0831 1140  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:57:30.0831 1140  MsRPC - ok
17:57:30.0877 1140  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:57:30.0909 1140  mssmbios - ok
17:57:30.0909 1140  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:57:30.0940 1140  MSTEE - ok
17:57:30.0971 1140  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:57:30.0971 1140  MTConfig - ok
17:57:31.0002 1140  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:57:31.0002 1140  Mup - ok
17:57:31.0049 1140  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
17:57:31.0111 1140  napagent - ok
17:57:31.0143 1140  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:57:31.0158 1140  NativeWifiP - ok
17:57:31.0221 1140  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:57:31.0267 1140  NDIS - ok
17:57:31.0283 1140  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:57:31.0299 1140  NdisCap - ok
17:57:31.0330 1140  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:57:31.0361 1140  NdisTapi - ok
17:57:31.0392 1140  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:57:31.0408 1140  Ndisuio - ok
17:57:31.0455 1140  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:57:31.0501 1140  NdisWan - ok
17:57:31.0548 1140  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:57:31.0564 1140  NDProxy - ok
17:57:31.0595 1140  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:57:31.0626 1140  NetBIOS - ok
17:57:31.0673 1140  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:57:31.0704 1140  NetBT - ok
17:57:31.0704 1140  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
17:57:31.0720 1140  Netlogon - ok
17:57:31.0798 1140  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
17:57:31.0845 1140  Netman - ok
17:57:31.0907 1140  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:57:31.0938 1140  NetMsmqActivator - ok
17:57:31.0954 1140  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:57:31.0969 1140  NetPipeActivator - ok
17:57:31.0985 1140  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
17:57:32.0016 1140  netprofm - ok
17:57:32.0032 1140  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:57:32.0047 1140  NetTcpActivator - ok
17:57:32.0063 1140  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:57:32.0063 1140  NetTcpPortSharing - ok
17:57:32.0235 1140  [ 39CBA1AE2A400EF99C3DEC9F9F601876 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
17:57:32.0313 1140  netw5v32 - ok
17:57:32.0578 1140  [ 6DE8D8D6E23F42D819EAE39FA3F6F31D ] NETwNs32        C:\Windows\system32\DRIVERS\NETwNs32.sys
17:57:32.0656 1140  NETwNs32 - ok
17:57:32.0703 1140  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:57:32.0718 1140  nfrd960 - ok
17:57:32.0749 1140  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:57:32.0796 1140  NlaSvc - ok
17:57:32.0859 1140  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess       C:\Program Files\CDBurnerXP\NMSAccessU.exe
17:57:32.0890 1140  NMSAccess - ok
17:57:32.0905 1140  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:57:32.0968 1140  Npfs - ok
17:57:32.0983 1140  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
17:57:33.0015 1140  nsi - ok
17:57:33.0030 1140  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:57:33.0046 1140  nsiproxy - ok
17:57:33.0108 1140  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:57:33.0139 1140  Ntfs - ok
17:57:33.0155 1140  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
17:57:33.0186 1140  Null - ok
17:57:33.0217 1140  [ 7F5D69A031BE0E7BDFB8126E1A212417 ] nuvotoncir      C:\Windows\system32\DRIVERS\nuvotoncir.sys
17:57:33.0233 1140  nuvotoncir - ok
17:57:33.0280 1140  [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
17:57:33.0311 1140  NVHDA - ok
17:57:33.0561 1140  [ 9A55250A7EDC9EA12DC3495F5E9F8703 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:57:33.0670 1140  nvlddmkm - ok
17:57:33.0717 1140  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:57:33.0732 1140  nvraid - ok
17:57:33.0748 1140  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:57:33.0763 1140  nvstor - ok
17:57:33.0795 1140  [ A52F94B75368B0C22A4E38334E2EFB4B ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:57:33.0810 1140  nvsvc - ok
17:57:33.0857 1140  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:57:33.0888 1140  nv_agp - ok
17:57:33.0935 1140  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:57:33.0966 1140  ohci1394 - ok
17:57:34.0013 1140  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:57:34.0029 1140  ose - ok
17:57:34.0060 1140  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:57:34.0091 1140  p2pimsvc - ok
17:57:34.0107 1140  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:57:34.0138 1140  p2psvc - ok
17:57:34.0153 1140  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:57:34.0169 1140  Parport - ok
17:57:34.0200 1140  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:57:34.0216 1140  partmgr - ok
17:57:34.0231 1140  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
17:57:34.0247 1140  Parvdm - ok
17:57:34.0263 1140  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:57:34.0278 1140  PcaSvc - ok
17:57:34.0325 1140  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
17:57:34.0341 1140  pci - ok
17:57:34.0372 1140  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
17:57:34.0387 1140  pciide - ok
17:57:34.0419 1140  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:57:34.0450 1140  pcmcia - ok
17:57:34.0465 1140  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
17:57:34.0481 1140  pcw - ok
17:57:34.0512 1140  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:57:34.0543 1140  PEAUTH - ok
17:57:34.0653 1140  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
17:57:34.0715 1140  pla - ok
17:57:34.0762 1140  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:57:34.0809 1140  PlugPlay - ok
17:57:34.0824 1140  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:57:34.0840 1140  PNRPAutoReg - ok
17:57:34.0855 1140  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:57:34.0887 1140  PNRPsvc - ok
17:57:34.0933 1140  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:57:34.0980 1140  PolicyAgent - ok
17:57:35.0027 1140  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
17:57:35.0043 1140  Power - ok
17:57:35.0089 1140  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:57:35.0121 1140  PptpMiniport - ok
17:57:35.0136 1140  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:57:35.0152 1140  Processor - ok
17:57:35.0183 1140  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
17:57:35.0199 1140  ProfSvc - ok
17:57:35.0214 1140  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:57:35.0230 1140  ProtectedStorage - ok
17:57:35.0245 1140  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:57:35.0261 1140  Psched - ok
17:57:35.0308 1140  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:57:35.0339 1140  ql2300 - ok
17:57:35.0355 1140  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:57:35.0370 1140  ql40xx - ok
17:57:35.0386 1140  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
17:57:35.0417 1140  QWAVE - ok
17:57:35.0417 1140  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:57:35.0433 1140  QWAVEdrv - ok
17:57:35.0495 1140  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
17:57:35.0526 1140  RapiMgr - ok
17:57:35.0557 1140  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:57:35.0589 1140  RasAcd - ok
17:57:35.0620 1140  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:57:35.0651 1140  RasAgileVpn - ok
17:57:35.0667 1140  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
17:57:35.0698 1140  RasAuto - ok
17:57:35.0713 1140  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:57:35.0745 1140  Rasl2tp - ok
17:57:35.0791 1140  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
17:57:35.0823 1140  RasMan - ok
17:57:35.0838 1140  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:57:35.0869 1140  RasPppoe - ok
17:57:35.0885 1140  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:57:35.0916 1140  RasSstp - ok
17:57:35.0963 1140  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:57:35.0979 1140  rdbss - ok
17:57:35.0994 1140  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:57:36.0010 1140  rdpbus - ok
17:57:36.0041 1140  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:57:36.0072 1140  RDPCDD - ok
17:57:36.0088 1140  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:57:36.0119 1140  RDPENCDD - ok
17:57:36.0135 1140  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:57:36.0150 1140  RDPREFMP - ok
17:57:36.0228 1140  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:57:36.0275 1140  RdpVideoMiniport - ok
17:57:36.0306 1140  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:57:36.0322 1140  RDPWD - ok
17:57:36.0384 1140  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:57:36.0431 1140  rdyboost - ok
17:57:36.0540 1140  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
17:57:36.0571 1140  RealNetworks Downloader Resolver Service - ok
17:57:36.0603 1140  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:57:36.0696 1140  RemoteAccess - ok
17:57:36.0712 1140  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:57:36.0743 1140  RemoteRegistry - ok
17:57:36.0790 1140  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:57:36.0821 1140  RFCOMM - ok
17:57:36.0837 1140  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:57:36.0883 1140  RpcEptMapper - ok
17:57:36.0899 1140  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
17:57:36.0915 1140  RpcLocator - ok
17:57:36.0930 1140  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
17:57:36.0961 1140  RpcSs - ok
17:57:36.0993 1140  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:57:37.0024 1140  rspndr - ok
17:57:37.0071 1140  [ F1813D9E031B0E2E090AC6489FFD1007 ] RT-USB          C:\Windows\system32\drivers\RT-USB.SYS
17:57:37.0117 1140  RT-USB - ok
17:57:37.0133 1140  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
17:57:37.0149 1140  SamSs - ok
17:57:37.0180 1140  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:57:37.0195 1140  sbp2port - ok
17:57:37.0227 1140  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:57:37.0258 1140  SCardSvr - ok
17:57:37.0289 1140  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:57:37.0351 1140  scfilter - ok
17:57:37.0414 1140  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
17:57:37.0461 1140  Schedule - ok
17:57:37.0507 1140  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:57:37.0570 1140  SCPolicySvc - ok
17:57:37.0601 1140  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:57:37.0617 1140  SDRSVC - ok
17:57:37.0648 1140  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:57:37.0679 1140  secdrv - ok
17:57:37.0710 1140  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
17:57:37.0741 1140  seclogon - ok
17:57:37.0741 1140  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
17:57:37.0773 1140  SENS - ok
17:57:37.0788 1140  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:57:37.0804 1140  SensrSvc - ok
17:57:37.0819 1140  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:57:37.0819 1140  Serenum - ok
17:57:37.0851 1140  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:57:37.0866 1140  Serial - ok
17:57:37.0913 1140  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:57:37.0929 1140  sermouse - ok
17:57:37.0975 1140  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:57:38.0007 1140  SessionEnv - ok
17:57:38.0038 1140  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:57:38.0069 1140  sffdisk - ok
17:57:38.0069 1140  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:57:38.0085 1140  sffp_mmc - ok
17:57:38.0116 1140  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:57:38.0116 1140  sffp_sd - ok
17:57:38.0163 1140  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:57:38.0194 1140  sfloppy - ok
17:57:38.0241 1140  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:57:38.0272 1140  SharedAccess - ok
17:57:38.0319 1140  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:57:38.0350 1140  ShellHWDetection - ok
17:57:38.0428 1140  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:57:38.0459 1140  sisagp - ok
17:57:38.0490 1140  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:57:38.0506 1140  SiSRaid2 - ok
17:57:38.0521 1140  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:57:38.0521 1140  SiSRaid4 - ok
17:57:38.0553 1140  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:57:38.0584 1140  Smb - ok
17:57:38.0631 1140  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:57:38.0646 1140  SNMPTRAP - ok
17:57:38.0646 1140  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:57:38.0662 1140  spldr - ok
17:57:38.0709 1140  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
17:57:38.0740 1140  Spooler - ok
17:57:38.0849 1140  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
17:57:38.0911 1140  sppsvc - ok
