Trojaner auf meinem Laptop (serialcodes_net[1].htm) + SpyHunter 4

BackBraker · 01.03.2013, 14:29

Hallo Community,

Also, ich habe gestern mal mit meinem Windows Defender, welcher Standardmässig auf meinem Betriebssystem (Windows 8) installiert ist, einen Scan gemacht. Dann ging ich aus reiner Neugierde mal auf die Schaltfläche "Verlauf" und schaute unter "Quarantäne" was da so drin war. Ich ging davon aus, dass es leer sein würde, da ja stand dass mein Laptop gesichert ist. Aber da war etwas drin. Bei der Beschreibung stand: Trojan:JS/Seedabutor.B
Dann ging ich auf die hilfe, und kam auf diese Seite: hxxp://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan%3aJS%2fSeedabutor.B&threatid=2147678632
Dann folgte ich dem Pfad, wo der Trojaner sein sollte. Das ist folgender:
"C:\Users\marco_000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G6N1RI7W\serialcodes_net[1].htm"
Ich war zuerst überrascht, da ich dachte, Quarantäne = Nicht "frei" aber da hatte ich mich wohl getäuscht. Dann nach einiger Recherche im Internet bin ich auf SpyHunter 4 gestossen. Davon habe ich mir dann die Testversion heruntergeladen. Später, also heute mittag stellte ich fest, dass das auch Malware sei

Ich hab mir auch noch einen anderen Virenscanner heruntergeladen: MalwareBytes.
Beim Scan mit SpyHunter wurden mir ca. 400 Bedrohungen angezeigt. Das meiste davon waren Cookies, denen ich vertraute, und der rest waren Programme von Microsoft. Bei Malwarebytes ist der Scan noch nicht fertig.
Ich habe vorhin in diesem Forum einen Thread gesehen, da hatte einer ein ähnliches Problem: http://www.trojaner-board.de/131463-...swerden-2.html doch da stand, dass man die Schritte nur machen soll, wenn man dazu aufgefordert wird. Und da ich auch noch ein anderes problem hatte, (also das mit dem Trojaner) dachte ich, ich mach nen neuen Thread auf.
Also hier noch einige Infos über mein System:
- Betriebssystem: Windows 8 Pro (Aktiviert und Legal)
- Prozessor: Intel Pentium Dual Core
- Installierter Arbeitsspeicher: 2Gb
- Betriebssystemart: 32bit System

Ja, ich denke das war jetzt alles. Wenn jemand noch was brauchen sollte, kann er einfach schreiben.

Ich hoffe jemand kann mir helfen die Viren loszuverden

Danke für Antworten.

Freundliche Grüsse: BackBraker

EDIT:Kann mir vielleicht jemand noch nen guten Virenschutz sagen? Denn Windows Defender vertrau ich jetzt nicht mehr so richtig

Danke.

EDIT2: Ich hatte zum Zeitpunkt wo es passierte noch eine Externe Festplatte angeschlossen. habe ich vorhin vergessen noch zu schreiben.

cosinus · 01.03.2013, 16:28

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

BackBraker · 01.03.2013, 16:54

Hallo,

Also Logs habe ich keine. Soweit ich weiss. Das sind doch Textdateien oder? Also der virenscan mit Malwarebytes ist immer noch am laufen. Der läuft jetzt schon geschlagene 6 stunden. aber ich hab beobachtet, da wo er das verzeichnis durchsucht hat wo der Virus drin ist, hat er oben bei den infizierten Objekten immer noch 0 angezeigt.

Mittlerweile hat er 387'000 Dateien durchsucht. Beim anderen, also bei SpyHunter waren es am schluss so um die 600'000 Dateien.

Ist das normal?

Nochmal zu den Logs. Was ist das und wo/wie finde ich die?

Danke.

EDIT:Aha, sorry, ich hab erst jetzt auf den Link geklickt. Also im Moment ist er ja noch am Scannen. Dann warte ich jetzt mal bis der Scan fertig ist und poste dann mal das Logfile. Sorry nochmal deswegen.

EDITEDIT: Ich hab jetzt mal eines vom Windows Defender gefunden. Meinst du so eins?

Code:

ATTFilter

Cache Classification stats at ‎Mi ‎Feb ‎27 ‎2013 09:18:46
1-->56544
2-->115
128-->48
**********Cache stats************
No. Of buckets -> 77482
Each Bucket has max capacity of -> 1 entries
number of Entries is 56707
Number of invalid entries is 0
Number of Inserts issued is 355408
Number of replaces issued is 0
Number of Insert failures is 3147
Number of lookups is 1242568
Number of misses is 877544
Number of false fast lookups is 134806
Number of invalidations is 3672
Number of maintenance invalidations is 25025
Current File Size is 1863680
Journal ID = 1cb82f8bd8cded2
Trusted image state = 2 USN = 8c5021df
Setup boot count = 2

Hilft dir das weiter?

BackBraker · 01.03.2013, 18:40

Hier ist mal ein Logfile. Kann dir das helfen?

BackBraker · 01.03.2013, 21:03

Hier ist nochmal ne Logfile:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.01.04

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16484
marco_000 :: MLAPTOP [Administrator]

01.03.2013 10:11:41
MBAM-log-2013-03-01 (21-02-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 739791
Laufzeit: 9 Stunde(n), 27 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows.old\$Recycle.Bin\S-1-5-21-2466340865-1282327161-4126441488-1001\$RQW70ZK.exe (PUP.BundleInstaller.BT) -> Keine Aktion durchgeführt.

(Ende)

cosinus · 02.03.2013, 01:28

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

BackBraker · 06.03.2013, 08:36

Hallo, ok ich hab jetzt mal den Scan gemacht. Hier ist das Logfile:

Code:

ATTFilter

OTL logfile created on: 06.03.2013 08:19:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\marco_000\Desktop
 Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 69.77% Memory free
3.43 Gb Paging File | 2.50 Gb Available in Paging File | 72.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 277.03 Gb Total Space | 39.73 Gb Free Space | 14.34% Space Free | Partition Type: NTFS
Drive D: | 20.76 Gb Total Space | 3.01 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 91.75 Mb Free Space | 92.36% Space Free | Partition Type: FAT32
 
Computer Name: MLAPTOP | User Name: marco_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\marco_000\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Windows\System32\taskhostex.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x86__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\System32\RuntimeBroker.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation)
PRC - C:\Windows\System32\dasHost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\CPUCooL\CooLSRV.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x86__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Virtual Router) -- C:\Programme\Virtual Router\VirtualRouterService.exe (Chris Pietschmann (hxxp://pietschsoft.com))
SRV - (wlidsvc) -- C:\Windows\System32\wlidsvc.dll (Microsoft Corporation)
SRV - (netprofm) -- C:\Windows\System32\netprofmsvc.dll (Microsoft Corporation)
SRV - (LSM) -- C:\Windows\System32\lsm.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TimeBroker) -- C:\Windows\System32\TimeBrokerServer.dll (Microsoft Corporation)
SRV - (SystemEventsBroker) -- C:\Windows\System32\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll (Microsoft Corporation)
SRV - (AudioEndpointBuilder) -- C:\Windows\System32\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WSService) -- C:\Windows\System32\WSService.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (fhsvc) -- C:\Windows\System32\fhsvc.dll (Microsoft Corporation)
SRV - (BrokerInfrastructure) -- C:\Windows\System32\bisrv.dll (Microsoft Corporation)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WiaRpc) -- C:\Windows\System32\wiarpc.dll (Microsoft Corporation)
SRV - (Wcmsvc) -- C:\Windows\System32\wcmsvc.dll (Microsoft Corporation)
SRV - (VaultSvc) -- C:\Windows\System32\vaultsvc.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (svsvc) -- C:\Windows\System32\svsvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (NcaSvc) -- C:\Windows\System32\NcaSvc.dll (Microsoft Corporation)
SRV - (NcdAutoSetup) -- C:\Windows\System32\NcdAutoSetup.dll (Microsoft Corporation)
SRV - (KeyIso) -- C:\Windows\System32\keyiso.dll (Microsoft Corporation)
SRV - (EFS) -- C:\Windows\System32\efssvc.dll (Microsoft Corporation)
SRV - (DsmSvc) -- C:\Windows\System32\DeviceSetupManager.dll (Microsoft Corporation)
SRV - (DeviceAssociationService) -- C:\Windows\System32\das.dll (Microsoft Corporation)
SRV - (AllUserInstallAgent) -- C:\Windows\System32\AUInstallAgent.dll (Microsoft Corporation)
SRV - (vmicvss) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmictimesync) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmicshutdown) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmicrdv) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmickvpexchange) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmicheartbeat) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (Te.Service) -- C:\Programme\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)
SRV - (fussvc) -- C:\Programme\Windows Kits\8.0\App Certification Kit\fussvc.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (CPUCooLServer) -- C:\Programme\CPUCooL\CooLSRV.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (msgpiowin32) -- C:\Windows\System32\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV - (pdc) -- C:\Windows\System32\Drivers\pdc.sys (Microsoft Corporation)
DRV - (BthAvrcpTg) -- C:\Windows\System32\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV - (bthhfhid) -- C:\Windows\System32\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV - (hidi2c) -- C:\Windows\System32\Drivers\hidi2c.sys (Microsoft Corporation)
DRV - (USBHUB3) -- C:\Windows\System32\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV - (FxPPM) -- C:\Windows\System32\Drivers\fxppm.sys (Microsoft Corporation)
DRV - (Dot4Print) -- C:\Windows\System32\Drivers\Dot4Prt.sys (Windows (R) Win 7 DDK provider)
DRV - (dot4) -- C:\Windows\System32\Drivers\Dot4.sys (Windows (R) Win 7 DDK provider)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (dam) -- C:\Windows\System32\Drivers\dam.sys (Microsoft Corporation)
DRV - (sdstor) -- C:\Windows\System32\Drivers\sdstor.sys (Microsoft Corporation)
DRV - (cnghwassist) -- C:\Windows\System32\Drivers\cnghwassist.sys (Microsoft Corporation)
DRV - (USBXHCI) -- C:\Windows\System32\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV - (UCX01000) -- C:\Windows\System32\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV - (GPIOClx0101) -- C:\Windows\System32\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\Drivers\tpm.sys (Microsoft Corporation)
DRV - (vmx86) -- C:\Windows\System32\Drivers\vmx86.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\Drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\Drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\Drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\Drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\Drivers\hcmon.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\Drivers\vmusb.sys (VMware, Inc.)
DRV - (VSPerfDrv110) -- C:\Programme\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys (Microsoft Corporation)
DRV - (condrv) -- C:\Windows\System32\Drivers\condrv.sys (Microsoft Corporation)
DRV - (acpiex) -- C:\Windows\System32\Drivers\acpiex.sys (Microsoft Corporation)
DRV - (LSI_SSS) -- C:\Windows\System32\Drivers\lsi_sss.sys (LSI Corporation)
DRV - (EhStorTcgDrv) -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV - (EhStorClass) -- C:\Windows\System32\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV - (3ware) -- C:\Windows\System32\Drivers\3ware.sys (LSI)
DRV - (VSTXRAID) -- C:\Windows\System32\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV - (VerifierExt) -- C:\Windows\System32\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV - (UASPStor) -- C:\Windows\System32\Drivers\uaspstor.sys (Microsoft Corporation)
DRV - (storahci) -- C:\Windows\System32\Drivers\storahci.sys (Microsoft Corporation)
DRV - (spaceport) -- C:\Windows\System32\Drivers\spaceport.sys (Microsoft Corporation)
DRV - (mvumis) -- C:\Windows\System32\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV - (WFPLWFS) -- C:\Windows\System32\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV - (CLFS) -- C:\Windows\System32\Drivers\clfs.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\Drivers\terminpt.sys (Microsoft Corporation)
DRV - (WdFilter) -- C:\Windows\System32\Drivers\WdFilter.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\Drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\Drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\Drivers\storvsc.sys (Microsoft Corporation)
DRV - (WdBoot) -- C:\Windows\System32\Drivers\WdBoot.sys (Microsoft Corporation)
DRV - (BasicDisplay) -- C:\Windows\System32\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV - (mshidumdf) -- C:\Windows\System32\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV - (HyperVideo) -- C:\Windows\System32\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV - (BasicRender) -- C:\Windows\System32\Drivers\BasicRender.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\Drivers\vms3cap.sys (Microsoft Corporation)
DRV - (npsvctrig) -- C:\Windows\System32\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV - (kdnic) -- C:\Windows\System32\Drivers\kdnic.sys (Microsoft Corporation)
DRV - (acpitime) -- C:\Windows\System32\Drivers\acpitime.sys (Microsoft Corporation)
DRV - (gencounter) -- C:\Windows\System32\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV - (acpipagr) -- C:\Windows\System32\Drivers\acpipagr.sys (Microsoft Corporation)
DRV - (WpdUpFltr) -- C:\Windows\System32\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\Drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (hyperkbd) -- C:\Windows\System32\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV - (SerCx) -- C:\Windows\System32\Drivers\SerCx.sys (Microsoft Corporation)
DRV - (SpbCx) -- C:\Windows\System32\Drivers\SpbCx.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\Drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\Drivers\winusb.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (BthHFEnum) -- C:\Windows\System32\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\Drivers\dmvsc.sys (Microsoft Corporation)
DRV - (wpcfltr) -- C:\Windows\System32\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV - (NdisImPlatform) -- C:\Windows\System32\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV - (MsLldp) -- C:\Windows\System32\Drivers\mslldp.sys (Microsoft Corporation)
DRV - (Ndu) -- C:\Windows\System32\Drivers\Ndu.sys (Microsoft Corporation)
DRV - (RTL8168) -- C:\Windows\System32\Drivers\Rt630x86.sys (Realtek                                            )
DRV - (vmci) -- C:\Windows\System32\Drivers\vmci.sys (VMware, Inc.)
DRV - (vsock) -- C:\Windows\System32\Drivers\vsock.sys (VMware, Inc.)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (ntiopnp) -- C:\Windows\System32\drivers\ntiopnp.sys ()
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2249306569-1139277834-1990699510-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\S-1-5-21-2249306569-1139277834-1990699510-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/
IE - HKU\S-1-5-21-2249306569-1139277834-1990699510-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH,de;q=0.5
IE - HKU\S-1-5-21-2249306569-1139277834-1990699510-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E AD 7B E4 CA D2 CD 01  [binary data]
IE - HKU\S-1-5-21-2249306569-1139277834-1990699510-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2249306569-1139277834-1990699510-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2249306569-1139277834-1990699510-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2249306569-1139277834-1990699510-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2249306569-1139277834-1990699510-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 199.119.76.111:3128
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: firefox%40mega.co.nz:1.0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\marco_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.28 09:19:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.28 09:19:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.28 09:19:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.28 09:19:00 | 000,000,000 | ---D | M]
 