17:57:38.0943 1140  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:57:38.0974 1140  sppuinotify - ok
17:57:39.0021 1140  sptd - ok
17:57:39.0067 1140  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:57:39.0099 1140  srv - ok
17:57:39.0114 1140  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:57:39.0130 1140  srv2 - ok
17:57:39.0161 1140  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:57:39.0177 1140  SrvHsfHDA - ok
17:57:39.0208 1140  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
17:57:39.0223 1140  SrvHsfV92 - ok
17:57:39.0255 1140  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
17:57:39.0270 1140  SrvHsfWinac - ok
17:57:39.0301 1140  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:57:39.0317 1140  srvnet - ok
17:57:39.0333 1140  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:57:39.0364 1140  SSDPSRV - ok
17:57:39.0379 1140  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:57:39.0411 1140  SstpSvc - ok
17:57:39.0473 1140  [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
17:57:39.0504 1140  ssudmdm - ok
17:57:39.0582 1140  [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
17:57:39.0598 1140  StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:57:39.0598 1140  StarOpen - detected UnsignedFile.Multi.Generic (1)
17:57:39.0691 1140  [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
17:57:39.0707 1140  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
17:57:39.0707 1140  StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
17:57:39.0738 1140  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:57:39.0785 1140  stexstor - ok
17:57:39.0847 1140  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
17:57:39.0894 1140  StiSvc - ok
17:57:39.0941 1140  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:57:39.0972 1140  swenum - ok
17:57:40.0003 1140  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
17:57:40.0035 1140  swprv - ok
17:57:40.0081 1140  [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:57:40.0113 1140  SynTP - ok
17:57:40.0175 1140  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
17:57:40.0222 1140  SysMain - ok
17:57:40.0253 1140  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:57:40.0269 1140  TabletInputService - ok
17:57:40.0315 1140  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:57:40.0347 1140  TapiSrv - ok
17:57:40.0362 1140  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
17:57:40.0393 1140  TBS - ok
17:57:40.0471 1140  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:57:40.0518 1140  Tcpip - ok
17:57:40.0549 1140  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:57:40.0581 1140  TCPIP6 - ok
17:57:40.0627 1140  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:57:40.0643 1140  tcpipreg - ok
17:57:40.0674 1140  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:57:40.0690 1140  TDPIPE - ok
17:57:40.0737 1140  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:57:40.0737 1140  TDTCP - ok
17:57:40.0783 1140  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:57:40.0830 1140  tdx - ok
17:57:40.0861 1140  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:57:40.0893 1140  TermDD - ok
17:57:40.0939 1140  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
17:57:40.0986 1140  TermService - ok
17:57:41.0002 1140  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
17:57:41.0033 1140  Themes - ok
17:57:41.0033 1140  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
17:57:41.0064 1140  THREADORDER - ok
17:57:41.0080 1140  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
17:57:41.0111 1140  TrkWks - ok
17:57:41.0158 1140  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:57:41.0173 1140  TrustedInstaller - ok
17:57:41.0220 1140  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:57:41.0251 1140  tssecsrv - ok
17:57:41.0329 1140  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:57:41.0345 1140  TsUsbFlt - ok
17:57:41.0423 1140  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:57:41.0485 1140  tunnel - ok
17:57:41.0517 1140  TwonkyMedia - ok
17:57:41.0548 1140  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:57:41.0563 1140  uagp35 - ok
17:57:41.0595 1140  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:57:41.0626 1140  udfs - ok
17:57:41.0719 1140  [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
17:57:41.0751 1140  UI Assistant Service - ok
17:57:41.0797 1140  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:57:41.0829 1140  UI0Detect - ok
17:57:41.0860 1140  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:57:41.0875 1140  uliagpkx - ok
17:57:41.0922 1140  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
17:57:41.0969 1140  umbus - ok
17:57:42.0000 1140  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:57:42.0016 1140  UmPass - ok
17:57:42.0031 1140  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
17:57:42.0063 1140  upnphost - ok
17:57:42.0109 1140  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
17:57:42.0125 1140  USBAAPL - ok
17:57:42.0125 1140  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:57:42.0141 1140  usbccgp - ok
17:57:42.0172 1140  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:57:42.0219 1140  usbcir - ok
17:57:42.0250 1140  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:57:42.0265 1140  usbehci - ok
17:57:42.0297 1140  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:57:42.0312 1140  usbhub - ok
17:57:42.0328 1140  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:57:42.0343 1140  usbohci - ok
17:57:42.0390 1140  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:57:42.0421 1140  usbprint - ok
17:57:42.0437 1140  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:57:42.0453 1140  usbscan - ok
17:57:42.0499 1140  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:57:42.0531 1140  USBSTOR - ok
17:57:42.0593 1140  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:57:42.0640 1140  usbuhci - ok
17:57:42.0687 1140  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:57:42.0733 1140  usbvideo - ok
17:57:42.0780 1140  [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
17:57:42.0827 1140  usb_rndisx - ok
17:57:42.0858 1140  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
17:57:42.0874 1140  UxSms - ok
17:57:42.0889 1140  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
17:57:42.0905 1140  VaultSvc - ok
17:57:42.0921 1140  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:57:42.0936 1140  vdrvroot - ok
17:57:42.0967 1140  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
17:57:42.0999 1140  vds - ok
17:57:43.0030 1140  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:57:43.0045 1140  vga - ok
17:57:43.0045 1140  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:57:43.0077 1140  VgaSave - ok
17:57:43.0108 1140  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:57:43.0123 1140  vhdmp - ok
17:57:43.0186 1140  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:57:43.0233 1140  viaagp - ok
17:57:43.0233 1140  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
17:57:43.0248 1140  ViaC7 - ok
17:57:43.0279 1140  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
17:57:43.0295 1140  viaide - ok
17:57:43.0311 1140  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:57:43.0326 1140  volmgr - ok
17:57:43.0342 1140  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:57:43.0357 1140  volmgrx - ok
17:57:43.0373 1140  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:57:43.0389 1140  volsnap - ok
17:57:43.0420 1140  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:57:43.0435 1140  vsmraid - ok
17:57:43.0498 1140  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
17:57:43.0545 1140  VSS - ok
17:57:43.0560 1140  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:57:43.0576 1140  vwifibus - ok
17:57:43.0638 1140  [ 7090D3436EEB4E7DA3373090A23448F7 ] VWiFiFlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:57:43.0685 1140  VWiFiFlt - ok
17:57:43.0732 1140  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:57:43.0779 1140  vwifimp - ok
17:57:43.0794 1140  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
17:57:43.0825 1140  W32Time - ok
17:57:43.0935 1140  [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
17:57:43.0966 1140  W3SVC - ok
17:57:43.0966 1140  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:57:43.0981 1140  WacomPen - ok
17:57:43.0997 1140  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:57:44.0028 1140  WANARP - ok
17:57:44.0044 1140  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:57:44.0059 1140  Wanarpv6 - ok
17:57:44.0122 1140  [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
17:57:44.0137 1140  WAS - ok
17:57:44.0215 1140  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:57:44.0247 1140  WatAdminSvc - ok
17:57:44.0325 1140  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
17:57:44.0356 1140  wbengine - ok
17:57:44.0387 1140  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:57:44.0434 1140  WbioSrvc - ok
17:57:44.0465 1140  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
17:57:44.0481 1140  WcesComm - ok
17:57:44.0527 1140  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:57:44.0574 1140  wcncsvc - ok
17:57:44.0590 1140  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:57:44.0605 1140  WcsPlugInService - ok
17:57:44.0621 1140  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:57:44.0637 1140  Wd - ok
17:57:44.0683 1140  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:57:44.0715 1140  Wdf01000 - ok
17:57:44.0730 1140  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:57:44.0746 1140  WdiServiceHost - ok
17:57:44.0761 1140  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:57:44.0777 1140  WdiSystemHost - ok
17:57:44.0824 1140  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
17:57:44.0855 1140  WebClient - ok
17:57:44.0902 1140  [ F56A25B240391620B6E31ACF656F2018 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:57:44.0949 1140  Wecsvc - ok
17:57:44.0964 1140  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:57:44.0995 1140  wercplsupport - ok
17:57:45.0027 1140  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:57:45.0058 1140  WerSvc - ok
17:57:45.0089 1140  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:57:45.0105 1140  WfpLwf - ok
17:57:45.0229 1140  [ 78CFA1A99D68E2E1CC5AA1F8BA2F4C26 ] WHSConnector    C:\Program Files\Windows Home Server\WHSConnector.exe
17:57:45.0276 1140  WHSConnector - ok
17:57:45.0307 1140  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:57:45.0339 1140  WIMMount - ok
17:57:45.0354 1140  [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir      C:\Windows\system32\DRIVERS\winbondcir.sys
17:57:45.0354 1140  winbondcir - ok
17:57:45.0417 1140  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:57:45.0432 1140  WinDefend - ok
17:57:45.0463 1140  WinHttpAutoProxySvc - ok
17:57:45.0541 1140  [ 320B13F43726EB73B2D7AE8869AFAACE ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:57:45.0573 1140  Winmgmt - ok
17:57:45.0666 1140  [ 895AD0D039FAAE12D4C25E028051344C ] WinRM           C:\Windows\system32\WsmSvc.dll
17:57:45.0713 1140  WinRM - ok
17:57:45.0775 1140  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:57:45.0822 1140  WinUsb - ok
17:57:45.0853 1140  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:57:45.0885 1140  Wlansvc - ok
17:57:45.0947 1140  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:57:45.0963 1140  WmiAcpi - ok
17:57:46.0009 1140  [ A1BCA34F741D285E8A7CD3F3E734BBBD ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:57:46.0025 1140  wmiApSrv - ok
17:57:46.0103 1140  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:57:46.0150 1140  WMPNetworkSvc - ok
17:57:46.0165 1140  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:57:46.0181 1140  WPCSvc - ok
17:57:46.0212 1140  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:57:46.0228 1140  WPDBusEnum - ok
17:57:46.0259 1140  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:57:46.0306 1140  ws2ifsl - ok
17:57:46.0321 1140  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
17:57:46.0353 1140  wscsvc - ok
17:57:46.0353 1140  WSearch - ok
17:57:46.0446 1140  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:57:46.0509 1140  wuauserv - ok
17:57:46.0555 1140  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:57:46.0571 1140  WudfPf - ok
17:57:46.0571 1140  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:57:46.0587 1140  WUDFRd - ok
17:57:46.0633 1140  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:57:46.0665 1140  wudfsvc - ok
17:57:46.0696 1140  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:57:46.0711 1140  WwanSvc - ok
17:57:46.0758 1140  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
17:57:46.0774 1140  ZTEusbmdm6k - ok
17:57:46.0789 1140  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
17:57:46.0805 1140  ZTEusbnmea - ok
17:57:46.0805 1140  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
17:57:46.0821 1140  ZTEusbser6k - ok