[2013.02.22 08:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marco_000\AppData\Roaming\mozilla\Extensions
[2013.03.01 16:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marco_000\AppData\Roaming\mozilla\Firefox\Profiles\473p002m.default\extensions
[2013.02.28 09:13:53 | 000,004,366 | ---- | M] () (No name found) -- C:\Users\marco_000\AppData\Roaming\mozilla\firefox\profiles\473p002m.default\extensions\firefox@mega.co.nz.xpi
[2013.03.01 16:04:46 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\marco_000\AppData\Roaming\mozilla\firefox\profiles\473p002m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.28 09:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.28 09:19:35 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.25 10:36:14 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.26 05:17:20 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [WebTemp] "C:\Program Files\WebTemp\WebTemp.exe" File not found
O4 - HKU\S-1-5-21-2249306569-1139277834-1990699510-1002..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2249306569-1139277834-1990699510-1002..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2249306569-1139277834-1990699510-1002..\Run: [Lync] C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2249306569-1139277834-1990699510-1002..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73B0E0BF-06F7-4861-8800-50D6FE5B3EF3}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85E2D484-CB57-43D9-BE9A-F30814B9BD95}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FB3C0EB-C53D-4EEA-87F2-5FF5807C366C}: DhcpNameServer = 172.24.24.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3A1EC5E-A8B4-415A-9582-25AF694A0F78}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.07.26 07:52:25 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.06 08:17:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\marco_000\Desktop\OTL.exe
[2013.03.01 10:10:59 | 000,000,000 | ---D | C] -- C:\Users\marco_000\AppData\Roaming\Malwarebytes
[2013.03.01 10:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.01 10:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.01 10:10:38 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.01 10:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.01 09:30:02 | 000,000,000 | ---D | C] -- C:\Users\marco_000\AppData\Roaming\TuneUp Software
[2013.03.01 09:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.03.01 09:28:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.03.01 09:28:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.02.28 16:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.02.28 15:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.02.28 09:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.22 15:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.22 15:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.22 15:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.22 15:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.02.22 12:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2013.02.22 12:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013.02.22 12:45:52 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll
[2013.02.22 11:25:54 | 000,000,000 | ---D | C] -- C:\Users\marco_000\Documents\Updater
[2013.02.22 11:20:58 | 000,000,000 | ---D | C] -- C:\Users\marco_000\AppData\Local\93588BC3-0D6E-4DC9-85AB-B2C066AEB75E.aplzod
[2013.02.22 11:16:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2013.02.22 11:10:50 | 000,000,000 | ---D | C] -- C:\PS_CS2_Gr_NonRet
[2013.02.22 08:56:55 | 000,000,000 | ---D | C] -- C:\Users\marco_000\Documents\New Unity Project
[2013.02.22 08:55:48 | 000,000,000 | ---D | C] -- C:\Users\marco_000\AppData\Roaming\Unity
[2013.02.22 08:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Unity
[2013.02.22 08:32:20 | 000,000,000 | ---D | C] -- C:\Users\marco_000\AppData\Local\Unity
[2013.02.22 08:30:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects
[2013.02.22 08:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
[2013.02.22 08:30:10 | 000,000,000 | ---D | C] -- C:\Users\marco_000\AppData\Roaming\Mozilla
[2013.02.22 08:30:10 | 000,000,000 | ---D | C] -- C:\Users\marco_000\AppData\Local\Mozilla
[2013.02.22 08:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.02.22 08:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.02.22 08:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
[2013.02.22 08:08:42 | 000,000,000 | ---D | C] -- C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.02.15 13:15:05 | 000,000,000 | ---D | C] -- C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CPUCooL
[2013.02.15 13:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\CPUCooL
[2013.02.15 13:05:28 | 000,000,000 | ---D | C] -- C:\Users\marco_000\Desktop\Spiele
[2013.02.15 12:40:40 | 000,000,000 | ---D | C] -- C:\Users\marco_000\Desktop\TERA Daten
[2013.02.15 11:14:04 | 000,000,000 | ---D | C] -- C:\Users\marco_000\AppData\Local\Clipboarder
[2013.02.15 11:13:55 | 000,000,000 | ---D | C] -- C:\Users\marco_000\AppData\Local\Sidebar7
[2013.02.15 11:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8GadgetPack
[2013.02.15 11:11:08 | 000,000,000 | ---D | C] -- C:\Users\marco_000\AppData\Local\Chris_Pietschmann_(http__
[2013.02.15 10:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router
[2013.02.15 10:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Router
[2013.02.15 10:30:16 | 000,000,000 | ---D | C] -- C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013.02.15 10:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013.02.15 10:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2013.02.15 08:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA
[2013.02.15 08:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2013.02.15 08:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\TERA
[2013.02.15 08:27:29 | 003,400,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.15 08:26:55 | 005,554,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.15 08:26:43 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll
[2013.02.15 08:26:39 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2013.02.15 08:26:37 | 001,532,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlidsvc.dll
[2013.02.15 08:26:36 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netprofmsvc.dll
[2013.02.15 08:26:35 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2013.02.15 08:26:35 | 000,024,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msgpiowin32.sys
[2013.02.15 08:26:30 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.Networking.dll
[2013.02.15 08:26:30 | 000,349,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsm.dll
[2013.02.15 08:26:30 | 000,259,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.02.15 08:26:30 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2013.02.15 08:26:30 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srmstormod.dll
[2013.02.15 08:26:30 | 000,104,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dumpsd.sys
[2013.02.15 08:26:29 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2013.02.15 08:26:29 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srm.dll
[2013.02.15 08:26:29 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.Media.dll
[2013.02.15 08:26:29 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
[2013.02.15 08:24:42 | 002,881,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.15 08:24:42 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.15 08:24:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.02.15 08:24:42 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UXInit.dll
[2013.02.15 08:24:42 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.02.15 08:24:41 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.06 06:25:38 | 000,000,000 | ---D | C] -- C:\Users\marco_000\AppData\Local\libimobiledevice
[2013.02.05 15:55:02 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptsslp.dll
[2013.02.05 15:53:11 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SystemEventsBrokerServer.dll
[2013.02.05 15:53:11 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TimeBrokerServer.dll
[2013.02.05 15:53:02 | 000,330,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2013.02.05 15:52:55 | 000,975,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AppXDeploymentServer.dll
[2013.02.05 15:52:55 | 000,554,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AppXDeploymentExtensions.dll
[2013.02.05 15:52:44 | 002,799,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013.02.05 15:52:43 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2013.02.05 15:52:42 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebcamUi.dll
[2013.02.05 15:52:41 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmde.dll
[2013.02.05 15:52:40 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.02.05 15:52:40 | 000,302,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2013.02.05 15:52:39 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserLanguagesCpl.dll
[2013.02.05 15:52:39 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpnapps.dll
[2013.02.05 15:52:38 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\storagewmi.dll
[2013.02.05 15:52:38 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013.02.05 15:52:37 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013.02.05 15:52:37 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2013.02.05 15:52:37 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\storewuauth.dll
[2013.02.05 15:52:37 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\BthhfHid.sys
[2013.02.05 15:52:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2013.02.05 15:52:36 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds_ps.dll
[2013.02.05 15:52:36 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\BthAvrcpTg.sys
[2013.02.05 15:52:36 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\BtaMPM.sys
[2013.02.05 15:49:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2013.02.05 14:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.02.05 14:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.02.05 14:31:49 | 000,000,000 | ---D | C] -- C:\Users\marco_000\Desktop\evasi0n-win-1.0
[2013.02.05 13:06:16 | 000,000,000 | -H-D | C] -- C:\$SysReset
[2013.02.05 13:01:46 | 000,000,000 | ---D | C] -- C:\Users\marco_000\AppData\Local\Diagnostics
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.06 08:17:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\marco_000\Desktop\OTL.exe
[2013.03.06 08:14:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.01 22:19:52 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.03.01 22:19:47 | 2519,023,616 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.01 18:38:16 | 000,029,675 | ---- | M] () -- C:\Users\marco_000\Desktop\MPLog-07252012-230452.zip
[2013.03.01 10:10:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.01 09:08:28 | 000,061,952 | ---- | M] () -- C:\Users\marco_000\Desktop\ConsoleApplication3.exe
[2013.02.28 16:46:24 | 000,000,429 | ---- | M] () -- C:\Users\marco_000\Desktop\code.php
[2013.02.28 16:06:12 | 000,000,708 | ---- | M] () -- C:\Users\marco_000\AppData\Roaming\Ping Monitor_Settings.ini
[2013.02.28 09:13:05 | 000,797,432 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.28 09:13:05 | 000,747,768 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.28 09:13:05 | 000,174,342 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.28 09:13:05 | 000,147,548 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.27 08:02:37 | 000,425,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.22 15:34:42 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.22 12:54:29 | 000,001,343 | ---- | M] () -- C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.02.22 12:45:52 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll
[2013.02.22 10:29:38 | 000,007,601 | ---- | M] () -- C:\Users\marco_000\AppData\Local\Resmon.ResmonCfg
[2013.02.22 09:10:45 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2013.02.22 08:29:24 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.21 08:29:31 | 000,078,168 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.21 08:29:30 | 000,692,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.15 10:54:54 | 000,002,607 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk
[2013.02.15 10:30:16 | 000,000,969 | ---- | M] () -- C:\Users\marco_000\Desktop\SpeedFan.lnk
[2013.02.15 10:30:13 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2013.02.15 10:29:56 | 000,000,000 | ---- | M] () -- C:\Users\marco_000\Desktop\initdebug.nfo
[2013.02.05 14:35:56 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.05 14:20:25 | 000,000,000 | ---- | M] () -- C:\Users\marco_000\enable
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.01 17:09:32 | 000,029,675 | ---- | C] () -- C:\Users\marco_000\Desktop\MPLog-07252012-230452.zip
[2013.03.01 10:10:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.01 09:08:54 | 000,061,952 | ---- | C] () -- C:\Users\marco_000\Desktop\ConsoleApplication3.exe
[2013.02.28 16:24:03 | 000,000,429 | ---- | C] () -- C:\Users\marco_000\Desktop\code.php
[2013.02.27 17:04:11 | 000,000,708 | ---- | C] () -- C:\Users\marco_000\AppData\Roaming\Ping Monitor_Settings.ini
[2013.02.27 08:02:25 | 000,425,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.22 15:34:42 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.22 12:56:13 | 000,002,059 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2013.02.22 12:54:29 | 000,001,343 | ---- | C] () -- C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.02.22 12:51:39 | 000,002,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2013.02.22 12:47:24 | 000,001,279 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 7.0.lnk
[2013.02.22 11:14:55 | 000,002,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2013.02.22 11:14:55 | 000,002,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2013.02.22 08:30:53 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk
[2013.02.22 08:29:24 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.22 08:29:24 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.15 10:54:54 | 000,002,607 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk
[2013.02.15 10:30:16 | 000,000,969 | ---- | C] () -- C:\Users\marco_000\Desktop\SpeedFan.lnk
[2013.02.15 10:29:56 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2013.02.15 10:29:56 | 000,000,000 | ---- | C] () -- C:\Users\marco_000\Desktop\initdebug.nfo
[2013.02.15 08:26:29 | 000,386,577 | ---- | C] () -- C:\Windows\System32\ApnDatabase.xml
[2013.02.05 14:35:56 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.05 14:20:25 | 000,000,000 | ---- | C] () -- C:\Users\marco_000\enable
[2012.11.22 21:30:21 | 000,007,601 | ---- | C] () -- C:\Users\marco_000\AppData\Local\Resmon.ResmonCfg
[2012.11.16 12:02:10 | 000,014,161 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012.11.05 19:45:12 | 000,083,968 | ---- | C] () -- C:\Windows\System32\OEMLicense.dll
[2012.10.19 04:52:30 | 002,907,040 | ---- | C] () -- C:\Windows\System32\PortChanger.exe
[2012.07.26 09:41:52 | 000,797,432 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.07.26 09:41:52 | 000,305,546 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.07.26 09:41:52 | 000,174,342 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.07.26 09:41:52 | 000,040,390 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.07.26 07:55:27 | 000,747,768 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2012.07.26 07:55:27 | 000,296,742 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2012.07.26 07:55:27 | 000,147,548 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2012.07.26 07:55:27 | 000,033,362 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2012.07.26 07:53:47 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2012.07.26 07:53:46 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2012.07.26 07:03:55 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:20:38 | 000,071,680 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2012.07.25 21:41:36 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:25:49 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2012.07.25 21:25:49 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2012.07.25 21:25:49 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2012.07.25 21:24:47 | 000,526,068 | ---- | C] () -- C:\Windows\System32\staticurllist.bin
[2012.07.14 03:00:46 | 000,043,882 | ---- | C] () -- C:\Windows\System32\srms.dat
[2012.06.02 21:25:24 | 000,008,192 | ---- | C] () -- C:\Windows\System32\settings.dat
[2012.06.02 15:31:24 | 001,520,828 | ---- | C] () -- C:\Windows\System32\WpcNBModel.bin
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2011.09.15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
 
========== ZeroAccess Check ==========
 
[2012.11.28 13:02:10 | 000,074,560 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2249306569-1139277834-1990699510-1002\$RCW258X\Client\S1Game\CookedPC\Core.u
[2013.01.03 11:49:58 | 000,065,538 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2249306569-1139277834-1990699510-1002\$RCW258X\Client\S1Game\CookedPC\Editor.u
[2013.01.03 11:49:58 | 003,029,474 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2249306569-1139277834-1990699510-1002\$RCW258X\Client\S1Game\CookedPC\Engine.u
[2013.01.03 11:49:58 | 000,007,390 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2249306569-1139277834-1990699510-1002\$RCW258X\Client\S1Game\CookedPC\GameFramework.u
[2013.01.03 11:49:58 | 000,033,269 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2249306569-1139277834-1990699510-1002\$RCW258X\Client\S1Game\CookedPC\GFxUI.u
[2013.01.03 11:49:58 | 000,001,697 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2249306569-1139277834-1990699510-1002\$RCW258X\Client\S1Game\CookedPC\GFxUIEditor.u
[2013.01.03 11:49:58 | 000,002,623 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2249306569-1139277834-1990699510-1002\$RCW258X\Client\S1Game\CookedPC\GodHand.u
[2013.01.03 11:49:58 | 000,125,709 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2249306569-1139277834-1990699510-1002\$RCW258X\Client\S1Game\CookedPC\IpDrv.u
[2013.01.03 11:49:58 | 000,082,370 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2249306569-1139277834-1990699510-1002\$RCW258X\Client\S1Game\CookedPC\S1Game.u
[2013.01.03 11:49:58 | 000,115,606 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2249306569-1139277834-1990699510-1002\$RCW258X\Client\S1Game\CookedPC\UnrealEd.u
[2013.01.03 11:49:58 | 000,051,454 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2249306569-1139277834-1990699510-1002\$RCW258X\Client\S1Game\CookedPC\UnrealScriptTest.u
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012.07.26 04:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Hier ist noch das andere:

Code:

ATTFilter

OTL Extras logfile created on: 06.03.2013 08:19:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\marco_000\Desktop
 Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 69.77% Memory free
3.43 Gb Paging File | 2.50 Gb Available in Paging File | 72.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 277.03 Gb Total Space | 39.73 Gb Free Space | 14.34% Space Free | Partition Type: NTFS
Drive D: | 20.76 Gb Total Space | 3.01 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 91.75 Mb Free Space | 92.36% Space Free | Partition Type: FAT32
 