elwebber · 01.03.2013, 18:18

Teil 2:

Code:

ATTFilter

17:57:46.0883 1140  ================ Scan global ===============================
17:57:46.0914 1140  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:57:46.0945 1140  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:57:46.0977 1140  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:57:47.0023 1140  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:57:47.0039 1140  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:57:47.0055 1140  [Global] - ok
17:57:47.0055 1140  ================ Scan MBR ==================================
17:57:47.0055 1140  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:57:47.0507 1140  \Device\Harddisk0\DR0 - ok
17:57:47.0507 1140  ================ Scan VBR ==================================
17:57:47.0507 1140  [ B5598119696079770A1C4FDC2D2C448F ] \Device\Harddisk0\DR0\Partition1
17:57:47.0523 1140  \Device\Harddisk0\DR0\Partition1 - ok
17:57:47.0569 1140  [ 30E19A67E6F93ABED2D82C73CBF5AC78 ] \Device\Harddisk0\DR0\Partition2
17:57:47.0569 1140  \Device\Harddisk0\DR0\Partition2 - ok
17:57:47.0569 1140  ============================================================
17:57:47.0569 1140  Scan finished
17:57:47.0569 1140  ============================================================
17:57:47.0585 0444  Detected object count: 5
17:57:47.0601 0444  Actual detected object count: 5
17:58:03.0294 0444  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:03.0294 0444  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:03.0294 0444  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:03.0294 0444  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:03.0310 0444  LoClntService ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:03.0310 0444  LoClntService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:03.0325 0444  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:03.0325 0444  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:03.0341 0444  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:03.0341 0444  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:59:55.0725 2972  ============================================================
17:59:55.0725 2972  Scan started
17:59:55.0725 2972  Mode: Manual; SigCheck; TDLFS; 
17:59:55.0725 2972  ============================================================
17:59:56.0099 2972  ================ Scan system memory ========================
17:59:56.0099 2972  System memory - ok
17:59:56.0099 2972  ================ Scan services =============================
17:59:56.0317 2972  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:59:56.0411 2972  1394ohci - ok
17:59:56.0505 2972  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
17:59:56.0536 2972  AAV UpdateService - ok
17:59:56.0598 2972  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:59:56.0629 2972  ACPI - ok
17:59:56.0676 2972  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:59:56.0723 2972  AcpiPmi - ok
17:59:56.0801 2972  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:59:56.0832 2972  AdobeFlashPlayerUpdateSvc - ok
17:59:56.0863 2972  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:59:56.0879 2972  adp94xx - ok
17:59:56.0895 2972  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:59:56.0910 2972  adpahci - ok
17:59:56.0926 2972  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:59:56.0941 2972  adpu320 - ok
17:59:56.0973 2972  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:59:56.0988 2972  AeLookupSvc - ok
17:59:57.0019 2972  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
17:59:57.0066 2972  AFD - ok
17:59:57.0097 2972  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
17:59:57.0113 2972  agp440 - ok
17:59:57.0144 2972  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
17:59:57.0144 2972  aic78xx - ok
17:59:57.0191 2972  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
17:59:57.0222 2972  ALG - ok
17:59:57.0238 2972  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:59:57.0269 2972  aliide - ok
17:59:57.0269 2972  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:59:57.0285 2972  amdagp - ok
17:59:57.0300 2972  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:59:57.0316 2972  amdide - ok
17:59:57.0347 2972  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:59:57.0347 2972  AmdK8 - ok
17:59:57.0378 2972  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:59:57.0378 2972  AmdPPM - ok
17:59:57.0425 2972  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:59:57.0456 2972  amdsata - ok
17:59:57.0487 2972  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:59:57.0503 2972  amdsbs - ok
17:59:57.0519 2972  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:59:57.0519 2972  amdxata - ok
17:59:57.0550 2972  [ 40C279A23BD43553BFBA6E88A9B38AE2 ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
17:59:57.0565 2972  AnyDVD - ok
17:59:57.0628 2972  [ D1AF38FBAC0DC7E6D796B0ED01707EE0 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
17:59:57.0659 2972  AppHostSvc - ok
17:59:57.0690 2972  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
17:59:57.0706 2972  AppID - ok
17:59:57.0737 2972  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:59:57.0768 2972  AppIDSvc - ok
17:59:57.0799 2972  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
17:59:57.0815 2972  Appinfo - ok
17:59:57.0877 2972  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:59:57.0909 2972  Apple Mobile Device - ok
17:59:57.0924 2972  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:59:57.0955 2972  arc - ok
17:59:57.0955 2972  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:59:57.0971 2972  arcsas - ok
17:59:58.0049 2972  [ 62893926092AD61C8839ED73D1DFE338 ] arXfrSvc        C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
17:59:58.0096 2972  arXfrSvc - ok
17:59:58.0221 2972  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:59:58.0252 2972  aspnet_state - ok
17:59:58.0267 2972  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:59:58.0299 2972  AsyncMac - ok
17:59:58.0330 2972  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
17:59:58.0345 2972  atapi - ok
17:59:58.0408 2972  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:59:58.0455 2972  AudioEndpointBuilder - ok
17:59:58.0470 2972  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:59:58.0501 2972  Audiosrv - ok
17:59:58.0533 2972  AVP - ok
17:59:58.0595 2972  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:59:58.0626 2972  AxInstSV - ok
17:59:58.0657 2972  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
17:59:58.0689 2972  b06bdrv - ok
17:59:58.0689 2972  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:59:58.0720 2972  b57nd60x - ok
17:59:58.0751 2972  [ 659A3A415BF36775449C8D6AFEE4A8FC ] BackupReader    C:\Windows\system32\DRIVERS\BackupReader.sys
17:59:58.0751 2972  BackupReader - ok
17:59:58.0798 2972  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:59:58.0798 2972  BDESVC - ok
17:59:58.0813 2972  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:59:58.0845 2972  Beep - ok
17:59:58.0891 2972  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
17:59:58.0954 2972  BFE - ok
17:59:58.0985 2972  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
17:59:59.0032 2972  BITS - ok
17:59:59.0032 2972  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:59:59.0047 2972  blbdrive - ok
17:59:59.0125 2972  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:59:59.0157 2972  Bonjour Service - ok
17:59:59.0203 2972  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:59:59.0219 2972  bowser - ok
17:59:59.0250 2972  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:59:59.0266 2972  BrFiltLo - ok
17:59:59.0281 2972  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:59:59.0297 2972  BrFiltUp - ok
17:59:59.0328 2972  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
17:59:59.0375 2972  Browser - ok
17:59:59.0391 2972  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:59:59.0406 2972  Brserid - ok
17:59:59.0422 2972  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:59:59.0437 2972  BrSerWdm - ok
17:59:59.0453 2972  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:59:59.0469 2972  BrUsbMdm - ok
17:59:59.0484 2972  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:59:59.0500 2972  BrUsbSer - ok
17:59:59.0531 2972  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
17:59:59.0547 2972  BthEnum - ok
17:59:59.0562 2972  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:59:59.0578 2972  BTHMODEM - ok
17:59:59.0593 2972  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:59:59.0609 2972  BthPan - ok
17:59:59.0656 2972  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
17:59:59.0671 2972  BTHPORT - ok
17:59:59.0703 2972  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
17:59:59.0734 2972  bthserv - ok
17:59:59.0781 2972  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
17:59:59.0781 2972  BTHUSB - ok
17:59:59.0796 2972  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:59:59.0827 2972  cdfs - ok
17:59:59.0859 2972  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:59:59.0874 2972  cdrom - ok
17:59:59.0921 2972  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:59:59.0968 2972  CertPropSvc - ok
17:59:59.0983 2972  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:00:00.0030 2972  circlass - ok
18:00:00.0077 2972  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
18:00:00.0093 2972  CLFS - ok
18:00:00.0139 2972  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:00:00.0155 2972  clr_optimization_v2.0.50727_32 - ok
18:00:00.0217 2972  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:00:00.0233 2972  clr_optimization_v4.0.30319_32 - ok
18:00:00.0264 2972  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:00:00.0264 2972  CmBatt - ok
18:00:00.0342 2972  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:00:00.0389 2972  cmdide - ok
18:00:00.0436 2972  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:00:00.0483 2972  CNG - ok
18:00:00.0514 2972  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:00:00.0529 2972  Compbatt - ok
18:00:00.0545 2972  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:00:00.0561 2972  CompositeBus - ok
18:00:00.0592 2972  COMSysApp - ok
18:00:00.0654 2972  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:00:00.0685 2972  crcdisk - ok
18:00:00.0763 2972  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:00:00.0810 2972  CryptSvc - ok
18:00:00.0904 2972  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:00:00.0982 2972  DcomLaunch - ok
18:00:01.0013 2972  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:00:01.0044 2972  defragsvc - ok
18:00:01.0075 2972  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:00:01.0091 2972  DfsC - ok
18:00:01.0138 2972  [ 6CC6C4B9D7B906A151AA094CA087B9F0 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
18:00:01.0153 2972  dg_ssudbus - ok
18:00:01.0185 2972  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:00:01.0200 2972  Dhcp - ok
18:00:01.0216 2972  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
18:00:01.0278 2972  discache - ok
18:00:01.0294 2972  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:00:01.0309 2972  Disk - ok
18:00:01.0356 2972  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:00:01.0387 2972  Dnscache - ok
18:00:01.0450 2972  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:00:01.0497 2972  dot3svc - ok
18:00:01.0559 2972  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
18:00:01.0590 2972  DPS - ok
18:00:01.0606 2972  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:00:01.0621 2972  drmkaud - ok
18:00:01.0668 2972  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:00:01.0715 2972  DXGKrnl - ok
18:00:01.0762 2972  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
18:00:01.0777 2972  EapHost - ok
18:00:01.0887 2972  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
18:00:01.0933 2972  ebdrv - ok
18:00:01.0980 2972  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
18:00:02.0011 2972  EFS - ok
18:00:02.0058 2972  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:00:02.0089 2972  ehRecvr - ok
18:00:02.0105 2972  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
18:00:02.0121 2972  ehSched - ok
18:00:02.0152 2972  [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL        C:\Windows\system32\Drivers\ElbyCDFL.sys
18:00:02.0167 2972  ElbyCDFL - ok
18:00:02.0183 2972  [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
18:00:02.0199 2972  ElbyCDIO - ok
18:00:02.0230 2972  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:00:02.0245 2972  elxstor - ok
18:00:02.0292 2972  [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
18:00:02.0308 2972  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
18:00:02.0308 2972  EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
18:00:02.0370 2972  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:00:02.0401 2972  ErrDev - ok
18:00:02.0448 2972  [ E91AB748B9EE327A8EE130F7E9C900F7 ] esClient        C:\Program Files\Windows Home Server\esClient.exe
18:00:02.0464 2972  esClient - ok
18:00:02.0495 2972  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
18:00:02.0526 2972  EventSystem - ok
18:00:02.0542 2972  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
18:00:02.0573 2972  exfat - ok
18:00:02.0604 2972  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:00:02.0635 2972  fastfat - ok
18:00:02.0667 2972  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
18:00:02.0713 2972  Fax - ok
18:00:02.0729 2972  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:00:02.0745 2972  fdc - ok
18:00:02.0760 2972  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
18:00:02.0776 2972  fdPHost - ok
18:00:02.0791 2972  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
18:00:02.0823 2972  FDResPub - ok
18:00:02.0838 2972  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:00:02.0854 2972  FileInfo - ok
18:00:02.0869 2972  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:00:02.0885 2972  Filetrace - ok
18:00:02.0901 2972  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:00:02.0916 2972  flpydisk - ok
18:00:02.0932 2972  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:00:02.0947 2972  FltMgr - ok
18:00:02.0994 2972  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
18:00:03.0025 2972  FontCache - ok
18:00:03.0088 2972  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:00:03.0119 2972  FontCache3.0.0.0 - ok
18:00:03.0135 2972  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:00:03.0135 2972  FsDepends - ok
18:00:03.0181 2972  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:00:03.0213 2972  Fs_Rec - ok
18:00:03.0259 2972  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:00:03.0291 2972  fvevol - ok
18:00:03.0306 2972  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:00:03.0322 2972  gagp30kx - ok
18:00:03.0353 2972  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:00:03.0369 2972  GEARAspiWDM - ok
18:00:03.0415 2972  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:00:03.0447 2972  gpsvc - ok
18:00:03.0462 2972  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:00:03.0478 2972  hcw85cir - ok
18:00:03.0540 2972  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:00:03.0571 2972  HdAudAddService - ok
18:00:03.0587 2972  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:00:03.0603 2972  HDAudBus - ok
18:00:03.0603 2972  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:00:03.0618 2972  HidBatt - ok
18:00:03.0634 2972  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:00:03.0649 2972  HidBth - ok
18:00:03.0665 2972  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:00:03.0681 2972  HidIr - ok
18:00:03.0696 2972  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
18:00:03.0727 2972  hidserv - ok
18:00:03.0759 2972  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
18:00:03.0774 2972  HidUsb - ok
18:00:03.0805 2972  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:00:03.0852 2972  hkmsvc - ok
18:00:03.0899 2972  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:00:03.0946 2972  HomeGroupListener - ok
18:00:03.0993 2972  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:00:04.0024 2972  HomeGroupProvider - ok
18:00:04.0039 2972  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:00:04.0055 2972  HpSAMD - ok
18:00:04.0102 2972  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:00:04.0164 2972  HTTP - ok
18:00:04.0195 2972  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:00:04.0211 2972  hwpolicy - ok
18:00:04.0242 2972  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:00:04.0273 2972  i8042prt - ok
18:00:04.0336 2972  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:00:04.0367 2972  IAANTMON - ok
18:00:04.0383 2972  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:00:04.0398 2972  iaStor - ok
18:00:04.0429 2972  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:00:04.0445 2972  iaStorV - ok
18:00:04.0523 2972  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:00:04.0554 2972  idsvc - ok
18:00:04.0570 2972  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:00:04.0585 2972  iirsp - ok
18:00:04.0648 2972  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:00:04.0695 2972  IKEEXT - ok
18:00:04.0773 2972  [ DA7DCB6565E68E3F95F043C4B01B8960 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:00:04.0819 2972  IntcAzAudAddService - ok
18:00:04.0851 2972  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:00:04.0866 2972  intelide - ok
18:00:04.0882 2972  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:00:04.0882 2972  intelppm - ok