Computer Name: MLAPTOP | User Name: marco_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D08C1F0-252D-4B58-8DE6-E09EE0DD4F71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{12FBD9E8-3232-43AA-A449-DAD9C929A536}" = lport=139 | protocol=6 | dir=in | app=system | 
"{16395CE9-F991-4EE7-838B-87EC7465555C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1F1412DD-6FAF-45BE-B37E-A633A964BD2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2358BD83-761C-4371-BC60-5D36A912CF51}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{42C61B43-50FB-4303-AA19-1EDFF5C62CC7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{465698A5-375B-4506-8ABC-61254B54CA15}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4A43D6AA-3D91-47B5-8555-5B6ACA619815}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4FE56A17-431A-4898-8A6E-85A119BBD0B7}" = lport=3702 | protocol=17 | dir=in | app=c:\program files\microsoft visual studio 11.0\common7\ide\devenv.exe | 
"{5110EB59-E3C6-408A-B62A-B70459234084}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{55B1F480-885C-4D81-96D2-39337B6241BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{56D4F279-35B0-4009-BBDF-838B0BBE9031}" = rport=139 | protocol=6 | dir=out | app=system | 
"{58D28AE8-E51D-42F5-AFEF-8FCDF5009541}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{597594FC-72A8-42E6-8B7C-005A2AF38314}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A7317E6-2657-4C72-8711-C71BC8C29F41}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{70D05310-C7B9-4C42-8F06-B30882209605}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{73F83110-E92B-4599-9B68-69307675DA7F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{832D4542-BC26-43E7-9B8C-03599ED332F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{867FDB25-0FCE-4918-946D-BF3D3F1E747C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8E5564CB-F347-47A5-B42F-20D31148CBEE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{93D61083-A674-4CB2-A73C-C709124178DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{96BAFD91-DD7A-4B03-813D-1A6CC43DF094}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A405CD21-EE8D-4FD2-B7F6-D673928B9704}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | 
"{AA5DD1B0-B2F5-45EF-B161-3078BD3DCA55}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B60DD3EE-92C4-4442-BCD6-BADB091AD4DC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CD49FF4F-0E1B-4AFF-A369-652981BF04B8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CD4EAFC2-6BC8-4FC7-8DF1-1B84FCEC8E51}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D1DB58EF-790A-426B-B604-728ABC7A0C50}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DD13C469-B9A9-42DF-A7BE-0709AEFD8BA6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E72D4CC5-B26A-4541-BF88-B85B55A93DC4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EC6B4D91-1A37-49E6-8862-03CEF61C9B5B}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe | 
"{FC02EA9D-2F57-4977-9757-D27FF2A0DC32}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FE71E1CD-2CFC-42CB-B14A-FF72CD398EA0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F8F136-F7B2-4380-B881-8D4EF302B8AA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{08EE17E1-BE89-4672-BBE2-D1B0F7BB4C78}" = dir=out | name=@{microsoft.bingweather_1.5.1.245_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{096D6E6A-0A8D-470F-B406-48D68EFC8045}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{0EDA5D7D-0AAB-4042-A496-4D2042C13B0D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\metro 2033\metro2033.exe | 
"{121EB925-E6EE-43DF-9121-44AA1D10D965}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{12816A27-4C8A-4FAE-9A82-FB2CF794A320}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{13C7DC34-FF02-4C31-B6B9-C4ED89354330}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{18BB3CD2-10C7-494F-9CDB-AE6B64795156}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{1B7CDF6B-D703-4B4B-A9F7-0FC4485EF10B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1B8B7518-409A-4E05-BC1B-B65362BC4247}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1C0472F8-900B-4CCD-8FBA-AB735A69035C}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{20F43F75-BF49-4128-94EB-8CEE27BF062D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{22777E49-D5B5-446A-99B5-71D2CE3B5584}" = dir=out | name=@{microsoft.bing_1.2.0.137_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{27878AE3-80D8-49DC-81C7-16EA7FBCED63}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{31AF6D09-83DB-43B2-B8C9-FF1E6DA0BFBD}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{31BFF4F4-981C-4359-8924-DDA7115E3925}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{33AEDBBB-489F-4481-A283-B629089DAA8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{35EEA0ED-8C9C-4FA8-8C38-519EAE0FCC26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{37CB56A8-4CA8-4FEA-8AD7-0D76B8919CFB}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{38BCC784-5057-4FC0-90FA-BDC0EADA7D10}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\metro 2033\metro2033.exe | 
"{42E1A4C8-B8FA-48A5-9461-AB82CE7D1801}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{43DF90C9-BF4B-405C-9D53-6E667F718DFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{43ECE602-2B1A-4A3F-A5A2-B4DB98265FB6}" = dir=out | name=adera | 
"{4E2428CB-0953-4481-8F34-397BF7E2CA56}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{4FE7A56E-4B35-4BFB-80CD-CD82892F5B99}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{50E27924-9AB2-48CA-A28C-B8B5E8EF480D}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{516B3F3C-ABFB-4E5D-A052-588FF00E1D5F}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{5302212C-BB55-46A6-B9F6-114E39645FF9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{538D8F45-8916-4D71-8AEB-21C728EB366B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5AE64200-F0C3-411B-B106-C2D6C59EE70A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5CEC08E2-A76D-4209-961F-730A1E26773B}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{5DE959BB-FF85-4915-9718-51EA9DC6129E}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{5F832108-9335-4A71-A4F7-6F482313FD57}" = dir=out | name=@{microsoft.bingsports_1.5.1.249_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{67121308-F1CB-4B96-BE9C-2EF330774997}" = protocol=6 | dir=out | app=system | 
"{67E4A446-068B-4D21-BE56-F32EC2C22865}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6991406C-A5A2-4518-8AC5-B18D628DACA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{769A7619-EBC0-43DF-98AB-E5B0360D6508}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{77C2D87D-0E8C-482E-A214-64BC5D93F597}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{7E672808-9E39-45B5-847C-8AB8F8888F27}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{7F1E1112-E26E-4F89-975F-AA4DF86D3B75}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{82B16E9C-C11E-4EC4-8162-82CB2616631D}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{85D1739C-23F9-4EB5-83C6-2D4DD3981FDA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8A15FC0B-6D69-437E-938E-9BC79E5A7477}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{8A2E5030-E7BF-4616-8F94-A892B05DFB23}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{8C9DC88C-2ABB-4CE6-8612-1BC67B3AE24E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{8D4D85BC-17B2-4FA3-9A7A-324ECA412961}" = dir=out | name=google search | 
"{90053670-3B9D-4247-A914-6DC45CC8FAFF}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{905EE2BF-2AD0-4F35-8E7D-425E36545810}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{939D25C9-4D29-4CA0-B069-C55E3A1DDF05}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{967F14F6-C8D2-4C4E-9EFA-A5A40A9DA631}" = dir=out | name=@{microsoft.bingtravel_1.5.1.248_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{9726DB0B-1050-4D17-B6DB-B64DC25973F8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{9BC4EB54-2068-4F24-BD8D-4C03EC0AE433}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{A9A3D839-1B0D-4C41-AFFC-406BCE3B7820}" = dir=in | name=@{microsoft.bing_1.2.0.137_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{AE6B99EF-0927-4D5B-A4C6-A61C6E025410}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{AFB6ED68-6C8C-4934-9B2D-28F28718480A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B269406C-2CF8-41D1-B59B-5F49124624BD}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{B8D081AF-0CEB-4A8E-ADE7-5500798953BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BAE55C3E-8B15-44FA-8D8F-68CAE552166E}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{BD581B83-E837-4C79-ACF0-E6D91945E261}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{C219E18E-228E-4982-873D-DF7E3C353E94}" = dir=out | name=@{microsoft.bing_1.5.1.251_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{C281616B-D8A8-4CFC-AD1A-1A247AB5EF0F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C6C0D7A7-2332-406C-AAC1-E142D1093F83}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{C6EFE5C1-FE58-4556-8CE8-940CF9E78141}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{C8A3C53E-24EF-4D08-A951-16A29B5280FF}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{CD4046BF-882B-4B1F-A6AB-21A52B998766}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{CFAFA56C-8031-439B-BB53-D424566E5949}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{D56888D9-6AB6-442B-B597-EA3328A75B78}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{D82A07FF-E4C2-4526-B268-7EE1B5DB1DB1}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | 
"{DCC8530D-7FAA-4535-B23D-94A068A5D0DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DDF34B3A-49D7-40E6-91C8-424BB724A7B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DE17981A-D9A9-46D5-9568-CBD27BC5D403}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E7361F6C-6E29-45B0-BC30-E4A772472E64}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x86__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{E87C4EB6-6F4C-4E7F-8385-633B5F0CA2DD}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E92B375B-C6FF-4768-98BA-5B582E7459E4}" = dir=out | name=@{microsoft.zunemusic_1.1.137.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{EADEBD90-8F3A-4CB7-B861-9BB949BE110E}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{ED1CC8AE-BF69-4710-9BA0-3BDA20FDA7A1}" = dir=out | name=fresh paint | 
"{F4C9702C-A283-4670-A82A-67D1F1BA85CB}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | 
"{F9E510F6-7134-4DA4-973F-E1442AE971A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FADAA2F0-89FC-473F-AD21-1890D01C509A}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"TCP Query User{B03EB899-B7E0-4D39-96AB-BFC4A9973B9A}C:\program files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files\tera\tera-launcher.exe | 
"TCP Query User{C4A1EB69-F290-470F-90D5-B17916CFDBE3}C:\program files\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files\unity\editor\unity.exe | 
"UDP Query User{3ED70422-0D0E-43FF-BC07-CDBEB80F7E9C}C:\program files\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files\unity\editor\unity.exe | 
"UDP Query User{F78B9BDE-9663-4B80-A724-C7BC5C7A3C80}C:\program files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files\tera\tera-launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07AC2D83-E795-4AD5-970D-B9BD14A1E411}" = Microsoft ASP.NET MVC 3 - DEU
"{093C9565-E907-4ED8-8201-4C1DD25D34DF}" = Devenv-Ressourcen für Microsoft Visual Studio 2012
"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
"{0EEB6DAC-32D5-4D1A-B795-7023D6AB9F13}" = Blend for Visual Studio 2012 DEU resources
"{13BD574A-7F41-420A-B486-7A2D4CEB7F3B}" =  Tools for .Net 3.5 - DEU Lang Pack
"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
"{1690CE56-2231-4E59-9006-A0876D949EA8}" =  Tools for .Net 3.5
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4DF099-EA5C-482D-9901-C0A8B539B417}" = Microsoft Web Platform Installer 4.0
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 10
"{28C7A4BB-3966-4373-8376-C11F38290630}" = Microsoft SQL Server 2012 T-SQL Language Service 
"{2A3CC014-FA33-4027-AECD-9A4845223209}" = Microsoft SQL Server 2012 Native Client 
"{2B231D3B-39B5-301A-9891-0847433885BC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools DEU Language Pack
"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
"{2CB523DF-A3C2-4A7C-8848-53898F6D6F87}" = PreEmptive Analytics Client German Language Pack
"{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
"{2F8F489A-0476-3129-857B-A553F38B192D}" = Microsoft Visual C++ 2012 Core Libraries
"{30640168-E261-4261-B8FF-7FA5E0F6A2F1}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom 
"{30C27CAE-9266-3B47-837D-193C16EDB811}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.51106
"{3226C9CF-31C7-4FF4-8F41-D5A65795EE80}" = Microsoft ASP.NET MVC 4 Runtime - DEU
"{32AA0D69-0E45-4331-A435-74716E4EA0AC}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools - DEU
"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
"{3E24A4D9-7CA0-378E-A9EB-74A20A496F6E}" = Microsoft LightSwitch für Visual Studio 2012 CoreRes - DEU
"{3FB583E8-0964-4421-847C-5FA285611C69}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - DEU
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}" = Microsoft-System-CLR-Typen für SQL Server 2012
"{57D782D7-49FD-48DE-AB47-A690A1519A2D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
"{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
"{59D87F40-6C4B-4F80-A42B-FAA0E6EAFAB6}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
"{5A893648-0883-4027-B85B-C6F84BD9F41C}" = JavaScript Tooling
"{5CBB00A9-CAA2-406A-B149-65343CD6A86E}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service 
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5DF14486-5A27-45FB-AA77-1426364F9571}" = JavaScript Tooling
"{5E591A43-4424-417D-946D-C0A7559989A1}" = Microsoft Visual C++ 2012 x86-x64 Compilers
"{60B8C5F3-7B6B-48F8-ADA0-FB75DB4F4E19}" = Microsoft Visual Studio 2012-Leistungserfassungstools
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{66efbe1c-fcf5-4623-93f6-1ae2445aff93}" = Microsoft Visual Studio Professional 2012
"{6902342D-D3C8-316A-B44B-48024F3EBAB8}" = Microsoft Visual C++ 2012 Extended Libraries
"{6B5FEDC9-AC82-4F3F-AA55-F21881802F56}" = WCF Data Services 5.0 (for OData v3) DEU Language Pack
"{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}" = Microsoft SQL Server 2012 Management Objects
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
"{70D065C3-77E5-45E9-A75C-EEB2E84EA869}" = Erforderliche Komponenten für SSDT 
"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CC4FADE-70AC-4560-9418-639D71A4767C}" = Microsoft SQL Server Compact 4.0 SP1 DEU
"{7CF5BC92-CC36-4F92-9962-E84DAAFAFFBD}" = Microsoft Visual C++ 2012 Compilers
"{7D5CE450-30A2-35F6-A5B4-53847D2E3175}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{80054F6B-11DA-40F6-8306-F9AB2F9074EB}" = Microsoft Visual Studio 2012 Tools für SQL Server Compact 4.0 SP1 DEU
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{80888246-E4CC-434E-930A-4891EB8AF29D}" = Visual Studio Extensions for Windows Library for JavaScript
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{8246B294-BF29-4AA9-93B8-BCE384732566}" = Microsoft Visual C++ 2012 Compilers - DEU Resources
"{86756584-C41A-4CA3-B42D-4768C7720F56}" = Microsoft Web Deploy dbSqlPackage Provider - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BAB88C4-5024-3236-84B5-115054CD32B3}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - DEU
"{8BF20A72-0286-4E87-B071-E33D4B43DA97}" = Microsoft Report Viewer Add-On für Visual Studio 2012
"{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}" = Microsoft Silverlight 4 SDK - Deutsch
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90150000-0015-0407-0000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-0000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-0000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-0000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-0000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-0000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-0000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-0000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-0000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00E1-0407-0000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-0000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{90849941-4C23-3054-B575-3833700DF788}" = Microsoft Help Viewer 2.0 Language Pack - DEU
"{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
"{938526B1-772C-45E3-813A-2E15048DE74E}" = Dotfuscator and Analytics Community Edition Language Pack
"{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU
"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
"{9611BFC7-0C25-48D9-927B-DB5D0D5562CB}" = Microsoft SQL Server 2012 Express LocalDB 
"{965EC534-B751-46E2-BB44-4653A33DD5CC}" = Microsoft Web Developer Tools - Visual Studio 2012 - DEU
"{98B45D1C-6EB1-460D-A87D-2B60678DC105}" = Microsoft .NET Framework 4.5 SDK - DEU Lang Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE13D8B-6288-4A2C-99D2-414D77B9A830}" = WCF Data Services Tools for Visual Studio 11 DEU Language Pack
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A38310A9-0AAF-4815-856D-63DAE3D7DFF1}" = Microsoft SQL Server 2012 Command Line Utilities 
"{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools
"{AAC80D3B-9F42-4E52-8357-7CB4A3EC7B80}" = Microsoft ASP.NET Web Pages 2 Runtime - DEU
"{AB639FD7-CC4E-E5BB-8951-D852ABB56D8E}" = LocalESPCui for de-de
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AD17194D-3829-E59E-99A4-EC47097722CA}" = Windows App Certification Kit Native Components
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFA4B0BF-3289-495A-B949-BA91F39B1A44}" = Entity Framework Designer for Visual Studio 2012 - enu
"{B1AC00A6-43D2-4F06-92F3-9B01529E5AD5}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - DEU
"{B33EA6ED-6F46-3BE1-98D2-F43D2A82EE39}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer deu Resources
"{B585A11C-4F6E-3532-97D4-3670FE94600D}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
"{B74D4E10-0000-0000-0000-EDED00000102}" = Adobe ExtendScript Toolkit 1.0
"{B78203BF-CF9C-4163-B6C3-B70A27A646EE}" = 8GadgetPack
"{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}" = IIS 8.0 Express
"{B96FCD4F-6EDD-4258-8A6D-0FCEA8445E3E}" = Microsoft Web Developer Tools - Visual Studio 2012
"{BD87E147-2948-4E49-9FD9-890A4AE4300A}" = Microsoft Visual Studio 2012 Shell-(Mindest)-Ressourcen
"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
"{BE905C46-2B34-4D73-AEE1-769ED138E0FF}" = Virtual Router v1.0
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C1ECF949-72E2-4084-82B2-FBD276DBC3B5}" = Microsoft Visual Studio 2012-Leistungserfassungstools - DEU
"{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack
"{CEE1F4AA-FAAE-6574-8AE6-93727FD6C246}" = Windows App Certification Kit x86
"{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}" = Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00)
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D29C7866-E142-3557-95F3-B76F8E655481}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{D3F1C46B-4DAD-439D-B940-E8144DD9B69A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update - DEU
"{D434E072-F482-4F52-AB97-7B19DD5DAEB5}" = Microsoft SQL Server System CLR Types
"{DBF2CDE8-AE35-325D-8AAD-92677A2503E3}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - DEU
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{DDC1078D-00E9-CB9D-EA5B-EE695A38D346}" = Windows Runtime Intellisense Content - de-de
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E21D6DB6-6DAB-3A63-8C09-CB6606D7403B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{E43AC95E-66B0-4CEC-AADD-C9BFEF5A4C0A}" = Microsoft Web Deploy 3.0
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMwarePlayer_x86
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{E8AC67A8-BC7D-4541-A13E-88F6DD2AB3DB}" = Microsoft Visual Studio 2012-Vorbereitung
"{E8CA48E6-5A05-4A1A-AD5A-ED35C5A8029D}" = Microsoft Visual C++ 2012 32bit Compilers - DEU Resources
"{EA33215B-1391-314B-8752-C4C448304AC5}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - deu
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}" = Microsoft Silverlight 5 SDK - DEU
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{F56A0341-F545-3EFB-A7B4-25CD67D04022}" = Microsoft Visual Studio Professional 2012 - DEU
"{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}" = Microsoft SQL Server Data Tools - DEU (11.1.20627.00)
"{F803564F-1E23-313A-9162-18880B9D4FDF}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{FBBC8076-BB21-4E06-9FA0-309AEF6E35EE}" = Microsoft ASP.NET Web Pages 2 Runtime
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"{FFC6E93A-B9AD-3F20-9B06-EE20E24AAEAF}" = Microsoft Visual C++ 2012 Core Libraries
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe After Effects 7.0" = Adobe After Effects 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"CCleaner" = CCleaner
"CPUCooL" = CPUCooL (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Help Viewer 2.0 Language Pack - DEU" = Microsoft Help Viewer 2.0 Language Pack - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Mozilla Firefox 19.0.1 (x86 de)" = Mozilla Firefox 19.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"SpeedFan" = SpeedFan (remove only)
"Steam App 113200" = The Binding of Isaac
"Steam App 43110" = Metro 2033
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unity" = Unity
"VMware_Player" = VMware Player
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2249306569-1139277834-1990699510-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.02.2013 11:55:23 | Computer Name = MLaptop | Source = Perflib | ID = 1020
Description = 
 
Error - 28.02.2013 04:38:07 | Computer Name = MLaptop | Source = Application Hang | ID = 1002
Description = Programm sidebar.exe, Version 6.2.8400.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: a70    Startzeit: 
01ce15810b94d6cd    Endzeit: 27    Anwendungspfad: C:\Program Files\Windows Sidebar\sidebar.exe

Berichts-ID:
 2840549d-8182-11e2-afad-984be19dee09    Vollständiger Name des fehlerhaften Pakets:
     Anwendungs-ID, die relativ zum fehlerhaften Paket ist:   
 
Error - 28.02.2013 09:31:24 | Computer Name = MLaptop | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 28.02.2013 11:33:55 | Computer Name = MLaptop | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 10.0.9200.16482 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1618    Startzeit: 01ce15c8f8969aaa    Endzeit: 32    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 406f22c5-81bc-11e2-afad-984be19dee09

Vollständiger
 Name des fehlerhaften Pakets:     Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:   
 
Error - 28.02.2013 11:58:38 | Computer Name = MLaptop | Source = Application Hang | ID = 1002
Description = Programm SpyHunter4.exe, Version 4.12.13.4202 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 8d8    Startzeit: 01ce15c460b6d780    Endzeit: 18    Anwendungspfad: 
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe    Berichts-ID: b3da900f-81bf-11e2-afad-984be19dee09

Vollständiger
 Name des fehlerhaften Pakets:     Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:   
 
Error - 01.03.2013 06:50:16 | Computer Name = MLaptop | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.1.4805 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 17a8    Startzeit:
 01ce166a7708d34a    Endzeit: 47    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 c3fca9bd-825d-11e2-afae-984be19dee09    Vollständiger Name des fehlerhaften Pakets:
     Anwendungs-ID, die relativ zum fehlerhaften Paket ist:   
 
Error - 01.03.2013 06:50:47 | Computer Name = MLaptop | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.1.4805 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1384    Startzeit:
 01ce166a913ab4c5    Endzeit: 188    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 db8f4600-825d-11e2-afae-984be19dee09    Vollständiger Name des fehlerhaften Pakets:
     Anwendungs-ID, die relativ zum fehlerhaften Paket ist:   
 
Error - 01.03.2013 17:23:02 | Computer Name = MLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.03.2013 17:23:02 | Computer Name = MLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15584
 
Error - 01.03.2013 17:23:02 | Computer Name = MLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15584
 
[ System Events ]
Error - 01.03.2013 03:14:06 | Computer Name = MLaptop | Source = Service Control Manager | ID = 7018
Description = Erkannte Ringabhängigkeiten starten Dienste automatisch. Überprüfen
 Sie die Abhängigkeitsstruktur des Diensts.
 
Error - 01.03.2013 03:14:13 | Computer Name = MLaptop | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
 nicht als  Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser  Konfiguration
 nicht gestartet zu sein.
 
Error - 01.03.2013 03:20:28 | Computer Name = MLaptop | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
 nicht als  Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser  Konfiguration
 nicht gestartet zu sein.
 
Error - 01.03.2013 03:20:28 | Computer Name = MLaptop | Source = Service Control Manager | ID = 7019
Description = Der Dienst "EsgScanner" ist von einem Dienst in einer Gruppe abhängig,
 der später gestartet wird. Ändern Sie die Reihenfolge in der Dienstabhängigkeitsstruktur,
 um sicherzustellen, dass alle für diesen Dienst erforderlichen Dienste gestartet
 sind, bevor dieser Dienst gestartet wird.
 
Error - 01.03.2013 03:20:28 | Computer Name = MLaptop | Source = Service Control Manager | ID = 7017
Description = Erkannte Ringabhängigkeiten erfordern Start von EsgScanner. Überprüfen
 Sie die Abhängigkeitsstruktur des Diensts.
 
Error - 01.03.2013 05:43:59 | Computer Name = MLaptop | Source = Service Control Manager | ID = 7019
Description = Der Dienst "EsgScanner" ist von einem Dienst in einer Gruppe abhängig,
 der später gestartet wird. Ändern Sie die Reihenfolge in der Dienstabhängigkeitsstruktur,
 um sicherzustellen, dass alle für diesen Dienst erforderlichen Dienste gestartet
 sind, bevor dieser Dienst gestartet wird.
 
Error - 01.03.2013 05:44:00 | Computer Name = MLaptop | Source = Service Control Manager | ID = 7017
Description = Erkannte Ringabhängigkeiten erfordern Start von EsgScanner. Überprüfen
 Sie die Abhängigkeitsstruktur des Diensts.
 
Error - 01.03.2013 05:44:01 | Computer Name = MLaptop | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
 nicht als  Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser  Konfiguration
 nicht gestartet zu sein.
 
Error - 01.03.2013 08:18:57 | Computer Name = MLaptop | Source = Service Control Manager | ID = 7034
Description = Dienst "VirtualRouterService" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 01.03.2013 17:18:38 | Computer Name = MLaptop | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

PS: Sorry, dass ich erst jetzt geantwortet habe, aber ich war am Wochenende weg und hatte Montag/Dienstag schule und konnte dann nicht an den Laptop...

cosinus · 06.03.2013, 11:49

Zitat:

Professional (Version = 6.2.9200) - Type = NTWorkstation

Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

Bitte auch Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

BackBraker · 06.03.2013, 11:58

Ok, ich mach mal jetzt das was du gesagt hast. Die Professional Version ist nur, weil wir von der Schule aus alle Programme irgendwie umsonst bekommen. Und da dachte ich, muss man zuschlagen

Ich meld mich nochmal wenn die Scans und so fertig sind

cosinus · 06.03.2013, 12:17

Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)

BackBraker · 06.03.2013, 12:50

Ok sry, solche "zwischenrufe" werden nicht mehr vorkommen.

Hier ist mal das von GMER. Das andere kommt gleich noch. und entschuldige das wegen dem Thread vergessen. War wol ein bisschen zu "Übermütig"

Code:

ATTFilter

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-06 12:49:32
Windows 6.2.9200  \Device\Harddisk0\DR0 -> \Device\00000038 WDC_WD3200BEVT-60A23T0 rev.02.01A02 298.09GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\MARCO_~1\AppData\Local\Temp\fxldypow.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwReplacePartitionUnit + 2AC1                                                                                     81987A39 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 66A                                                                                         8198C43A 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\drivers\auvluhtm.sys                                                                                                  Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtWriteFile                                                               77E44278 5 Bytes  JMP 0051BA10 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtUnmapViewOfSection                                                      77E44390 5 Bytes  JMP 0051C844 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtUnlockFile                                                              77E443CC 5 Bytes  JMP 0051C1D0 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtUnloadKey                                                               77E44408 5 Bytes  JMP 0051B820 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtTerminateProcess                                                        77E444C4 5 Bytes  JMP 0051B9A8 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtSetVolumeInformationFile                                                77E445B4 5 Bytes  JMP 0051BF44 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtSetValueKey                                                             77E445C8 5 Bytes  JMP 0051A89C C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtSetSecurityObject                                                       77E446A4 5 Bytes  JMP 00519F90 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtSetInformationKey                                                       77E447F8 5 Bytes  JMP 0051B770 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtSetInformationFile                                                      77E44820 5 Bytes  JMP 0051C3B0 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtSaveKey                                                                 77E449C0 5 Bytes  JMP 0051B6CC C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtResumeThread                                                            77E44A24 5 Bytes  JMP 00519ECC C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtRestoreKey                                                              77E44A4C 5 Bytes  JMP 0051B624 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtReplaceKey                                                              77E44B14 5 Bytes  JMP 0051B4A4 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtReadFile                                                                77E44C90 5 Bytes  JMP 0051C520 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtQueryVolumeInformationFile                                              77E44D1C 5 Bytes  JMP 0051C048 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtQueryValueKey                                                           77E44D44 5 Bytes  JMP 0051A6F8 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtQuerySecurityObject                                                     77E44E0C 5 Bytes  JMP 0051A068 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtQuerySection                                                            77E44E34 5 Bytes  JMP 0051C920 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtQueryObject                                                             77E44EA8 5 Bytes  JMP 0051BAE4 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtQueryMultipleValueKey                                                   77E44ED0 5 Bytes  JMP 0051B3E4 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtQueryKey                                                                77E44EF8 5 Bytes  JMP 0051A640 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtQueryInformationProcess                                                 77E44FC0 5 Bytes  JMP 00519EAC C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtQueryInformationFile                                                    77E44FFC 5 Bytes  JMP 0051C468 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtQueryFullAttributesFile                                                 77E45038 5 Bytes  JMP 0051D038 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtQueryDirectoryFile                                                      77E4509C 5 Bytes  JMP 0051BBC4 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtQueryAttributesFile                                                     77E45114 5 Bytes  JMP 0051CEAC C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtOpenSection                                                             77E452F4 5 Bytes  JMP 0051BCAC C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtOpenKeyEx                                                               77E453BC 5 Bytes  JMP 0051ACDC C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtOpenKey                                                                 77E453E4 5 Bytes  JMP 0051AE60 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtOpenFile                                                                77E45420 5 Bytes  JMP 0051CC88 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtNotifyChangeKey                                                         77E454AC 5 Bytes  JMP 0051B304 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtNotifyChangeDirectoryFile                                               77E454C0 5 Bytes  JMP 0051A134 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtMapViewOfSection                                                        77E454FC 5 Bytes  JMP 0051C9D8 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtLockFile                                                                77E455B0 5 Bytes  JMP 0051C110 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtLoadKey2                                                                77E455D8 5 Bytes  JMP 0051B16C C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtLoadKey                                                                 77E455EC 5 Bytes  JMP 0051AFDC C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtFsControlFile                                                           77E45798 5 Bytes  JMP 0051A244 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtFlushKey                                                                77E45830 5 Bytes  JMP 0051AAA0 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtFlushBuffersFile                                                        77E4586C 5 Bytes  JMP 0051A304 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtExtendSection                                                           77E458E4 5 Bytes  JMP 0051A3E4 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtEnumerateValueKey                                                       77E458F8 5 Bytes  JMP 0051A580 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtEnumerateKey                                                            77E45934 5 Bytes  JMP 0051A7DC C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtDuplicateObject                                                         77E45994 5 Bytes  JMP 0051BE3C C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtDeleteValueKey                                                          77E45A1C 5 Bytes  JMP 0051A960 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtDeleteKey                                                               77E45A58 5 Bytes  JMP 0051AA04 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtDeleteFile                                                              77E45A6C 5 Bytes  JMP 0051C100 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtCreateUserProcess                                                       77E45B48 5 Bytes  JMP 00519F2C C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtCreateThread                                                            77E45BE8 5 Bytes  JMP 00519DF0 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtCreateSection                                                           77E45C24 5 Bytes  JMP 0051CB60 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtCreateProcessEx                                                         77E45C74 5 Bytes  JMP 00519CDC C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtCreateProcess                                                           77E45C88 5 Bytes  JMP 00519BC8 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtCreateKey                                                               77E45D3C 5 Bytes  JMP 0051AB3C C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtCreateFile                                                              77E45DA0 5 Bytes  JMP 0051C5F8 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtClose                                                                   77E45EF4 5 Bytes  JMP 0051C27C C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\CPUCooL\CooLSrv.exe[1844] ntdll.dll!NtAccessCheck                                                             77E46340 5 Bytes  JMP 0051A4A8 C:\Program Files\CPUCooL\CooLSrv.exe
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2000] ntdll.dll!RtlInitializeGenericTable + 39                                    77E69F3A 7 Bytes  JMP 644E73E0 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2000] KERNEL32.DLL!GetCurrentThread + 6                                           7780158B 7 Bytes  JMP 64846356 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2000] KERNEL32.DLL!TermsrvGetWindowsDirectoryW + 16                               7780280D 7 Bytes  JMP 64846333 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2000] KERNEL32.DLL!BaseIsAppcompatInfrastructureDisabledWorker + 9C               7780589C 7 Bytes  JMP 6450F09C C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2000] GDI32.dll!SetWindowOrgEx + 3B2                                              77198E18 7 Bytes  JMP 648462B4 C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

Device          \Driver\usbhub \Device\00000040                                                                                                hcmon.sys
Device          \Driver\usbhub \Device\00000041                                                                                                hcmon.sys

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                        VMkbd.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                        Wdf01000.sys

Device          \Driver\usbhub \Device\00000042                                                                                                hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                               hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                               hcmon.sys
Device          \Driver\usbehci \Device\USBPDO-2                                                                                               hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                               hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                               hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                               hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                               hcmon.sys
Device          \Driver\usbehci \Device\USBPDO-7                                                                                               hcmon.sys
Device          \Driver\usbhub \Device\USBPDO-9                                                                                                hcmon.sys
Device          \Driver\usbhub \Device\0000003b                                                                                                hcmon.sys
Device          \Driver\usbhub \Device\0000003c                                                                                                hcmon.sys
Device          \Driver\usbhub \Device\0000003d                                                                                                hcmon.sys
Device          \Driver\usbhub \Device\0000003e                                                                                                hcmon.sys
Device          \Driver\usbhub \Device\0000003f                                                                                                hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                               hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                               hcmon.sys
Device          \Driver\usbehci \Device\USBFDO-2                                                                                               hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                               hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                               hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                               hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                               hcmon.sys
Device          \Driver\usbehci \Device\USBFDO-7                                                                                               hcmon.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                       fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                              -153387349
Reg             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                1398
Reg             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                               2165
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer                                                         192.168.10.1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8FB3C0EB-C53D-4EEA-87F2-5FF5807C366C}@LeaseObtainedTime    1362554060
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8FB3C0EB-C53D-4EEA-87F2-5FF5807C366C}@T1                   1362597260
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8FB3C0EB-C53D-4EEA-87F2-5FF5807C366C}@T2                   1362629660
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8FB3C0EB-C53D-4EEA-87F2-5FF5807C366C}@LeaseTerminatesTime  1362640460
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F3A1EC5E-A8B4-415A-9582-25AF694A0F78}@LeaseObtainedTime    1362554068
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F3A1EC5E-A8B4-415A-9582-25AF694A0F78}@T1                   1362597268
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F3A1EC5E-A8B4-415A-9582-25AF694A0F78}@T2                   1362629668
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F3A1EC5E-A8B4-415A-9582-25AF694A0F78}@LeaseTerminatesTime  1362640468

---- EOF - GMER 2.1 ----

Ok, ich habe jetzt die Malware Anti Rootkit durchgelaufen.

Am Ende, also wenn der Scan fertig ist und man eigentlich "Clean Up" Drücken sollte, kommt bei mir nur: Congratulations, no CleanUp is required

und dann kann ich Previous oder Exit wählen.

Was soll ich jetzt tun?

Aber hier ist trotzdem mal das LogFile:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.06.08

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16484
marco_000 :: MLAPTOP [limited]

06.03.2013 13:11:31
mbar-log-2013-03-06 (13-11-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 33772
Time elapsed: 16 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hier ist nochmal das andere, das system.txt logfile.