18:00:04.0913 2972  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:00:04.0944 2972  IPBusEnum - ok
18:00:04.0960 2972  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:00:04.0975 2972  IpFilterDriver - ok
18:00:05.0038 2972  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:00:05.0069 2972  iphlpsvc - ok
18:00:05.0131 2972  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:00:05.0163 2972  IPMIDRV - ok
18:00:05.0209 2972  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:00:05.0241 2972  IPNAT - ok
18:00:05.0287 2972  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:00:05.0303 2972  iPod Service - ok
18:00:05.0319 2972  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:00:05.0334 2972  IRENUM - ok
18:00:05.0334 2972  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:00:05.0350 2972  isapnp - ok
18:00:05.0381 2972  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:00:05.0397 2972  iScsiPrt - ok
18:00:05.0412 2972  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
18:00:05.0428 2972  kbdclass - ok
18:00:05.0443 2972  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:00:05.0443 2972  kbdhid - ok
18:00:05.0459 2972  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
18:00:05.0475 2972  KeyIso - ok
18:00:05.0506 2972  [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
18:00:05.0537 2972  kl1 - ok
18:00:05.0553 2972  [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
18:00:05.0568 2972  kl2 - ok
18:00:05.0615 2972  [ D4C57824767D3ECBD89883A33F4FD87A ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
18:00:05.0646 2972  KLIF - ok
18:00:05.0662 2972  [ 6295A19003F935ECC6CCBE9E2376427B ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
18:00:05.0677 2972  KLIM6 - ok
18:00:05.0677 2972  [ 3DE1771C135328420315E21DDE229BBA ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
18:00:05.0693 2972  klmouflt - ok
18:00:05.0740 2972  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:00:05.0771 2972  KSecDD - ok
18:00:05.0802 2972  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:00:05.0818 2972  KSecPkg - ok
18:00:05.0849 2972  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:00:05.0911 2972  KtmRm - ok
18:00:05.0927 2972  [ 14F63A275C1BFF4D35E02DE1127E8A85 ] L1E             C:\Windows\system32\DRIVERS\L1E62x86.sys
18:00:05.0943 2972  L1E - ok
18:00:05.0958 2972  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:00:05.0989 2972  LanmanServer - ok
18:00:06.0036 2972  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:00:06.0083 2972  LanmanWorkstation - ok
18:00:06.0161 2972  [ 910344E2A984010435AE84783B25E5EB ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:00:06.0208 2972  LBTServ - ok
18:00:06.0239 2972  [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:00:06.0270 2972  LHidFilt - ok
18:00:06.0317 2972  [ AC2E68E3421AF857B8D438414E7AE31C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:00:06.0317 2972  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:00:06.0317 2972  LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:00:06.0379 2972  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:00:06.0426 2972  lltdio - ok
18:00:06.0457 2972  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:00:06.0489 2972  lltdsvc - ok
18:00:06.0489 2972  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:00:06.0520 2972  lmhosts - ok
18:00:06.0567 2972  [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:00:06.0582 2972  LMouFilt - ok
18:00:06.0629 2972  [ A67B289743CE824B930B54AC374926C1 ] LoClntService   C:\Program Files\Windows Home Server\LightsOutClientService.exe
18:00:06.0645 2972  LoClntService ( UnsignedFile.Multi.Generic ) - warning
18:00:06.0645 2972  LoClntService - detected UnsignedFile.Multi.Generic (1)
18:00:06.0676 2972  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:00:06.0691 2972  LSI_FC - ok
18:00:06.0723 2972  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:00:06.0738 2972  LSI_SAS - ok
18:00:06.0754 2972  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:00:06.0769 2972  LSI_SAS2 - ok
18:00:06.0785 2972  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:00:06.0801 2972  LSI_SCSI - ok
18:00:06.0816 2972  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
18:00:06.0832 2972  luafv - ok
18:00:06.0863 2972  [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter      C:\Windows\system32\drivers\massfilter.sys
18:00:06.0863 2972  massfilter - ok
18:00:06.0957 2972  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
18:00:07.0003 2972  McComponentHostService - ok
18:00:07.0035 2972  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:00:07.0081 2972  Mcx2Svc - ok
18:00:07.0097 2972  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:00:07.0113 2972  megasas - ok
18:00:07.0128 2972  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:00:07.0144 2972  MegaSR - ok
18:00:07.0175 2972  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
18:00:07.0191 2972  MMCSS - ok
18:00:07.0206 2972  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
18:00:07.0237 2972  Modem - ok
18:00:07.0237 2972  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:00:07.0253 2972  monitor - ok
18:00:07.0269 2972  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:00:07.0284 2972  mouclass - ok
18:00:07.0300 2972  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:00:07.0315 2972  mouhid - ok
18:00:07.0362 2972  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:00:07.0393 2972  mountmgr - ok
18:00:07.0471 2972  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:00:07.0503 2972  MozillaMaintenance - ok
18:00:07.0518 2972  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:00:07.0534 2972  mpio - ok
18:00:07.0565 2972  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:00:07.0596 2972  mpsdrv - ok
18:00:07.0643 2972  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:00:07.0674 2972  MpsSvc - ok
18:00:07.0705 2972  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:00:07.0721 2972  MRxDAV - ok
18:00:07.0768 2972  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:00:07.0783 2972  mrxsmb - ok
18:00:07.0830 2972  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:00:07.0861 2972  mrxsmb10 - ok
18:00:07.0877 2972  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:00:07.0893 2972  mrxsmb20 - ok
18:00:07.0939 2972  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
18:00:07.0955 2972  msahci - ok
18:00:07.0986 2972  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:00:08.0002 2972  msdsm - ok
18:00:08.0017 2972  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
18:00:08.0033 2972  MSDTC - ok
18:00:08.0064 2972  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:00:08.0095 2972  Msfs - ok
18:00:08.0111 2972  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:00:08.0127 2972  mshidkmdf - ok
18:00:08.0173 2972  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:00:08.0189 2972  msisadrv - ok
18:00:08.0205 2972  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:00:08.0236 2972  MSiSCSI - ok
18:00:08.0236 2972  msiserver - ok
18:00:08.0251 2972  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:00:08.0283 2972  MSKSSRV - ok
18:00:08.0283 2972  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:00:08.0314 2972  MSPCLOCK - ok
18:00:08.0329 2972  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:00:08.0361 2972  MSPQM - ok
18:00:08.0376 2972  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:00:08.0392 2972  MsRPC - ok
18:00:08.0423 2972  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:00:08.0439 2972  mssmbios - ok
18:00:08.0439 2972  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:00:08.0470 2972  MSTEE - ok
18:00:08.0485 2972  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:00:08.0485 2972  MTConfig - ok
18:00:08.0517 2972  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:00:08.0532 2972  Mup - ok
18:00:08.0563 2972  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
18:00:08.0595 2972  napagent - ok
18:00:08.0626 2972  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:00:08.0673 2972  NativeWifiP - ok
18:00:08.0719 2972  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:00:08.0751 2972  NDIS - ok
18:00:08.0766 2972  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:00:08.0782 2972  NdisCap - ok
18:00:08.0797 2972  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:00:08.0829 2972  NdisTapi - ok
18:00:08.0860 2972  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:00:08.0875 2972  Ndisuio - ok
18:00:08.0922 2972  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:00:08.0969 2972  NdisWan - ok
18:00:09.0016 2972  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:00:09.0031 2972  NDProxy - ok
18:00:09.0063 2972  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:00:09.0094 2972  NetBIOS - ok
18:00:09.0125 2972  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:00:09.0172 2972  NetBT - ok
18:00:09.0187 2972  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
18:00:09.0187 2972  Netlogon - ok
18:00:09.0219 2972  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
18:00:09.0250 2972  Netman - ok
18:00:09.0281 2972  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:00:09.0297 2972  NetMsmqActivator - ok
18:00:09.0312 2972  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:00:09.0312 2972  NetPipeActivator - ok
18:00:09.0328 2972  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
18:00:09.0359 2972  netprofm - ok
18:00:09.0375 2972  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:00:09.0390 2972  NetTcpActivator - ok
18:00:09.0390 2972  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:00:09.0406 2972  NetTcpPortSharing - ok
18:00:09.0577 2972  [ 39CBA1AE2A400EF99C3DEC9F9F601876 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
18:00:09.0640 2972  netw5v32 - ok
18:00:09.0843 2972  [ 6DE8D8D6E23F42D819EAE39FA3F6F31D ] NETwNs32        C:\Windows\system32\DRIVERS\NETwNs32.sys
18:00:09.0936 2972  NETwNs32 - ok
18:00:09.0967 2972  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:00:09.0983 2972  nfrd960 - ok
18:00:10.0030 2972  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:00:10.0061 2972  NlaSvc - ok
18:00:10.0123 2972  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess       C:\Program Files\CDBurnerXP\NMSAccessU.exe
18:00:10.0139 2972  NMSAccess - ok
18:00:10.0155 2972  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:00:10.0170 2972  Npfs - ok
18:00:10.0186 2972  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
18:00:10.0217 2972  nsi - ok
18:00:10.0234 2972  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:00:10.0249 2972  nsiproxy - ok
18:00:10.0327 2972  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:00:10.0358 2972  Ntfs - ok
18:00:10.0390 2972  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
18:00:10.0405 2972  Null - ok
18:00:10.0421 2972  [ 7F5D69A031BE0E7BDFB8126E1A212417 ] nuvotoncir      C:\Windows\system32\DRIVERS\nuvotoncir.sys
18:00:10.0436 2972  nuvotoncir - ok
18:00:10.0468 2972  [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
18:00:10.0483 2972  NVHDA - ok
18:00:10.0717 2972  [ 9A55250A7EDC9EA12DC3495F5E9F8703 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:00:10.0811 2972  nvlddmkm - ok
18:00:10.0858 2972  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:00:10.0873 2972  nvraid - ok
18:00:10.0889 2972  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:00:10.0904 2972  nvstor - ok
18:00:10.0920 2972  [ A52F94B75368B0C22A4E38334E2EFB4B ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:00:10.0936 2972  nvsvc - ok
18:00:10.0982 2972  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:00:11.0014 2972  nv_agp - ok
18:00:11.0045 2972  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:00:11.0060 2972  ohci1394 - ok
18:00:11.0092 2972  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:00:11.0107 2972  ose - ok
18:00:11.0138 2972  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:00:11.0154 2972  p2pimsvc - ok
18:00:11.0170 2972  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:00:11.0185 2972  p2psvc - ok
18:00:11.0216 2972  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:00:11.0232 2972  Parport - ok
18:00:11.0264 2972  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:00:11.0280 2972  partmgr - ok
18:00:11.0295 2972  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
18:00:11.0311 2972  Parvdm - ok
18:00:11.0342 2972  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:00:11.0358 2972  PcaSvc - ok
18:00:11.0389 2972  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
18:00:11.0436 2972  pci - ok
18:00:11.0467 2972  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
18:00:11.0483 2972  pciide - ok
18:00:11.0498 2972  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:00:11.0514 2972  pcmcia - ok
18:00:11.0545 2972  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
18:00:11.0545 2972  pcw - ok
18:00:11.0576 2972  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:00:11.0607 2972  PEAUTH - ok
18:00:11.0717 2972  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
18:00:11.0763 2972  pla - ok
18:00:11.0810 2972  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:00:11.0857 2972  PlugPlay - ok
18:00:11.0873 2972  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:00:11.0904 2972  PNRPAutoReg - ok
18:00:11.0919 2972  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:00:11.0935 2972  PNRPsvc - ok
18:00:11.0951 2972  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:00:11.0982 2972  PolicyAgent - ok
18:00:12.0029 2972  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
18:00:12.0107 2972  Power - ok
18:00:12.0138 2972  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:00:12.0169 2972  PptpMiniport - ok
18:00:12.0185 2972  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:00:12.0200 2972  Processor - ok
18:00:12.0231 2972  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
18:00:12.0247 2972  ProfSvc - ok
18:00:12.0264 2972  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:00:12.0264 2972  ProtectedStorage - ok
18:00:12.0295 2972  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:00:12.0310 2972  Psched - ok
18:00:12.0357 2972  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:00:12.0388 2972  ql2300 - ok
18:00:12.0404 2972  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:00:12.0420 2972  ql40xx - ok
18:00:12.0435 2972  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
18:00:12.0466 2972  QWAVE - ok
18:00:12.0466 2972  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:00:12.0482 2972  QWAVEdrv - ok
18:00:12.0544 2972  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
18:00:12.0576 2972  RapiMgr - ok
18:00:12.0591 2972  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:00:12.0622 2972  RasAcd - ok
18:00:12.0638 2972  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:00:12.0654 2972  RasAgileVpn - ok
18:00:12.0685 2972  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
18:00:12.0716 2972  RasAuto - ok
18:00:12.0732 2972  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:00:12.0763 2972  Rasl2tp - ok
18:00:12.0794 2972  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
18:00:12.0856 2972  RasMan - ok
18:00:12.0872 2972  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:00:12.0903 2972  RasPppoe - ok
18:00:12.0903 2972  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:00:12.0934 2972  RasSstp - ok
18:00:12.0981 2972  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:00:12.0997 2972  rdbss - ok
18:00:13.0012 2972  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:00:13.0028 2972  rdpbus - ok
18:00:13.0059 2972  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:00:13.0090 2972  RDPCDD - ok
18:00:13.0090 2972  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:00:13.0122 2972  RDPENCDD - ok
18:00:13.0137 2972  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:00:13.0153 2972  RDPREFMP - ok
18:00:13.0200 2972  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:00:13.0231 2972  RdpVideoMiniport - ok
18:00:13.0278 2972  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:00:13.0293 2972  RDPWD - ok
18:00:13.0340 2972  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:00:13.0356 2972  rdyboost - ok
18:00:13.0434 2972  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
18:00:13.0465 2972  RealNetworks Downloader Resolver Service - ok
18:00:13.0496 2972  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:00:13.0543 2972  RemoteAccess - ok
18:00:13.0558 2972  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:00:13.0590 2972  RemoteRegistry - ok
18:00:13.0621 2972  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:00:13.0636 2972  RFCOMM - ok
18:00:13.0652 2972  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:00:13.0668 2972  RpcEptMapper - ok
18:00:13.0683 2972  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
18:00:13.0699 2972  RpcLocator - ok
18:00:13.0714 2972  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
18:00:13.0746 2972  RpcSs - ok
18:00:13.0777 2972  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:00:13.0808 2972  rspndr - ok
18:00:13.0839 2972  [ F1813D9E031B0E2E090AC6489FFD1007 ] RT-USB          C:\Windows\system32\drivers\RT-USB.SYS
18:00:13.0855 2972  RT-USB - ok
18:00:13.0870 2972  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
18:00:13.0886 2972  SamSs - ok
18:00:13.0917 2972  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:00:13.0933 2972  sbp2port - ok
18:00:13.0948 2972  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:00:13.0980 2972  SCardSvr - ok
18:00:14.0026 2972  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:00:14.0058 2972  scfilter - ok