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x86

Account is Non-administrative

Internet Explorer version: 10.0.9200.16484

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 3148779520, free: 1993179136

------------ Kernel report ------------
     03/06/2013 12:54:04
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\auvluhtm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\vmci.sys
\SystemRoot\system32\drivers\vsock.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\system32\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\giveio.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\ntiopnp.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\usbuhci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netr28.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt630x86.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\??\C:\Windows\system32\drivers\VMkbd.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\??\C:\Windows\system32\Drivers\vmx86.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\mslldp.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Users\MARCO_~1\AppData\Local\Temp\fxldypow.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{149DAFEE-777F-4917-94F3-18B6C24839FA}\MpKslbea61aac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84bd3118
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000038\
Lower Device Object: 0xffffffff8578cb48
Lower Device Driver Name: \Driver\storahci\
Driver name found: storahci
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.03.06.08
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff84bd3118, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85851020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff84bd3118, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8578cb48, DeviceName: \Device\00000038\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffc22e53a8, 0xffffffff84bd3118, 0xffffffffed27ca80
Lower DeviceData: 0xffffffffc9928300, 0xffffffff8578cb48, 0xffffffffebf2e528
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 48EF8A00

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 580974592

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 581384192  Numsec = 43544576

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 624928768  Numsec = 211632

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished

cosinus · 06.03.2013, 13:25

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

BackBraker · 06.03.2013, 14:11

Hier ist das von aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-06 13:37:29
-----------------------------
13:37:29.539    OS Version: Windows 6.2.9200 
13:37:29.539    Number of processors: 2 586 0x170A
13:37:29.539    ComputerName: MLAPTOP  UserName: 
13:37:30.225    Initialize success
13:37:39.539    AVAST engine defs: 13030501
13:37:48.680    The log file has been saved successfully to "C:\Users\marco_000\Desktop\aswMBR1.txt"
13:37:54.300    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
13:37:54.300    Disk 0 Vendor: WDC_WD3200BEVT-60A23T0 02.01A02 Size: 305245MB BusType: 11
13:37:54.316    Disk 0 MBR read successfully
13:37:54.331    Disk 0 MBR scan
13:37:54.331    Disk 0 Windows 7 default MBR code
13:37:54.347    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
13:37:54.362    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       283679 MB offset 409600
13:37:54.409    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        21262 MB offset 581384192
13:37:54.425    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 624928768
13:37:54.440    Disk 0 scanning sectors +625140400
13:37:54.534    Disk 0 scanning C:\Windows\system32\drivers
13:38:23.223    Service scanning
13:39:06.436    Service MpKslbea61aac C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{149DAFEE-777F-4917-94F3-18B6C24839FA}\MpKslbea61aac.sys **LOCKED** 32
13:39:48.389    Modules scanning
13:40:14.503    Disk 0 trace - called modules:
13:40:14.534    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys halmacpi.dll storahci.sys 
13:40:14.534    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bd3118]
13:40:14.550    3 CLASSPNP.SYS[8af220c3] -> nt!IofCallDriver -> \Device\00000038[0x8578cb48]
13:40:15.330    AVAST engine scan C:\Windows
13:40:18.622    AVAST engine scan C:\Windows\system32
13:47:57.752    AVAST engine scan C:\Windows\system32\drivers
13:48:27.740    AVAST engine scan C:\Users\marco_000
14:07:24.496    AVAST engine scan C:\ProgramData
14:09:08.398    Scan finished successfully
14:10:00.094    Disk 0 MBR has been saved successfully to "C:\Users\marco_000\Desktop\MBR.dat"
14:10:00.172    The log file has been saved successfully to "C:\Users\marco_000\Desktop\aswMBR.txt"

Das andere kommt gleich.

Hier ist noch das andere. Von TDSSKiller:

Code:

ATTFilter

14:15:11.0410 5940  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:15:11.0519 5940  ============================================================
14:15:11.0519 5940  Current date / time: 2013/03/06 14:15:11.0519
14:15:11.0519 5940  SystemInfo:
14:15:11.0519 5940  
14:15:11.0519 5940  OS Version: 6.2.9200 ServicePack: 0.0
14:15:11.0519 5940  Product type: Workstation
14:15:11.0519 5940  ComputerName: MLAPTOP
14:15:11.0519 5940  UserName: marco_000
14:15:11.0519 5940  Windows directory: C:\Windows
14:15:11.0519 5940  System windows directory: C:\Windows
14:15:11.0519 5940  Processor architecture: Intel x86
14:15:11.0519 5940  Number of processors: 2
14:15:11.0519 5940  Page size: 0x1000
14:15:11.0519 5940  Boot type: Normal boot
14:15:11.0519 5940  ============================================================
14:15:12.0658 5940  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:15:12.0674 5940  ============================================================
14:15:12.0674 5940  \Device\Harddisk0\DR0:
14:15:12.0674 5940  MBR partitions:
14:15:12.0674 5940  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:15:12.0674 5940  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x22A0F800
14:15:12.0674 5940  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x22A73800, BlocksNum 0x2987000
14:15:12.0674 5940  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
14:15:12.0674 5940  ============================================================
14:15:12.0689 5940  C: <-> \Device\Harddisk0\DR0\Partition2
14:15:12.0736 5940  D: <-> \Device\Harddisk0\DR0\Partition3
14:15:12.0752 5940  E: <-> \Device\Harddisk0\DR0\Partition4
14:15:12.0752 5940  ============================================================
14:15:12.0767 5940  Initialize success
14:15:12.0767 5940  ============================================================
14:15:36.0939 5568  ============================================================
14:15:36.0939 5568  Scan started
14:15:36.0939 5568  Mode: Manual; SigCheck; TDLFS; 
14:15:36.0939 5568  ============================================================
14:15:37.0501 5568  ================ Scan system memory ========================
14:15:37.0501 5568  System memory - ok
14:15:37.0501 5568  ================ Scan services =============================
14:15:37.0688 5568  [ E7B9E170EFF01486D3118E372BA0AF21 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
14:15:37.0735 5568  1394ohci - ok
14:15:37.0781 5568  [ 96191579DDB1A201A2FB79C1D05680B4 ] 3ware           C:\Windows\system32\drivers\3ware.sys
14:15:37.0797 5568  3ware - ok
14:15:37.0844 5568  [ B69DD3D0C195558ED5A4CF69A9D241A4 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:15:37.0859 5568  ACPI - ok
14:15:37.0891 5568  [ 3A5DA97644B9E2662CFF186A8798519C ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
14:15:37.0891 5568  acpiex - ok
14:15:37.0922 5568  [ 87C4AE693CA8AB6E2A13B7C7453466DB ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
14:15:37.0922 5568  acpipagr - ok
14:15:37.0937 5568  [ C7D2BA04BA3C6CA702C2615A0C50469C ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
14:15:37.0953 5568  AcpiPmi - ok
14:15:37.0953 5568  [ 38E110C96B2ACAB4D9A701777C9BCD98 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
14:15:37.0969 5568  acpitime - ok
14:15:38.0078 5568  [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
14:15:38.0078 5568  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
14:15:38.0078 5568  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
14:15:38.0156 5568  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:15:38.0171 5568  AdobeARMservice - ok
14:15:38.0218 5568  [ 2FE756FD6E0336990D0B3652A07EBB9B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:15:38.0234 5568  adp94xx - ok
14:15:38.0281 5568  [ CC579EC50EE5435A4070306C0E4EF9E6 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:15:38.0312 5568  adpahci - ok
14:15:38.0343 5568  [ 82743090D0259BF9F1373AD48372CBAC ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:15:38.0359 5568  adpu320 - ok
14:15:38.0405 5568  [ 5D4FC8F08B45241857776E44AC71F0ED ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:15:38.0421 5568  AeLookupSvc - ok
14:15:38.0483 5568  [ F12EFEE4DD20519D0DDF8D78704EE4DE ] AFD             C:\Windows\system32\drivers\afd.sys
14:15:38.0499 5568  AFD - ok
14:15:38.0515 5568  [ 73BB2C687305C4195ED7511587B041AA ] agp440          C:\Windows\system32\drivers\agp440.sys
14:15:38.0515 5568  agp440 - ok
14:15:38.0561 5568  [ B5A707E902BE5FC9B93C389FBA6EDF9C ] ALG             C:\Windows\System32\alg.exe
14:15:38.0577 5568  ALG - ok
14:15:38.0639 5568  [ 8F12F6811F8C4C248E2FAA8779C6FCFE ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
14:15:38.0655 5568  AllUserInstallAgent - ok
14:15:38.0655 5568  [ E44885EA3E89A54BF14C78892CE85EA0 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:15:38.0671 5568  amdagp - ok
14:15:38.0717 5568  [ FFDBB0DC75CDF6A3CC63B3DF790313EB ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
14:15:38.0749 5568  AmdK8 - ok
14:15:38.0764 5568  [ DF7FE35014C17CC4659C2531F9EA5A36 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
14:15:38.0780 5568  AmdPPM - ok
14:15:38.0811 5568  [ 8D5D89177552EDFD5C9730CCE79F7FCC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:15:38.0827 5568  amdsata - ok
14:15:38.0842 5568  [ 5725597CF5E002FB665C6C69787DAA8A ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:15:38.0858 5568  amdsbs - ok
14:15:38.0889 5568  [ FB336B5F110770CF22F6BFEB1906E773 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:15:38.0889 5568  amdxata - ok
14:15:38.0920 5568  [ CB3613E82A5B058AB6A69846B0DDC6C5 ] AppID           C:\Windows\system32\drivers\appid.sys
14:15:38.0920 5568  AppID - ok
14:15:38.0983 5568  [ 721C445A7EE59589B26EE0DC767A7967 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:15:38.0983 5568  AppIDSvc - ok
14:15:39.0014 5568  [ 9EC93DFD472298D7006627C5F81DE250 ] Appinfo         C:\Windows\System32\appinfo.dll
14:15:39.0014 5568  Appinfo - ok
14:15:39.0139 5568  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:15:39.0154 5568  Apple Mobile Device - ok
14:15:39.0170 5568  [ 8F0F777B167CADDF9D206180B8558433 ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:15:39.0185 5568  AppMgmt - ok
14:15:39.0201 5568  [ A0982052EE6B01DC9B0CB7FEFD13040F ] arc             C:\Windows\system32\drivers\arc.sys
14:15:39.0217 5568  arc - ok
14:15:39.0248 5568  [ 7E17A734B0D33B8F9287F28F1C583DD7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:15:39.0263 5568  arcsas - ok
14:15:39.0357 5568  [ 2FE0D5DB69014980A970D3BF9A85D2B1 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:15:39.0373 5568  aspnet_state - ok
14:15:39.0404 5568  [ E12BC771325E70C2A875136B0BAF491E ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:15:39.0419 5568  AsyncMac - ok
14:15:39.0435 5568  [ 48D8C3F2006698691F5AE0BB595FDCC8 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:15:39.0435 5568  atapi - ok
14:15:39.0482 5568  [ 28F42B76951DC8D41C5077EFA5F55C6D ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
14:15:39.0497 5568  AudioEndpointBuilder - ok
14:15:39.0544 5568  [ F2A27CD1E460CF7DFFE15FC61DF0E808 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:15:39.0575 5568  Audiosrv - ok
14:15:39.0622 5568  [ 3F642D45EC0BE2E4843C35A2A1AA93D5 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:15:39.0638 5568  AxInstSV - ok
14:15:39.0638 5568  [ A96A499B6C931B7242D964D5D695A506 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
14:15:39.0669 5568  BasicDisplay - ok
14:15:39.0716 5568  [ D313E4D7DF0187CEDA121793F937EA89 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
14:15:39.0731 5568  BasicRender - ok
14:15:39.0778 5568  [ 30D98AE688C681196D411CA65E5E90D1 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:15:39.0794 5568  BDESVC - ok
14:15:39.0809 5568  [ E53DDF8C101E3CB6A0483D592A8CC476 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:15:39.0841 5568  Beep - ok
14:15:39.0887 5568  [ 81158030D8F2DDECF99F420D51AEAC1E ] BFE             C:\Windows\System32\bfe.dll
14:15:39.0903 5568  BFE - ok
14:15:39.0965 5568  [ 6723B30920D4371367F468DF6061A7E9 ] BITS            C:\Windows\System32\qmgr.dll
14:15:40.0059 5568  BITS - ok
14:15:40.0121 5568  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:15:40.0137 5568  Bonjour Service - ok
14:15:40.0199 5568  [ D7148E90581185DB2CC6A2EED9C8281C ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:15:40.0215 5568  bowser - ok
14:15:40.0262 5568  [ 96A673069E7DFCCE0BEF8FABACB220C4 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
14:15:40.0277 5568  BrokerInfrastructure - ok
14:15:40.0309 5568  [ 771EE7009E428CCC3476838CB22DBA8D ] Browser         C:\Windows\System32\browser.dll
14:15:40.0324 5568  Browser - ok
14:15:40.0387 5568  [ ABAAF1FD3426BCA12360845EB218C98D ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
14:15:40.0387 5568  BthAvrcpTg - ok
14:15:40.0449 5568  [ 3EEEA1B69C16A8D159B53896EC78420C ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
14:15:40.0496 5568  BthHFEnum - ok
14:15:40.0543 5568  [ 403C9BA247F4D4C0E4FF6FFA5F096EF6 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
14:15:40.0543 5568  bthhfhid - ok
14:15:40.0574 5568  [ 0C706A8B022A44413F6C36ECEAAA2838 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
14:15:40.0589 5568  BTHMODEM - ok
14:15:40.0667 5568  [ 171AF9795CABEC4985D45640D3A5F8F0 ] bthserv         C:\Windows\system32\bthserv.dll
14:15:40.0667 5568  bthserv - ok
14:15:40.0714 5568  [ 00B4FA77732C7823D292ECD672660882 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:15:40.0730 5568  cdfs - ok
14:15:40.0761 5568  [ 4E707EC5071DD8F5C29A7410780BD4C3 ] cdrom           C:\Windows\System32\drivers\cdrom.sys
14:15:40.0792 5568  cdrom - ok
14:15:40.0823 5568  [ BAEE72BFBEC7B96AA85F861A6F4FE428 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:15:40.0855 5568  CertPropSvc - ok
14:15:40.0901 5568  [ 17BE1CB162768E886B2BBA63F8B89371 ] circlass        C:\Windows\System32\drivers\circlass.sys
14:15:40.0917 5568  circlass - ok
14:15:40.0933 5568  [ D5370A0D3A8F7E531FE9BA3E3C81BAC8 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
14:15:40.0948 5568  CLFS - ok
14:15:40.0995 5568  [ 16744C84320D33880E38DF7409585EBF ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
14:15:40.0995 5568  CmBatt - ok
14:15:41.0057 5568  [ D4EF3370F53CF9647B6D33A512DDC2E9 ] CNG             C:\Windows\system32\Drivers\cng.sys
14:15:41.0073 5568  CNG - ok
14:15:41.0135 5568  [ 765969F18ABD50298AA880E803D2096F ] cnghwassist     C:\Windows\system32\DRIVERS\cnghwassist.sys
14:15:41.0151 5568  cnghwassist - ok
14:15:41.0167 5568  [ 357444DE560252A907F8B687005B3DCA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
14:15:41.0182 5568  CompositeBus - ok
14:15:41.0198 5568  COMSysApp - ok
14:15:41.0245 5568  [ F1B79B7B595B0D7990756C12FA64F00E ] condrv          C:\Windows\system32\drivers\condrv.sys
14:15:41.0260 5568  condrv - ok
14:15:41.0354 5568  [ F4FD82F5D6617A45CC3C4B9D4E7DF2C0 ] CPUCooLServer   C:\Program Files\CPUCooL\CooLSrv.exe
14:15:41.0401 5568  CPUCooLServer ( UnsignedFile.Multi.Generic ) - warning
14:15:41.0401 5568  CPUCooLServer - detected UnsignedFile.Multi.Generic (1)
14:15:41.0463 5568  [ 42EAE3259F8F39C7E22D0F385DBFADA9 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:15:41.0463 5568  CryptSvc - ok
14:15:41.0525 5568  [ 5531D4CFCBB6CBBD5BFB9E5FD089FADF ] CSC             C:\Windows\system32\drivers\csc.sys
14:15:41.0557 5568  CSC - ok
14:15:41.0588 5568  [ A36C84BAC3128A6A3F41136A6ED426B1 ] CscService      C:\Windows\System32\cscsvc.dll
14:15:41.0619 5568  CscService - ok
14:15:41.0650 5568  [ C266A8E3D8BC4573B0BE8AA6ADC0AD7E ] dam             C:\Windows\system32\drivers\dam.sys
14:15:41.0666 5568  dam - ok
14:15:41.0728 5568  [ BCD3562ACB27B8137BF809F61BA44E80 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:15:41.0759 5568  DcomLaunch - ok
14:15:41.0822 5568  [ 3D36FBE5ABAF0D531085C5D3381DC770 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:15:41.0837 5568  defragsvc - ok
14:15:41.0900 5568  [ E5935B79D5AE9288AEB72487E1A1B662 ] DeviceAssociationService C:\Windows\system32\das.dll
14:15:41.0915 5568  DeviceAssociationService - ok
14:15:41.0962 5568  [ 84C433F0FA896BACFAB67D0B22CFA73C ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
14:15:41.0978 5568  DeviceInstall - ok
14:15:42.0040 5568  [ B21FDAC50FCD4CE53C203F097273532A ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
14:15:42.0040 5568  Dfsc - ok
14:15:42.0087 5568  [ 120BFA182545EE73B832595137E080F8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:15:42.0103 5568  Dhcp - ok
14:15:42.0134 5568  [ C0C87CCE88C4532B575AD60A95E7FD57 ] discache        C:\Windows\system32\drivers\discache.sys
14:15:42.0134 5568  discache - ok
14:15:42.0149 5568  [ 4E3237D8266580412CCA774321056111 ] disk            C:\Windows\system32\drivers\disk.sys
14:15:42.0165 5568  disk - ok
14:15:42.0181 5568  [ 9B20A9DB154249E0E40036BC8BDC3E38 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
14:15:42.0196 5568  dmvsc - ok
14:15:42.0243 5568  [ 090D65A0A412F9056F16297D5A5B830F ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:15:42.0259 5568  Dnscache - ok
14:15:42.0305 5568  [ 7F0C01E0C0BB063136DF09845FFC4CE1 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:15:42.0337 5568  dot3svc - ok
14:15:42.0383 5568  [ 16AEEC748CD4210084D5B044310074C0 ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
14:15:42.0399 5568  dot4 - ok
14:15:42.0446 5568  [ 464DA96934BB8F2F2AD2573E3479B383 ] Dot4Print       C:\Windows\System32\drivers\Dot4Prt.sys
14:15:42.0446 5568  Dot4Print - ok
14:15:42.0477 5568  [ 8848790920F2827E5A16971E1D32CA60 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
14:15:42.0477 5568  dot4usb - ok
14:15:42.0508 5568  [ 07D96198AFB530CF4A0A9B5C0E49073F ] DPS             C:\Windows\system32\dps.dll
14:15:42.0524 5568  DPS - ok
14:15:42.0571 5568  [ 50B8D915F3514EC8BE7DF0D2EDEC44BA ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:15:42.0571 5568  drmkaud - ok
14:15:42.0633 5568  [ 0EF9D082E38EC861DD4886896666103B ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
14:15:42.0633 5568  DsmSvc - ok
14:15:42.0711 5568  [ 42CE6DD104BDA921C7A8939680876499 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:15:42.0758 5568  DXGKrnl - ok
14:15:42.0820 5568  [ 59ECF01342E0CDB726C7948E36A43309 ] EapHost         C:\Windows\System32\eapsvc.dll
14:15:42.0836 5568  EapHost - ok
14:15:42.0929 5568  [ 0118D8C2B0B04F6B6FE620EADDA53449 ] EFS             C:\Windows\System32\lsass.exe
14:15:42.0961 5568  EFS - ok
14:15:43.0335 5568  [ BC7119CF5B5BC9F54C8FAE221C3227F2 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
14:15:43.0351 5568  EhStorClass - ok
14:15:43.0366 5568  [ 1A5945FA87A05A97A1175657B7BA4EDB ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
14:15:43.0382 5568  EhStorTcgDrv - ok
14:15:43.0397 5568  [ 8B22B788A329645F08AB4F86B9580AF3 ] ErrDev          C:\Windows\System32\drivers\errdev.sys
14:15:43.0413 5568  ErrDev - ok
14:15:43.0460 5568  esgiguard - ok
14:15:43.0522 5568  [ 39FB0D2C74D4201F01BA30D06162525A ] EventSystem     C:\Windows\system32\es.dll
14:15:43.0538 5568  EventSystem - ok
14:15:43.0553 5568  [ B60B2A0E110D640440263268FC02C726 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:15:43.0585 5568  exfat - ok
14:15:43.0600 5568  [ C8B18803E1521225BDBA86B5F7D2E9FC ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:15:43.0616 5568  fastfat - ok
14:15:43.0678 5568  [ 22A38E2F78153AB500482FD0D4A9DB65 ] Fax             C:\Windows\system32\fxssvc.exe
14:15:43.0694 5568  Fax - ok
14:15:43.0709 5568  [ 9709867A1354A4D10046ADE31DA67511 ] fdc             C:\Windows\System32\drivers\fdc.sys
14:15:43.0725 5568  fdc - ok
14:15:43.0772 5568  [ E099DF1CE3285FCA613AF84D792DBC15 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:15:43.0787 5568  fdPHost - ok
14:15:43.0803 5568  [ 141B98F42D71B4F5CFB0D8D4769FBA0C ] FDResPub        C:\Windows\system32\fdrespub.dll
14:15:43.0819 5568  FDResPub - ok
14:15:43.0865 5568  [ 2754F16876B03037CCA6FBD8C20E1686 ] fhsvc           C:\Windows\system32\fhsvc.dll
14:15:43.0865 5568  fhsvc - ok
14:15:43.0881 5568  [ 1018AE04A4D36BA60247C2C22D7BA7D1 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:15:43.0897 5568  FileInfo - ok
14:15:43.0943 5568  [ 3A2F87EF4400B5E542E2C2BA8FAB4222 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:15:43.0943 5568  Filetrace - ok
14:15:43.0975 5568  [ F37314C92AB8C876DB478A36A6D9FF0E ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
14:15:43.0975 5568  flpydisk - ok
14:15:43.0990 5568  [ 13C0B6F6EFD0D5C6871C07B56CB5403D ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:15:44.0006 5568  FltMgr - ok
14:15:44.0068 5568  [ 89FB9BDDCEC278661EAF57639F9920D7 ] FontCache       C:\Windows\system32\FntCache.dll
14:15:44.0099 5568  FontCache - ok
14:15:44.0193 5568  [ 2AAF650823623D89B5FE5C399FC5D1BD ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:15:44.0209 5568  FontCache3.0.0.0 - ok