18:00:14.0104 2972  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
18:00:14.0151 2972  Schedule - ok
18:00:14.0182 2972  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:00:14.0229 2972  SCPolicySvc - ok
18:00:14.0276 2972  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:00:14.0292 2972  SDRSVC - ok
18:00:14.0323 2972  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:00:14.0338 2972  secdrv - ok
18:00:14.0370 2972  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
18:00:14.0401 2972  seclogon - ok
18:00:14.0401 2972  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
18:00:14.0432 2972  SENS - ok
18:00:14.0448 2972  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:00:14.0463 2972  SensrSvc - ok
18:00:14.0479 2972  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:00:14.0479 2972  Serenum - ok
18:00:14.0510 2972  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:00:14.0526 2972  Serial - ok
18:00:14.0557 2972  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:00:14.0572 2972  sermouse - ok
18:00:14.0604 2972  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:00:14.0635 2972  SessionEnv - ok
18:00:14.0666 2972  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:00:14.0713 2972  sffdisk - ok
18:00:14.0713 2972  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:00:14.0728 2972  sffp_mmc - ok
18:00:14.0728 2972  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:00:14.0744 2972  sffp_sd - ok
18:00:14.0775 2972  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:00:14.0791 2972  sfloppy - ok
18:00:14.0822 2972  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:00:14.0838 2972  SharedAccess - ok
18:00:14.0900 2972  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:00:14.0947 2972  ShellHWDetection - ok
18:00:14.0994 2972  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:00:15.0009 2972  sisagp - ok
18:00:15.0009 2972  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:00:15.0025 2972  SiSRaid2 - ok
18:00:15.0040 2972  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:00:15.0056 2972  SiSRaid4 - ok
18:00:15.0072 2972  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:00:15.0087 2972  Smb - ok
18:00:15.0118 2972  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:00:15.0134 2972  SNMPTRAP - ok
18:00:15.0150 2972  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:00:15.0150 2972  spldr - ok
18:00:15.0196 2972  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
18:00:15.0212 2972  Spooler - ok
18:00:15.0337 2972  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
18:00:15.0384 2972  sppsvc - ok
18:00:15.0430 2972  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:00:15.0477 2972  sppuinotify - ok
18:00:15.0477 2972  sptd - ok
18:00:15.0524 2972  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:00:15.0571 2972  srv - ok
18:00:15.0586 2972  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:00:15.0602 2972  srv2 - ok
18:00:15.0633 2972  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:00:15.0649 2972  SrvHsfHDA - ok
18:00:15.0680 2972  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
18:00:15.0696 2972  SrvHsfV92 - ok
18:00:15.0727 2972  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
18:00:15.0742 2972  SrvHsfWinac - ok
18:00:15.0758 2972  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:00:15.0774 2972  srvnet - ok
18:00:15.0805 2972  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:00:15.0836 2972  SSDPSRV - ok
18:00:15.0836 2972  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:00:15.0867 2972  SstpSvc - ok
18:00:15.0914 2972  [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
18:00:15.0945 2972  ssudmdm - ok
18:00:15.0976 2972  [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
18:00:15.0976 2972  StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:00:15.0976 2972  StarOpen - detected UnsignedFile.Multi.Generic (1)
18:00:16.0039 2972  [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
18:00:16.0070 2972  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
18:00:16.0070 2972  StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
18:00:16.0101 2972  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:00:16.0101 2972  stexstor - ok
18:00:16.0164 2972  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
18:00:16.0195 2972  StiSvc - ok
18:00:16.0226 2972  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:00:16.0257 2972  swenum - ok
18:00:16.0288 2972  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
18:00:16.0320 2972  swprv - ok
18:00:16.0351 2972  [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:00:16.0366 2972  SynTP - ok
18:00:16.0444 2972  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
18:00:16.0491 2972  SysMain - ok
18:00:16.0522 2972  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:00:16.0569 2972  TabletInputService - ok
18:00:16.0616 2972  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:00:16.0632 2972  TapiSrv - ok
18:00:16.0678 2972  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
18:00:16.0741 2972  TBS - ok
18:00:16.0803 2972  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:00:16.0834 2972  Tcpip - ok
18:00:16.0866 2972  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:00:16.0897 2972  TCPIP6 - ok
18:00:16.0944 2972  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:00:16.0990 2972  tcpipreg - ok
18:00:17.0022 2972  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:00:17.0037 2972  TDPIPE - ok
18:00:17.0068 2972  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:00:17.0100 2972  TDTCP - ok
18:00:17.0146 2972  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:00:17.0178 2972  tdx - ok
18:00:17.0209 2972  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:00:17.0256 2972  TermDD - ok
18:00:17.0287 2972  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
18:00:17.0318 2972  TermService - ok
18:00:17.0349 2972  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
18:00:17.0365 2972  Themes - ok
18:00:17.0380 2972  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
18:00:17.0396 2972  THREADORDER - ok
18:00:17.0412 2972  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
18:00:17.0443 2972  TrkWks - ok
18:00:17.0490 2972  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:00:17.0536 2972  TrustedInstaller - ok
18:00:17.0583 2972  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:00:17.0614 2972  tssecsrv - ok
18:00:17.0646 2972  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:00:17.0661 2972  TsUsbFlt - ok
18:00:17.0708 2972  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:00:17.0739 2972  tunnel - ok
18:00:17.0770 2972  TwonkyMedia - ok
18:00:17.0786 2972  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:00:17.0833 2972  uagp35 - ok
18:00:17.0864 2972  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:00:17.0895 2972  udfs - ok
18:00:17.0942 2972  [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
18:00:17.0973 2972  UI Assistant Service - ok
18:00:18.0004 2972  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:00:18.0020 2972  UI0Detect - ok
18:00:18.0051 2972  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:00:18.0051 2972  uliagpkx - ok
18:00:18.0098 2972  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
18:00:18.0129 2972  umbus - ok
18:00:18.0160 2972  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:00:18.0176 2972  UmPass - ok
18:00:18.0192 2972  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
18:00:18.0223 2972  upnphost - ok
18:00:18.0254 2972  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
18:00:18.0270 2972  USBAAPL - ok
18:00:18.0285 2972  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:00:18.0301 2972  usbccgp - ok
18:00:18.0332 2972  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:00:18.0348 2972  usbcir - ok
18:00:18.0394 2972  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
18:00:18.0426 2972  usbehci - ok
18:00:18.0441 2972  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:00:18.0457 2972  usbhub - ok
18:00:18.0472 2972  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:00:18.0488 2972  usbohci - ok
18:00:18.0519 2972  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:00:18.0535 2972  usbprint - ok
18:00:18.0550 2972  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:00:18.0566 2972  usbscan - ok
18:00:18.0597 2972  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:00:18.0613 2972  USBSTOR - ok
18:00:18.0660 2972  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:00:18.0691 2972  usbuhci - ok
18:00:18.0722 2972  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:00:18.0753 2972  usbvideo - ok
18:00:18.0784 2972  [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
18:00:18.0784 2972  usb_rndisx - ok
18:00:18.0816 2972  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
18:00:18.0847 2972  UxSms - ok
18:00:18.0847 2972  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
18:00:18.0862 2972  VaultSvc - ok
18:00:18.0878 2972  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:00:18.0878 2972  vdrvroot - ok
18:00:18.0925 2972  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
18:00:18.0956 2972  vds - ok
18:00:18.0972 2972  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:00:18.0987 2972  vga - ok
18:00:19.0003 2972  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:00:19.0018 2972  VgaSave - ok
18:00:19.0065 2972  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:00:19.0081 2972  vhdmp - ok
18:00:19.0112 2972  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:00:19.0128 2972  viaagp - ok
18:00:19.0128 2972  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
18:00:19.0143 2972  ViaC7 - ok
18:00:19.0174 2972  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
18:00:19.0174 2972  viaide - ok
18:00:19.0221 2972  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:00:19.0237 2972  volmgr - ok
18:00:19.0252 2972  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:00:19.0268 2972  volmgrx - ok
18:00:19.0284 2972  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:00:19.0299 2972  volsnap - ok
18:00:19.0315 2972  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:00:19.0330 2972  vsmraid - ok
18:00:19.0393 2972  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
18:00:19.0440 2972  VSS - ok
18:00:19.0440 2972  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:00:19.0455 2972  vwifibus - ok
18:00:19.0471 2972  [ 7090D3436EEB4E7DA3373090A23448F7 ] VWiFiFlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:00:19.0486 2972  VWiFiFlt - ok
18:00:19.0502 2972  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:00:19.0518 2972  vwifimp - ok
18:00:19.0549 2972  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
18:00:19.0580 2972  W32Time - ok
18:00:19.0642 2972  [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
18:00:19.0689 2972  W3SVC - ok
18:00:19.0705 2972  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:00:19.0720 2972  WacomPen - ok
18:00:19.0736 2972  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:00:19.0752 2972  WANARP - ok
18:00:19.0767 2972  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:00:19.0783 2972  Wanarpv6 - ok
18:00:19.0814 2972  [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
18:00:19.0830 2972  WAS - ok
18:00:19.0908 2972  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:00:19.0954 2972  WatAdminSvc - ok
18:00:20.0032 2972  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
18:00:20.0079 2972  wbengine - ok
18:00:20.0110 2972  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:00:20.0126 2972  WbioSrvc - ok
18:00:20.0142 2972  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
18:00:20.0157 2972  WcesComm - ok
18:00:20.0188 2972  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:00:20.0220 2972  wcncsvc - ok
18:00:20.0220 2972  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:00:20.0235 2972  WcsPlugInService - ok
18:00:20.0266 2972  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:00:20.0266 2972  Wd - ok
18:00:20.0329 2972  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:00:20.0360 2972  Wdf01000 - ok
18:00:20.0391 2972  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:00:20.0407 2972  WdiServiceHost - ok
18:00:20.0407 2972  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:00:20.0422 2972  WdiSystemHost - ok
18:00:20.0469 2972  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
18:00:20.0516 2972  WebClient - ok
18:00:20.0563 2972  [ F56A25B240391620B6E31ACF656F2018 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:00:20.0578 2972  Wecsvc - ok
18:00:20.0594 2972  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:00:20.0625 2972  wercplsupport - ok
18:00:20.0641 2972  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:00:20.0672 2972  WerSvc - ok
18:00:20.0672 2972  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:00:20.0703 2972  WfpLwf - ok
18:00:20.0781 2972  [ 78CFA1A99D68E2E1CC5AA1F8BA2F4C26 ] WHSConnector    C:\Program Files\Windows Home Server\WHSConnector.exe
18:00:20.0828 2972  WHSConnector - ok
18:00:20.0859 2972  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:00:20.0890 2972  WIMMount - ok
18:00:20.0906 2972  [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir      C:\Windows\system32\DRIVERS\winbondcir.sys
18:00:20.0906 2972  winbondcir - ok
18:00:20.0968 2972  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:00:21.0000 2972  WinDefend - ok
18:00:21.0000 2972  WinHttpAutoProxySvc - ok
18:00:21.0078 2972  [ 320B13F43726EB73B2D7AE8869AFAACE ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:00:21.0109 2972  Winmgmt - ok
18:00:21.0218 2972  [ 895AD0D039FAAE12D4C25E028051344C ] WinRM           C:\Windows\system32\WsmSvc.dll
18:00:21.0249 2972  WinRM - ok
18:00:21.0296 2972  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:00:21.0343 2972  WinUsb - ok
18:00:21.0374 2972  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:00:21.0405 2972  Wlansvc - ok
18:00:21.0436 2972  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:00:21.0452 2972  WmiAcpi - ok
18:00:21.0468 2972  [ A1BCA34F741D285E8A7CD3F3E734BBBD ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:00:21.0483 2972  wmiApSrv - ok
18:00:21.0561 2972  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:00:21.0608 2972  WMPNetworkSvc - ok
18:00:21.0639 2972  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:00:21.0655 2972  WPCSvc - ok
18:00:21.0686 2972  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:00:21.0733 2972  WPDBusEnum - ok
18:00:21.0748 2972  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:00:21.0780 2972  ws2ifsl - ok
18:00:21.0795 2972  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
18:00:21.0811 2972  wscsvc - ok
18:00:21.0811 2972  WSearch - ok
18:00:21.0904 2972  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
18:00:21.0951 2972  wuauserv - ok
18:00:21.0982 2972  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:00:21.0998 2972  WudfPf - ok
18:00:22.0014 2972  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:00:22.0014 2972  WUDFRd - ok
18:00:22.0060 2972  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:00:22.0107 2972  wudfsvc - ok
18:00:22.0154 2972  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:00:22.0201 2972  WwanSvc - ok
18:00:22.0232 2972  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
18:00:22.0248 2972  ZTEusbmdm6k - ok
18:00:22.0263 2972  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
18:00:22.0279 2972  ZTEusbnmea - ok
18:00:22.0279 2972  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
18:00:22.0294 2972  ZTEusbser6k - ok
18:00:22.0310 2972  ================ Scan global ===============================
18:00:22.0357 2972  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:00:22.0404 2972  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
18:00:22.0435 2972  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
18:00:22.0466 2972  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:00:22.0513 2972  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:00:22.0513 2972  [Global] - ok
18:00:22.0513 2972  ================ Scan MBR ==================================
18:00:22.0528 2972  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:00:22.0981 2972  \Device\Harddisk0\DR0 - ok
18:00:22.0996 2972  ================ Scan VBR ==================================
18:00:23.0043 2972  [ B5598119696079770A1C4FDC2D2C448F ] \Device\Harddisk0\DR0\Partition1
18:00:23.0043 2972  \Device\Harddisk0\DR0\Partition1 - ok
18:00:23.0074 2972  [ 30E19A67E6F93ABED2D82C73CBF5AC78 ] \Device\Harddisk0\DR0\Partition2
18:00:23.0074 2972  \Device\Harddisk0\DR0\Partition2 - ok
18:00:23.0074 2972  ============================================================
18:00:23.0074 2972  Scan finished
18:00:23.0074 2972  ============================================================
18:00:23.0090 4212  Detected object count: 5
18:00:23.0090 4212  Actual detected object count: 5
18:00:38.0097 4212  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
18:00:38.0097 4212  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:00:38.0097 4212  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:00:38.0097 4212  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:00:38.0113 4212  LoClntService ( UnsignedFile.Multi.Generic ) - skipped by user
18:00:38.0113 4212  LoClntService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:00:38.0113 4212  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:00:38.0113 4212  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:00:38.0113 4212  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
18:00:38.0113 4212  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip

Ich hoffe, es ist alles richtig so. Danke dir erst mal, für deine Mühe...

Gruß, Martin

cosinus · 02.03.2013, 01:34

Ist unauffällig

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

elwebber · 02.03.2013, 11:01

Zitat:

Ist unauffällig

Ist das jetzt gut oder schlecht...?

OK, hier mal die Logs:

1.) JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows 7 Home Premium x86
Ran by Martin on 02.03.2013 at 10:30:15,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2333831025-3955951830-617186472-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2333831025-3955951830-617186472-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440} 



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\web assistant
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_installer_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_installer_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{cc59e0f9-7e43-44fa-9faa-8377850bf205}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{cc59e0f9-7e43-44fa-9faa-8377850bf205}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Martin\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Martin\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Martin\AppData\Roaming\software4u"
Successfully deleted: [Folder] "C:\Program Files\software4u"
Successfully deleted: [Folder] "C:\ProgramData\ask" 



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\user.js
Successfully deleted: [File] C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\searchplugins\askcom.xml
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted the following from C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\prefs.js

user_pref("browser.newtabpage.pinned", "[{\"url\":\"hxxp://www.boerse.bz/\",\"title\":\"BoerseBZ\"},{\"url\":\"hxxp://mygully.com/\",\"title\":\"myGully.com\"},{\"url\":\"hxxp
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.incredibar.admin", false);
user_pref("extensions.incredibar.aflt", "orgnl");
user_pref("extensions.incredibar.cntry", "DE");
user_pref("extensions.incredibar.dfltLng", "");
user_pref("extensions.incredibar.dfltSrch", false);
user_pref("extensions.incredibar.did", "10643");
user_pref("extensions.incredibar.envrmnt", "production");
user_pref("extensions.incredibar.excTlbr", false);
user_pref("extensions.incredibar.hdrMd5", "FE8169F5D456393DA6D470FF1B732C21");
user_pref("extensions.incredibar.hmpg", false);
user_pref("extensions.incredibar.id", "5a44a8aa00000000000000215d6d55d6");
user_pref("extensions.incredibar.installerproductid", "26");
user_pref("extensions.incredibar.instlDay", "15602");
user_pref("extensions.incredibar.instlRef", "");
user_pref("extensions.incredibar.isDcmntCmplt", true);
user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1411:47:57");
user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
user_pref("extensions.incredibar.newTab", false);
user_pref("extensions.incredibar.noFFXTlbr", false);
user_pref("extensions.incredibar.ppd", "1");
user_pref("extensions.incredibar.prdct", "incredibar");
user_pref("extensions.incredibar.productid", "26");
user_pref("extensions.incredibar.prtnrId", "Incredibar");
user_pref("extensions.incredibar.sg", "none");
user_pref("extensions.incredibar.smplGrp", "none");
user_pref("extensions.incredibar.tlbrId", "base");
user_pref("extensions.incredibar.upn2", "6PQK6FBRDi");
user_pref("extensions.incredibar.upn2n", "92543607544421760");
user_pref("extensions.incredibar.vrsn", "1.5.11.14");
user_pref("extensions.incredibar.vrsnTs", "1.5.11.1411:47:57");
user_pref("extensions.incredibar.vrsni", "1.5.11.14");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10643");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "5a44a8aa00000000000000215d6d55d6");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15602");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "1");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQK6FBRDi&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6PQK6FBRDi");
user_pref("extensions.incredibar_i.upn2n", "92543607544421760");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1411:47:57");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Emptied folder: C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\minidumps [193 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.03.2013 at 10:33:15,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2.) adwcleaner

Code:

ATTFilter

# AdwCleaner v2.113 - Datei am 02/03/2013 um 10:35:28 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Martin - ASPIRE-6930
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Martin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\1adnpaxy.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2037 octets] - [02/03/2013 10:35:28]

########## EOF - C:\AdwCleaner[S1].txt - [2097 octets] ##########

3. OTL

Code:

ATTFilter

OTL logfile created on: 02.03.2013 10:42:52 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Eigene Dateien\Trojaner
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 68,89% Memory free
5,99 Gb Paging File | 5,02 Gb Available in Paging File | 83,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,62 Gb Total Space | 19,53 Gb Free Space | 13,89% Space Free | Partition Type: NTFS
Drive D: | 157,46 Gb Total Space | 8,33 Gb Free Space | 5,29% Space Free | Partition Type: NTFS
 
Computer Name: ASPIRE-6930 | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Eigene Dateien\Trojaner\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
PRC - C:\Program Files\1&1 Surf-Stick\AssistantServices.exe ()
PRC - C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Users\Martin\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Windows Home Server\LightsOutClientService.exe (AxoNet Software GmbH)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\55526078cc179d52a27d1731af7a219e\DeviceHost.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\588a5360aebb2b8371f9c6ff7215616e\Kies.Common.Multimedia.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\b04785775fdd28cb54ff837f57762aa0\Kies.Common.Util.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\27b7e5803ef4dfce348222b595f4aba1\Kies.Common.MainUI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\75568f572017a624789552ac1d070731\Kies.UI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f69842a59a80267c673735eab7b0bcd3\GongSolutions.Wpf.DragDrop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\4ec3b8c59353fcd0598cfc2590586879\Kies.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\8db51a0e07118635fb71b05f21937db8\Kies.Theme.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\b07ff83c3ce2fd8d3a938889f020552d\DevicePodcast.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\54c3c22053264729fde00785baf21eb9\DummyStorePlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\aaa553d73526328d450a142814849e40\DeviceVideo.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\e5334ab5e29c40a7af6223175123263b\DevicePhoto.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\233972a5ba7f8718ba70734134186b1a\DeviceMusic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\e2689f807ac87966b7e78f74ab677453\VideoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\c8a238c49512fddf15119a48f1c8e520\PhotoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\fb3e807ec2b98abd1a057ef3694499eb\Podcaster.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ff3157a926a4c62bd7c4fc462b44d4ae\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Pims\1d4bc56464a498daefb0b76677cdaac2\Kies.Common.Pims.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\521e8f5d3e1452cabfea9ea69659c679\Phonebook.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\ae43674e7f32b74f7713c0801bccc2fa\DeviceCommonLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\lib_Samsung_WitchPl#\0f6a68e21e4894592e16856189b20199\lib_Samsung_WitchPlaylist_v0.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\7b10f766948b52ef6d261b1a1aa8ee0a\Kies.Plugin.ContentsManagerLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\65f0d5e5052a4a71f5a72d778fa2cbb6\MusicManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\8bf212e316537432a2356c88f3bb6f4d\BATPlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\8bb1cf762dcfd25fa6fec281620a67e3\Kies.Common.MediaDB.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\017429623044d5a3e9aa2aeef7d00017\Kies.Common.StoreManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ca0b9f739dc8a16a0b45b07b6f1deae0\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\3b13bd2ffd57d5a08bfb85636513922d\Kies.Common.AllShare.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\7296ee8d41eeb2bcc543df81eea19ebe\Interop.FUSCryptLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\68bf9214584209eb5ebf209d1b95ac1e\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.CDBurnCOMLib\c1739a9b18cf8b334e60bfc1e4d126db\Interop.CDBurnCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5ff671ad98a74cfc1dee4a439fb8728e\Kies.Common.DeviceServiceLib.FileService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\d1baf93e68f207b043f0861c5ee2d7ea\Interop.DevFileServiceLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\57a3553bbf6667ae14d38bdb66f605a2\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.SyncService#\6169b94e04d363fb40d22ff30aaf24df\Interop.SyncServiceLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceManag#\d410d0b24dd23bff0ee0803559dd90ea\Interop.DeviceManagerLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\ed97f510e91aff4e4f00987ec1fb8b70\Interop.DeviceServiceModelDBLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2c72efd53cc6951822e9782f762e0950\Kies.Common.DeviceServiceLib.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceDataS#\0a17379e34031a7d1828d29a442a0b66\Interop.DeviceDataServiceLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.ConnectionM#\9f58a36246af15635bcce1b3ccc1c6d3\Interop.ConnectionManagerLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6e4f1bc2e9b41f984d67aa1cd7f65c3d\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\016586bd2a1964a0a519cbc522d2906d\Kies.Common.DeviceService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\7316848f01ce1da27fc2d701f32cae0d\Interop.PRPLAYERCORELib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\2a6cd90bb628de35d70c9dba6897d013\Kies.Common.DBManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0969ff5a4924da7d8c6ebd3fca8f154b\ICSharpCode.SharpZipLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\c7db33ddaee23e7ec8a3458fde5b50eb\Kies.Common.CRMManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\83ea8d246c90eeee2b100f01994eef5b\Kies.Locale.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\0bbdc52b6dd44363e4a194ee8bd8a460\Kies.MVVM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\7ed89054a3bdd9dbbf1cce0e0b592d78\Kies.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (arXfrSvc) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
SRV - (WHSConnector) -- C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
SRV - (esClient) -- C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (UI Assistant Service) -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (TwonkyMedia) -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe (PacketVideo)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LoClntService) -- C:\Program Files\Windows Home Server\LightsOutClientService.exe (AxoNet Software GmbH)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sptd) -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (NETwNs32) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RT-USB) -- C:\Windows\System32\drivers\RT-USB.SYS (Ross-Tech LLC)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (BackupReader) -- C:\Windows\System32\drivers\BackupReader.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (nuvotoncir) -- C:\Windows\System32\drivers\nuvotoncir.sys (Nuvoton Technology Corporation)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-21-2333831025-3955951830-617186472-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2333831025-3955951830-617186472-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2333831025-3955951830-617186472-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2333831025-3955951830-617186472-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 3D 1F 80 FA 78 CA 01  [binary data]
IE - HKU\S-1-5-21-2333831025-3955951830-617186472-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2333831025-3955951830-617186472-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2333831025-3955951830-617186472-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2333831025-3955951830-617186472-1001\..\SearchScopes\{BD00FBCD-B3F9-492D-97D5-68C2CE36DAC1}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2333831025-3955951830-617186472-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7BB0D70E72-2FC1-4b9f-A3D4-5921C854D906%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7Bb749fc7c-e949-447f-926c-3f4eed6accfe%7D:0.7.1.1
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: fdm_ffext%40freedownloadmanager.org:1.5.7.6
FF - prefs.js..extensions.enabledAddons: passworddepot%40acebit.com:6.2.2.0
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\passworddepot@acebit.com: C:\Program Files\AceBIT\Password Depot 6\Firefox\ [2013.01.17 09:28:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.02.27 23:30:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.02.27 23:30:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 23:36:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 23:36:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 23:36:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 23:36:19 | 000,000,000 | ---D | M]
 
[2009.11.27 10:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2013.02.20 09:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\1adnpaxy.default\extensions
[2012.12.13 23:05:09 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\1adnpaxy.default\extensions\fdm_ffext@freedownloadmanager.org
[2013.02.20 09:27:05 | 000,530,982 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.11 17:00:53 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2011.04.04 19:50:01 | 000,013,074 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi
[2012.01.09 22:25:57 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2013.02.16 20:44:03 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.22 07:11:23 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1adnpaxy.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.02.06 08:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.02.06 08:37:54 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2013.02.06 08:37:55 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2013.02.06 08:37:55 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2013.02.06 08:37:55 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2013.01.17 09:28:39 | 000,000,000 | ---D | M] (Password Depot Extension) -- C:\PROGRAM FILES\ACEBIT\PASSWORD DEPOT 6\FIREFOX
[2013.02.06 08:38:00 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.06.20 20:28:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2013.02.27 23:30:34 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.02.26 16:04:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.02 07:03:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.26 16:04:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.26 16:04:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.26 16:04:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.26 16:04:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files\AceBIT\Password Depot 6\pdIEAddOn32.dll (AceBIT)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2333831025-3955951830-617186472-1001\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKU\S-1-5-21-2333831025-3955951830-617186472-1001..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-2333831025-3955951830-617186472-1001..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-2333831025-3955951830-617186472-1001..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-2333831025-3955951830-617186472-1001..\Run: [Password Depot] C:\Program Files\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O4 - HKU\S-1-5-21-2333831025-3955951830-617186472-1001..\Run: [POEngine5]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Subscribe in RSS Popper - C:\Program Files\RSS Popper\ie_subscribe.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.15.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A4950E4-B26C-4362-A461-946B325BAA3A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3B8199C-F02E-41DB-A5A5-8328054E4992}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9f31bd0c-dae0-11de-b11f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9f31bd0c-dae0-11de-b11f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE /AUTORUN
O33 - MountPoints2\{9f31bd0c-dae0-11de-b11f-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{9f31bd0c-dae0-11de-b11f-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.02 10:30:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.02 10:30:05 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.02 10:27:34 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Martin\Desktop\JRT.exe
[2013.03.01 17:53:25 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Martin\Desktop\tdsskiller.exe
[2013.03.01 17:11:13 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Martin\Desktop\aswMBR.exe
[2013.03.01 16:40:46 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\mbar
[2013.02.28 21:02:33 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Trojaner
[2013.02.28 20:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013.02.28 20:39:07 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Real
[2013.02.27 23:31:42 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\RealNetworks
[2013.02.27 23:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013.02.27 23:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013.02.27 23:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013.02.27 23:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013.02.27 23:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2013.02.27 23:25:41 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\vlc
[2013.02.27 23:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.02.27 23:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.02.27 23:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.02.27 23:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.02.27 23:03:45 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.27 23:03:31 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.27 23:03:31 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.27 23:03:31 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.27 19:20:24 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.02.27 19:20:18 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.02.27 19:20:16 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 19:20:16 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 19:20:16 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 19:20:15 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.02.27 19:20:15 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 19:20:15 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 19:20:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 19:20:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 19:20:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 19:20:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 19:20:14 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.02.27 19:20:14 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.02.27 19:20:14 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.02.27 19:20:14 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.02.27 19:20:14 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.02.27 19:20:14 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.02.27 19:20:14 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.02.27 19:20:14 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.02.27 19:20:14 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.02.27 19:20:14 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.02.27 19:20:14 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.02.27 19:20:14 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.02.27 19:20:13 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.02.16 16:40:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.16 16:40:43 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.16 16:40:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.16 16:40:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.16 16:40:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.16 16:40:42 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.16 16:40:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.16 16:40:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.16 15:44:31 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.16 15:44:13 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.16 15:44:11 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.16 15:44:08 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.16 15:44:07 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.02.08 13:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.02.06 08:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.31 17:21:36 | 004,940,344 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxXtreme110.dll
[2013.01.31 17:21:36 | 000,104,504 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxUISettingsN100.dll
[2013.01.31 17:21:34 | 000,026,168 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxTPSW100.dll
[2013.01.31 17:21:32 | 001,360,952 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxTool110.dll
[2013.01.31 17:21:32 | 000,063,544 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxPXTree100.dll
[2013.01.31 17:21:28 | 000,127,544 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxMail100.dll
[2013.01.31 17:21:22 | 000,049,720 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXCurr100.dll
[2013.01.31 17:21:18 | 000,068,152 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxCI12.dll
[2013.01.31 17:21:16 | 000,207,416 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxBasics100.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.02 10:44:45 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.02 10:44:45 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.02 10:37:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.02 10:37:07 | 2411,876,352 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.02 10:28:53 | 000,594,019 | ---- | M] () -- C:\Users\Martin\Desktop\adwcleaner.exe
[2013.03.02 10:27:44 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Martin\Desktop\JRT.exe
[2013.03.02 10:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.01 17:53:28 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Martin\Desktop\tdsskiller.exe
[2013.03.01 17:52:01 | 000,000,512 | ---- | M] () -- C:\Users\Martin\Desktop\MBR.dat
[2013.03.01 17:12:32 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Martin\Desktop\aswMBR.exe
[2013.03.01 16:40:31 | 013,711,621 | ---- | M] () -- C:\Users\Martin\Desktop\mbar-1.01.0.1020.zip
[2013.02.28 21:49:58 | 000,002,910 | ---- | M] () -- C:\Users\Martin\Desktop\gmer_2.1.19115 - Verknüpfung.lnk
[2013.02.28 21:34:56 | 000,002,737 | ---- | M] () -- C:\Users\Martin\Desktop\OTL - Verknüpfung.lnk
[2013.02.28 21:04:18 | 000,000,190 | ---- | M] () -- C:\Users\Martin\defogger_reenable
[2013.02.27 23:31:04 | 000,001,284 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013.02.27 23:30:33 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013.02.27 23:30:33 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013.02.27 23:27:43 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.27 23:27:43 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.27 23:25:07 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.27 23:03:18 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.27 23:03:17 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.27 23:03:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.27 23:03:16 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.02.27 23:03:16 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.27 23:03:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.25 15:15:05 | 000,004,903 | ---- | M] () -- D:\Eigene Dateien\test.CSV
[2013.02.25 15:15:04 | 000,009,309 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Kommagetrennte Werte (Windows).EML
[2013.02.25 14:56:38 | 000,001,023 | ---- | M] () -- C:\Users\Martin\Desktop\Dropbox.lnk
[2013.02.20 11:52:53 | 000,759,812 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.20 11:52:53 | 000,704,022 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.20 11:52:53 | 000,169,690 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.20 11:52:53 | 000,138,646 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.16 18:21:55 | 000,371,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.08 22:08:55 | 000,002,751 | ---- | M] () -- C:\Users\Public\Desktop\Lexware financial office.lnk
[2013.02.08 13:06:50 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.08 13:06:50 | 000,001,964 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.01.31 17:21:36 | 004,940,344 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxXtreme110.dll
[2013.01.31 17:21:36 | 000,104,504 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxUISettingsN100.dll
[2013.01.31 17:21:34 | 000,026,168 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxTPSW100.dll
[2013.01.31 17:21:32 | 001,360,952 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxTool110.dll
[2013.01.31 17:21:32 | 000,063,544 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxPXTree100.dll
[2013.01.31 17:21:28 | 000,127,544 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxMail100.dll
[2013.01.31 17:21:22 | 000,049,720 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXCurr100.dll
[2013.01.31 17:21:18 | 000,068,152 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxCI12.dll
[2013.01.31 17:21:16 | 000,207,416 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxBasics100.dll
 
========== Files Created - No Company Name ==========
 
[2013.03.02 10:28:46 | 000,594,019 | ---- | C] () -- C:\Users\Martin\Desktop\adwcleaner.exe
[2013.03.01 17:52:01 | 000,000,512 | ---- | C] () -- C:\Users\Martin\Desktop\MBR.dat
[2013.03.01 16:40:18 | 013,711,621 | ---- | C] () -- C:\Users\Martin\Desktop\mbar-1.01.0.1020.zip
[2013.02.28 21:50:01 | 000,002,910 | ---- | C] () -- C:\Users\Martin\Desktop\gmer_2.1.19115 - Verknüpfung.lnk
[2013.02.28 21:35:01 | 000,002,737 | ---- | C] () -- C:\Users\Martin\Desktop\OTL - Verknüpfung.lnk
[2013.02.28 21:03:58 | 000,000,190 | ---- | C] () -- C:\Users\Martin\defogger_reenable
[2013.02.27 23:31:04 | 000,001,284 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013.02.27 23:25:07 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.25 15:15:04 | 000,009,309 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Kommagetrennte Werte (Windows).EML
[2013.02.25 15:14:54 | 000,004,903 | ---- | C] () -- D:\Eigene Dateien\test.CSV
[2013.02.08 13:06:50 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.09 12:09:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.01.09 12:09:00 | 000,014,624 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.10.29 12:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.10.29 12:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.10.29 12:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.10.29 12:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.10.29 12:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.10.15 08:22:43 | 000,007,625 | ---- | C] () -- C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
[2012.10.07 12:23:10 | 000,207,488 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2011.12.01 20:35:34 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.07.05 20:54:20 | 000,017,408 | ---- | C] () -- C:\Users\Martin\AppData\Local\WebpageIcons.db
[2011.05.13 09:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2011.05.13 09:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2011.05.13 09:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2011.03.11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2010.10.15 21:09:14 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2010.10.06 14:03:04 | 000,004,096 | -H-- | C] () -- C:\Users\Martin\AppData\Local\keyfile3.drm
[2010.05.20 20:36:05 | 000,000,072 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.04.29 23:04:54 | 000,001,235 | ---- | C] () -- C:\Users\Martin\ASPIREHOME - Verknüpfung.lnk
[2010.01.21 20:41:41 | 000,211,456 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.07 11:40:05 | 000,000,094 | ---- | C] () -- C:\Users\Martin\AppData\Local\fusioncache.dat
[2009.12.05 10:19:57 | 000,065,943 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\mdbu.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012.08.21 14:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:74022CF48867CE37

< End of report >

4.) Extras

Code:

ATTFilter

OTL Extras logfile created on: 02.03.2013 10:42:53 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Eigene Dateien\Trojaner
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 68,89% Memory free
5,99 Gb Paging File | 5,02 Gb Available in Paging File | 83,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,62 Gb Total Space | 19,53 Gb Free Space | 13,89% Space Free | Partition Type: NTFS
Drive D: | 157,46 Gb Total Space | 8,33 Gb Free Space | 5,29% Space Free | Partition Type: NTFS
 
Computer Name: ASPIRE-6930 | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2333831025-3955951830-617186472-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A2D4735-93C5-4DF8-BBBA-4C57961988EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1586021A-F243-4505-B546-38B43F585684}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{17BEE3BD-968C-42F1-AD7D-63BA28C577DA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1D5D2C54-2D1B-40D3-9E02-C3ACA6F594EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1DF731B8-678F-4B37-8919-659700CDF1B1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{307FB5B6-CABE-4EC5-8EE0-6A985A4946CF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{37E0F4E6-CED9-42E6-A652-24A8AFBA07D7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{475A3DBE-0FA8-4519-AE1D-A9971425E29C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{56B0244E-2757-44E9-AD67-D3437B1034F4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{60BE370A-BFF8-47E3-8790-76604E41239D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{77108A95-17D2-4742-AC8D-4FA5D253BBFD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7A61AD38-A95A-4210-AE89-71AE1AEB88B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{801DAC19-A285-4576-9718-3C379B112095}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8D7AC2ED-C562-433C-AB80-E1C6D8F3899B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{90E5D086-C883-4F46-8761-8406098B204D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AAEBAE56-36FC-4317-A77E-D36A6A9651FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B6485AD6-DE65-4121-9368-9D74F07E2A69}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B73954DB-C9E3-4813-852E-437C69B29840}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BB5C48AB-8CFE-45E7-9011-3887DB8B2AF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C9A7DF88-2B57-408A-8208-B2AECBEEB98C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DB78429A-6AF2-433D-AD62-2772653DE55A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E24F0963-785B-4284-BB83-F1B215D94210}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E78B32CC-2D9C-4173-8B47-F17D80C10E4F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E88D5EC3-DD4C-4F6E-A32D-ADD2284A1EFF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F3444513-697A-487C-96A3-7F3B7F7E938A}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14AD98B9-FE6D-42D1-9E36-28C82F33C477}" = protocol=17 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe | 
"{1CCA7D1F-D414-4F5E-A13E-B80A21BADC46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{205550D1-B33A-4DA1-9AFB-CE330B74201C}" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3058EE40-D963-4DE4-9A44-20B9A8FCAB8B}" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{35D52E0E-E89D-48CB-8448-422DB069E783}" = protocol=6 | dir=out | app=system | 
"{580AF26B-2DCF-4CDF-8D66-DF75C8BCE8C6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5B2E9200-C88C-43A7-954E-74D73190CCAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6A7B65FD-0607-4AB0-8DBB-62DCB176C5A6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{7E01E5DF-A67F-4F15-BADD-F657AEA24F4E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8D106373-E5B7-4E53-A614-F79F73B531FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{91689A14-3698-4AEE-80E9-41EE4FA28B6B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9B3BE4EC-CE59-4D0F-ABC4-2444AB48D96F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3277B4C-8C4D-4C45-AAE8-A305E73C302A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B68F5F46-6DE5-4326-BC04-D702B72E6FE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BEEC77E1-6561-497E-81B5-8A79D96DB22E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BF130290-51F1-4F26-B344-914C708A0A97}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C7F057F9-E682-472F-A370-A2979206BC37}" = protocol=6 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe | 
"{D3E95EF8-1AD2-4193-BCF2-5AEA46A41456}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E2A4B924-8440-42E4-91C0-87675BDC8E7D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E62ED7CB-2472-4C36-ADC4-E068354C3DC3}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{E9F3111B-C2D5-4C43-99CF-92E48737DA6D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F8B7BCF0-57B4-43BE-87D9-ECBD9F5783FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F9B6A3FE-FC39-4C97-ABC5-72F11491E684}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FBA554BD-7E80-482D-BAFA-0999361019BF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{2EBC37F7-54B6-4477-9387-D7F55BF052F5}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{99DD22DC-4685-4294-8C9C-40B95D5C2DFD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{0F35038A-410E-4DEF-970D-77D08C23ABE6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{62B97621-E5BE-4293-A0F0-DB28247BB1A0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{119B91A7-1984-4256-BC34-348BA84143B1}" = Application Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D3858B1-226A-420D-9C9D-B51864E85429}" = Nuvoton CIR Device Driver
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C3B4D0D-7BA1-4CD8-8034-93D9A2175753}" = WISO Fahrtenbuch 2012
"{5AE08F40-EC9B-4B7E-B5A6-200A7E6DCB2A}" = Lexware financial office 2013
"{5EA333DC-8C33-4077-9BFE-2326F3FA505F}" = Lexware online banking
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{692F4201-AB4C-4795-9F42-123F0601F8B7}" = LightsOut Client
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CC673E7-5271-409D-B196-BB76DA60300B}" = TwonkyMedia Windows Components
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}" = LightScribe Applications
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A23AADDA-3DBF-11E2-A6F2-984BE15F174E}" = Evernote v. 4.6
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1" = Password Depot 6
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{BE618A02-45E7-4456-8277-D05BE76B9E1A}" = Geldtipps Homebanking 2011 1und1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
"{D9B00587-D56E-470C-9C89-106552A35FFA}" = PhotoSync
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E98E2A33-05D1-476B-B81B-40F4BD957056}" = Windows Home Server Home Computer Restore CD (Dual Boot)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F72E9C08-197C-4677-BE2B-1CBC90DAAD07}" = Lexware Elster
"{F8C279EA-C67F-4B99-8FAA-EF526D98D39C}" = WISO Fahrtenbuch 2011
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU 
"{FF748561-FFFE-11D3-A06B-00E02939A7B1}" = dakota.ag
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"0630-0716-3135-7887" = JDownloader 2
"3A22385941281AFEE4CDB6EE09AB8D0BF418CE17" = Windows Driver Package - Acer, Inc (androidusb) USB  (12/20/2011 1.0.0010.00000)
"812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1" = Outlook Backup Assistant 5 (Vollversion)
"AAA1ACCA6262EC232B355F1427BDDE4D745AFBC1" = Windows Driver Package - Linux Developer Community Net  (12/08/2011 5.1.2600.2781)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"A-Ray Scanner" = A-Ray Scanner 2.0.2.3
"AudibleDownloadManager" = Audible Download Manager
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"B4DFFB06B716298277125094C48185BFE8B5A7E1" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"Biet-O-Matic v2.12.5" = Biet-O-Matic v2.12.5
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"EPSON BX610FW Series" = Druckerdeinstallation für EPSON BX610FW Series
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Epson Stylus Office BX610FW_Office TX610FW_SX610FW Benutzerhandbuch" = Epson Stylus Office BX610FW_Office TX610FW_SX610FW Handbuch
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"FileZilla Client" = FileZilla Client 3.6.0.2
"Foxit Reader" = Foxit Reader
"Free Download Manager_is1" = Free Download Manager 3.9.2
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Google Calendar Sync" = Google Calendar Sync
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KONICA MINOLTA magicolor 2430DL" = KONICA MINOLTA magicolor 2430DL
"Lidl-Fotos_is1" = Lidl-Fotos
"LightsOut Client" = LightsOut Client
"Macro Express 3" = Macro Express 3
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 16.0" = RealPlayer
"RSS Popper" = RSS Popper
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TwonkyManager" = TwonkyManager
"VCDS PCI" = VCDS PCI 11.11
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2333831025-3955951830-617186472-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 02.03.2013 05:37:53 | Computer Name = Aspire-6930 | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
 initialisieren.
 
 
< End of report >

Bin gespannt auf Deine Einschätzungen...

Gruß, Martin

cosinus · 02.03.2013, 12:41

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

elwebber · 02.03.2013, 18:54

OK. Los gehts...

1.) Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.02.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Martin :: ASPIRE-6930 [Administrator]

Schutz: Deaktiviert

02.03.2013 12:55:48
mbam-log-2013-03-02 (12-55-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 269341
Laufzeit: 6 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

2.) Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0432da3d97c0c84d846743d4f7089de5
# engine=13283
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-02 03:44:38
# local_time=2013-03-02 04:44:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1285 16777214 100 100 14700 58563028 0 0
# compatibility_mode=5893 16776573 100 94 85631 113870269 0 0
# scanned=312838
# found=3
# cleaned=0
# scan_time=13085
sh=5F0690B0F4388030D9BD7D585D3605D928DE89ED ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6b407d14-11ea4d8e"
sh=00D7FA147426CE4E0B2ABE2ECBD92D7A3B22224E ft=1 fh=13b9e910662acede vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="D:\Eigene Dateien\DOWNLOADS\chip\fwrc11.exe"
sh=001D51FFE9F4207FD1DF3AACAE88EF226EE25664 ft=1 fh=978c084e624ab2c1 vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="D:\Eigene Dateien\DOWNLOADS\chip\PRO-ver355.exe"

Der OnlineScanner ist wohl fündig geworden, wobei der erste Fund genau der ist, wegen dem Kaspersky auch gemeckert hat. Ich bekam diese Datei im Kaspersky 2x angezeigt: einmal als desinfiziert und einmal als gelöscht.

Die anderen beiden sind uralte Dateien welche ich seid ihrem Download nicht mehr benutzt habe... Ich kann nicht mal mehr sagen, was für Programme das sind...

cosinus · 03.03.2013, 18:12

Das ist Adware (ErrorRepair), löschen wir mal mit OTL:

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:Files
D:\Eigene Dateien\DOWNLOADS\chip\fwrc11.exe
D:\Eigene Dateien\DOWNLOADS\chip\PRO-ver355.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

elwebber · 03.03.2013, 19:12

Ich habs durchgeführt.

Code:

ATTFilter

All processes killed
========== FILES ==========
D:\Eigene Dateien\DOWNLOADS\chip\fwrc11.exe moved successfully.
D:\Eigene Dateien\DOWNLOADS\chip\PRO-ver355.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
D:\Eigene Dateien\Trojaner\cmd.bat deleted successfully.
D:\Eigene Dateien\Trojaner\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 49724 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Martin
->Temp folder emptied: 1040600212 bytes
->Temporary Internet Files folder emptied: 6910179 bytes
->Java cache emptied: 2397235 bytes
->FireFox cache emptied: 222981983 bytes
->Flash cache emptied: 8240146 bytes
 
User: Public
 
User: test
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132036531 bytes
RecycleBin emptied: 118334241 bytes
 
Total Files Cleaned = 1.461,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 03032013_190453

Files\Folders moved on Reboot...
File\Folder C:\Users\Martin\AppData\Local\Temp\2011-10-04-1188731418_04-RG.PDF  not found!
File\Folder C:\Users\Martin\AppData\Local\Temp\2011-11-02-1199045298_04-RG.PDF  not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 03.03.2013, 20:46

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

elwebber · 04.03.2013, 07:42

Zitat:

Sieht ok aus. Wir sollten fast durch sein.

1.) MWAM

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.03.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Martin :: ASPIRE-6930 [Administrator]

Schutz: Deaktiviert

03.03.2013 20:59:05
mbam-log-2013-03-03 (20-59-05).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 268992
Laufzeit: 6 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

2.) Eset

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0432da3d97c0c84d846743d4f7089de5
# engine=13283
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-02 03:44:38
# local_time=2013-03-02 04:44:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1285 16777214 100 100 14700 58563028 0 0
# compatibility_mode=5893 16776573 100 94 85631 113870269 0 0
# scanned=312838
# found=3
# cleaned=0
# scan_time=13085
sh=5F0690B0F4388030D9BD7D585D3605D928DE89ED ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6b407d14-11ea4d8e"
sh=00D7FA147426CE4E0B2ABE2ECBD92D7A3B22224E ft=1 fh=13b9e910662acede vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="D:\Eigene Dateien\DOWNLOADS\chip\fwrc11.exe"
sh=001D51FFE9F4207FD1DF3AACAE88EF226EE25664 ft=1 fh=978c084e624ab2c1 vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="D:\Eigene Dateien\DOWNLOADS\chip\PRO-ver355.exe"
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0432da3d97c0c84d846743d4f7089de5
# engine=13289
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-03 11:41:00
# local_time=2013-03-04 12:41:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1285 16777214 100 100 19282 58678010 0 0
# compatibility_mode=5893 16776573 100 94 56132 113985251 0 0
# scanned=312119
# found=2
# cleaned=0
# scan_time=12835
sh=00D7FA147426CE4E0B2ABE2ECBD92D7A3B22224E ft=1 fh=13b9e910662acede vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="D:\_OTL\MovedFiles\03032013_190453\D_Eigene Dateien\DOWNLOADS\chip\fwrc11.exe"
sh=001D51FFE9F4207FD1DF3AACAE88EF226EE25664 ft=1 fh=978c084e624ab2c1 vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="D:\_OTL\MovedFiles\03032013_190453\D_Eigene Dateien\DOWNLOADS\chip\PRO-ver355.exe"

cosinus · 04.03.2013, 09:17

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

elwebber · 04.03.2013, 11:51

Hi Cosinus,

andere Funde oder Probleme gibt es bei mir derzeit nicht.

Kann ich jetzt davon ausgehen, daß der von Kaspersky gefunden Exploit keinen weiteren Schaden angerichtet hat?

Wäre ja echt super...

Das mit den Cookies werde ich mir mal anschauen. Darf ich dich bei eventuellen Fragen diesbezüglich nochmal belästigen?

Gruß, Martin

cosinus · 04.03.2013, 12:17

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Exploit.Java.CVE-2013-0422d von Kaspersky gefunden und gelöscht/desinfiziert. Was nun?

Log-Analyse und Auswertung: Exploit.Java.CVE-2013-0422d von Kaspersky gefunden und gelöscht/desinfiziert. Was nun?