14:15:44.0209 5568  [ 16D4CC9AE485BC60B6AE026FF2497DE8 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:15:44.0224 5568  FsDepends - ok
14:15:44.0240 5568  [ 28E64CAC27FE3A7CA34E2F93E9A8092A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:15:44.0255 5568  Fs_Rec - ok
14:15:44.0380 5568  [ D07A5943D46E42D79C00A8BAA20B7F7E ] fussvc          C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe
14:15:44.0380 5568  fussvc ( UnsignedFile.Multi.Generic ) - warning
14:15:44.0380 5568  fussvc - detected UnsignedFile.Multi.Generic (1)
14:15:44.0427 5568  [ 42F4C92E85B2D5972CEBB28B8CCE6F9D ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:15:44.0443 5568  fvevol - ok
14:15:44.0474 5568  [ 05F58A34B5E1EB3274AE7B0875A143EF ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
14:15:44.0489 5568  FxPPM - ok
14:15:44.0536 5568  [ B5AD0B13AD7FD1C749FC45D81392B9DF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:15:44.0552 5568  gagp30kx - ok
14:15:44.0583 5568  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:15:44.0583 5568  GEARAspiWDM - ok
14:15:44.0630 5568  [ A9608FF3B1B577BFC969A7B6797B1FC1 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
14:15:44.0645 5568  gencounter - ok
14:15:44.0692 5568  [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio          C:\Windows\system32\giveio.sys
14:15:44.0692 5568  giveio ( UnsignedFile.Multi.Generic ) - warning
14:15:44.0692 5568  giveio - detected UnsignedFile.Multi.Generic (1)
14:15:44.0739 5568  [ 1E9080CAE8013BCB687547E238E54561 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
14:15:44.0755 5568  GPIOClx0101 - ok
14:15:44.0801 5568  [ B13CCD3028A44C6E16E03A3E1AD95FA4 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:15:44.0864 5568  gpsvc - ok
14:15:44.0911 5568  [ 7898E20A298105CC3EA1A7BAA695ACFC ] hcmon           C:\Windows\system32\drivers\hcmon.sys
14:15:44.0926 5568  hcmon - ok
14:15:44.0973 5568  [ 7A63087EDE3504684055A57A45E2AFF9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:15:45.0020 5568  HdAudAddService - ok
14:15:45.0051 5568  [ 4A219AB84D6936C2A61FF44D32EF378D ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
14:15:45.0098 5568  HDAudBus - ok
14:15:45.0129 5568  [ 8CBCFA78D2B43CCC23BF5A4C09A700CA ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
14:15:45.0129 5568  HidBatt - ok
14:15:45.0145 5568  [ 9AF33AB459FE639783CF7CDBFFC7A449 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
14:15:45.0176 5568  HidBth - ok
14:15:45.0207 5568  [ 804019176228EBE260A821C5688CAFD2 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
14:15:45.0223 5568  hidi2c - ok
14:15:45.0254 5568  [ 11A4D12F4CADD18CDA334C2756FE450A ] HidIr           C:\Windows\System32\drivers\hidir.sys
14:15:45.0269 5568  HidIr - ok
14:15:45.0301 5568  [ C0A9999E5B4C1953C6B07CD9105B41FD ] hidserv         C:\Windows\system32\hidserv.dll
14:15:45.0332 5568  hidserv - ok
14:15:45.0363 5568  [ 1887E321B54832AD18CB0867DE359EE3 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
14:15:45.0379 5568  HidUsb - ok
14:15:45.0457 5568  [ 40AAA716A3F2E494E7F533C45DA3E7E8 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:15:45.0472 5568  hkmsvc - ok
14:15:45.0550 5568  [ F4847FFB1D1FD522B4B3848A6A97BE47 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:15:45.0566 5568  HomeGroupListener - ok
14:15:45.0628 5568  [ EFC6EEA348478FBAFCF2B2D03DE0B127 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:15:45.0644 5568  HomeGroupProvider - ok
14:15:45.0706 5568  [ D7544353157E11864C00A48BC90EF183 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:15:45.0706 5568  HpSAMD - ok
14:15:45.0769 5568  [ 6E6BCD909FC985D69105C57962CAACB5 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:15:45.0800 5568  HTTP - ok
14:15:45.0815 5568  [ 4A3E6732E5BEF6DF531A217B5EBB5C54 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:15:45.0831 5568  hwpolicy - ok
14:15:45.0847 5568  [ 0F819743721DFB5906734243ED0CE935 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
14:15:45.0878 5568  hyperkbd - ok
14:15:45.0909 5568  [ A14A2EBA22929901F64B496C1D555982 ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
14:15:45.0925 5568  HyperVideo - ok
14:15:45.0940 5568  [ 11EDC37780E8A2F8E311D73F7658A4D7 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
14:15:45.0940 5568  i8042prt - ok
14:15:46.0003 5568  [ C444F83C318BE18719DC1FDAEFF10898 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:15:46.0018 5568  iaStorV - ok
14:15:46.0237 5568  [ D771E3D5E0ECE091FF9244BDF1303D6F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
14:15:46.0346 5568  igfx - ok
14:15:46.0377 5568  [ 7BB542C7156FA72CC83C1177BB190F94 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:15:46.0393 5568  iirsp - ok
14:15:46.0439 5568  [ 2412FB8F2F3C48B93DC0179560EB029B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:15:46.0455 5568  IKEEXT - ok
14:15:46.0502 5568  [ A43BC9416741ABEA2B8DF60D2C0EA6A2 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:15:46.0517 5568  intelide - ok
14:15:46.0549 5568  [ BE23B0DF1401DC890B5CEFA369B1BD8E ] intelppm        C:\Windows\System32\drivers\intelppm.sys
14:15:46.0564 5568  intelppm - ok
14:15:46.0580 5568  [ AB308167857138B84E4DECDF2000DD27 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:15:46.0595 5568  IpFilterDriver - ok
14:15:46.0658 5568  [ 933DBF31E0632B96B74D1A1230AA2199 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:15:46.0689 5568  iphlpsvc - ok
14:15:46.0705 5568  [ 7E4FEE6D5C5BC52199C481DAC564FE43 ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
14:15:46.0720 5568  IPMIDRV - ok
14:15:46.0751 5568  [ 57B0C0D982013C72911A3F5CBA795034 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:15:46.0767 5568  IPNAT - ok
14:15:46.0861 5568  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:15:46.0876 5568  iPod Service - ok
14:15:46.0892 5568  [ 9D6DB34476AC6448B3CA59D8676F7CE6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:15:46.0907 5568  IRENUM - ok
14:15:46.0939 5568  [ 2E1347C9CC7DDB43183AF725135ACF0D ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:15:46.0939 5568  isapnp - ok
14:15:46.0970 5568  [ 6AC2FF3AF40AE6AC39B097A07225B95B ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
14:15:46.0985 5568  iScsiPrt - ok
14:15:47.0001 5568  [ 4533BE9F8D67BDCF5FECA87DCC345448 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
14:15:47.0017 5568  kbdclass - ok
14:15:47.0032 5568  [ 8F73A6DAEF7F7D102FBBA6F3EBC47F97 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
14:15:47.0032 5568  kbdhid - ok
14:15:47.0048 5568  [ F7E302012680B0617C904B58594E0376 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
14:15:47.0079 5568  kdnic - ok
14:15:47.0095 5568  [ 0118D8C2B0B04F6B6FE620EADDA53449 ] KeyIso          C:\Windows\system32\lsass.exe
14:15:47.0110 5568  KeyIso - ok
14:15:47.0141 5568  [ 137AB78B8510F9E432C4793C0CF4CD80 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:15:47.0157 5568  KSecDD - ok
14:15:47.0204 5568  [ 90226157B0130F9F11A3890BAE6F07AA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:15:47.0219 5568  KSecPkg - ok
14:15:47.0266 5568  [ C2ADC979C11A858949ECC1B9233B884C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:15:47.0282 5568  KtmRm - ok
14:15:47.0329 5568  [ 57BA03D561180AFABCB812A57704BFA7 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:15:47.0344 5568  LanmanServer - ok
14:15:47.0391 5568  [ 7867CD2CC05D8B1377DC7FEE93716015 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:15:47.0407 5568  LanmanWorkstation - ok
14:15:47.0422 5568  [ AD581D8BA8C2CE46933D44392BA35C24 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:15:47.0438 5568  lltdio - ok
14:15:47.0485 5568  [ BCDCFD2C2115334419EF025C533AB6C5 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:15:47.0500 5568  lltdsvc - ok
14:15:47.0531 5568  [ FBA8BDF947B5289E85324F00043CC5D8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:15:47.0547 5568  lmhosts - ok
14:15:47.0594 5568  [ 6B01CB678E1E390CEA9514D4774EFB51 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:15:47.0609 5568  LSI_SAS - ok
14:15:47.0625 5568  [ 4C3AFBA9ED36535313054AC26532E9DE ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:15:47.0641 5568  LSI_SAS2 - ok
14:15:47.0641 5568  [ 0715DC27611C202D04BC0365D666DD27 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:15:47.0656 5568  LSI_SCSI - ok
14:15:47.0672 5568  [ DB6B9554AA4F83212E80D5107D8C53EE ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
14:15:47.0687 5568  LSI_SSS - ok
14:15:47.0734 5568  [ 7607DE91C0BFB0FC7210349F16737D16 ] LSM             C:\Windows\System32\lsm.dll
14:15:47.0750 5568  LSM - ok
14:15:47.0765 5568  [ F731770C339FEB6563397D410793A756 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:15:47.0781 5568  luafv - ok
14:15:47.0797 5568  mcdbus - ok
14:15:47.0812 5568  [ 125C3C5A315500A1AD54F0B4766AF815 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:15:47.0828 5568  megasas - ok
14:15:47.0859 5568  [ 05457CC7F5586C6E8D02FFA7F23FCEDF ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:15:47.0875 5568  MegaSR - ok
14:15:47.0921 5568  [ CAAAB04E7775D8F11E166482F3596539 ] MMCSS           C:\Windows\system32\mmcss.dll
14:15:47.0937 5568  MMCSS - ok
14:15:47.0968 5568  [ 049E433162AFE9B08C05D81D2C62CD61 ] Modem           C:\Windows\system32\drivers\modem.sys
14:15:47.0968 5568  Modem - ok
14:15:48.0015 5568  [ 7E93949414DA50029E2B5746AD8BB3A3 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:15:48.0046 5568  monitor - ok
14:15:48.0062 5568  [ 9D3F069A705325E7B7CEA36BFB65E616 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
14:15:48.0062 5568  mouclass - ok
14:15:48.0093 5568  [ A6BA920D42A6154B3F272F4290D33B48 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
14:15:48.0093 5568  mouhid - ok
14:15:48.0124 5568  [ 13D8E3077EF0AE583F4634236D9A0992 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:15:48.0124 5568  mountmgr - ok
14:15:48.0187 5568  [ 46C379299D0C831463162C473C2D5927 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:15:48.0187 5568  MozillaMaintenance - ok
14:15:48.0296 5568  [ A69630D039C38018689190234F866D77 ] MpKslbea61aac   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{149DAFEE-777F-4917-94F3-18B6C24839FA}\MpKslbea61aac.sys
14:15:48.0311 5568  MpKslbea61aac - ok
14:15:48.0358 5568  [ 3343B276F4AD3BBF44C46AB2A1E8A23A ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:15:48.0389 5568  mpsdrv - ok
14:15:48.0436 5568  [ 1A9FED739F0BBD20451519C30D183AC8 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:15:48.0467 5568  MpsSvc - ok
14:15:48.0483 5568  [ 329E3ACBFC616666D3D04C6FDC1B71E0 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:15:48.0499 5568  MRxDAV - ok
14:15:48.0545 5568  [ 60B65EBAC1ACCD53BF32F6E43792105E ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:15:48.0904 5568  mrxsmb - ok
14:15:48.0951 5568  [ B9F3DA35CDE171B5CBA70319AD7D5E59 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:15:48.0967 5568  mrxsmb10 - ok
14:15:49.0014 5568  [ 17DA6DF0DE69E3B2963B54DF4E7C5541 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:15:49.0014 5568  mrxsmb20 - ok
14:15:49.0060 5568  [ 61E23CF0A54EDBAE5CFE3322E960ECC9 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
14:15:49.0076 5568  MsBridge - ok
14:15:49.0123 5568  [ 37594E0C3119827CA7F8D16D187239E0 ] MSDTC           C:\Windows\System32\msdtc.exe
14:15:49.0138 5568  MSDTC - ok
14:15:49.0170 5568  [ 651DEF4337DD77E6A607CEE49D3C4B30 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:15:49.0170 5568  Msfs - ok
14:15:49.0216 5568  [ 8F47F5F31F001C4F97840DB723618DD0 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
14:15:49.0232 5568  msgpiowin32 - ok
14:15:49.0263 5568  [ 26BBD77D23FFABB14C3291A1B8555EA5 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:15:49.0279 5568  mshidkmdf - ok
14:15:49.0279 5568  [ 51808FEF911B77758A6CF7CEB469AF9E ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
14:15:49.0310 5568  mshidumdf - ok
14:15:49.0341 5568  [ F103DF830D370B7535FDA3D477C8D8A0 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:15:49.0357 5568  msisadrv - ok
14:15:49.0404 5568  [ 2C777DD7FD2340F9F9F8BD76B9810956 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:15:49.0419 5568  MSiSCSI - ok
14:15:49.0419 5568  msiserver - ok
14:15:49.0482 5568  [ 3FCF6AA904516872CF70ED248F86889B ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:15:49.0528 5568  MSKSSRV - ok
14:15:49.0544 5568  [ 10C229EAC28FDB8550EE93D955932F83 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
14:15:49.0575 5568  MsLldp - ok
14:15:49.0606 5568  [ BA786F089895196E18120F66F996A3D2 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:15:49.0622 5568  MSPCLOCK - ok
14:15:49.0622 5568  [ 362950A5F7B1794DA9CB985AF7BBCC4B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:15:49.0638 5568  MSPQM - ok
14:15:49.0778 5568  [ 79A14AB6C6A5B01E9CE99937D1304D13 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:15:49.0840 5568  MsRPC - ok
14:15:49.0856 5568  [ A819A3006C27870AF05E408AD06FACFF ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
14:15:49.0872 5568  mssmbios - ok
14:15:49.0872 5568  [ FB1D61A2998A5C4456C6B73DD41D5352 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:15:49.0887 5568  MSTEE - ok
14:15:49.0903 5568  [ 3CC687876469F0FD3B2D936FA7A6EC59 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
14:15:49.0903 5568  MTConfig - ok
14:15:49.0918 5568  [ 6779B2A319A563C68B56DE8491E9EA76 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:15:49.0918 5568  Mup - ok
14:15:49.0950 5568  [ 1DEF95DC467131BF4AB52A8F72C42D89 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
14:15:49.0950 5568  mvumis - ok
14:15:49.0996 5568  [ 34FEF8CBBD7C4FACDD6AB68E39E02062 ] napagent        C:\Windows\system32\qagentRT.dll
14:15:50.0028 5568  napagent - ok
14:15:50.0074 5568  [ D48E3B33BD911BA28413A4337456724F ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:15:50.0090 5568  NativeWifiP - ok
14:15:50.0137 5568  [ 4B947B7F1ADCF1AE86B0EB717D55CE0C ] NcaSvc          C:\Windows\System32\ncasvc.dll
14:15:50.0152 5568  NcaSvc - ok
14:15:50.0152 5568  [ 466C47B1335533884C06CA88D073B759 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
14:15:50.0168 5568  NcdAutoSetup - ok
14:15:50.0230 5568  [ 68D808AB2097E17511DBCF2FBCDA7832 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:15:50.0246 5568  NDIS - ok
14:15:50.0293 5568  [ 9B8BC481DEEAA07C51DA214D2CEF2FC9 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:15:50.0308 5568  NdisCap - ok
14:15:50.0324 5568  [ 1EA68DB9E05248EF9B940D6D0A0725B3 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
14:15:50.0340 5568  NdisImPlatform - ok
14:15:50.0371 5568  [ 71F6E2AF63B0E52B36CEE7F0AE076A18 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:15:50.0386 5568  NdisTapi - ok
14:15:50.0402 5568  [ DDC67239BFE82DC5A878039B464B1968 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:15:50.0418 5568  Ndisuio - ok
14:15:50.0433 5568  [ 556DB924D61BC4A5E0F95D383E9B1009 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:15:50.0449 5568  NdisWan - ok
14:15:50.0449 5568  [ 556DB924D61BC4A5E0F95D383E9B1009 ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
14:15:50.0464 5568  NDISWANLEGACY - ok
14:15:50.0496 5568  [ 730E417A5D4A0441C143F96B667618D7 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:15:50.0496 5568  NDProxy - ok
14:15:50.0511 5568  [ 583F95CEFCD5D896B5531BD338030401 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
14:15:50.0511 5568  Ndu - ok
14:15:50.0542 5568  [ 4CA677A214248DB8227F8035B546F7D0 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:15:50.0542 5568  NetBIOS - ok
14:15:50.0558 5568  [ 303A053C25E468B9925C22288BEF8484 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:15:50.0589 5568  NetBT - ok
14:15:50.0605 5568  [ 0118D8C2B0B04F6B6FE620EADDA53449 ] Netlogon        C:\Windows\system32\lsass.exe
14:15:50.0620 5568  Netlogon - ok
14:15:50.0667 5568  [ A54157CE7FF480834897CC0FA6DDF620 ] Netman          C:\Windows\System32\netman.dll
14:15:50.0683 5568  Netman - ok
14:15:50.0745 5568  [ 5B6DABBEAC96119A65FBF6C731A35234 ] netprofm        C:\Windows\System32\netprofmsvc.dll
14:15:50.0761 5568  netprofm - ok
14:15:50.0886 5568  [ F29A96AA84733FFD3BB2458ECD4315B8 ] netr28          C:\Windows\system32\DRIVERS\netr28.sys
14:15:50.0932 5568  netr28 - ok
14:15:50.0995 5568  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:15:51.0010 5568  NetTcpPortSharing - ok
14:15:51.0073 5568  [ 4B539272E9F5C3B8D9714D137FD340A6 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:15:51.0088 5568  nfrd960 - ok
14:15:51.0135 5568  [ 6906D71601703792F395CF8497209FDD ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:15:51.0151 5568  NlaSvc - ok
14:15:51.0213 5568  [ EAC569A77BE92B247FCA51E498B17DF1 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:15:51.0213 5568  Npfs - ok
14:15:51.0229 5568  [ 6E994702ED294CDBED7621590EC75735 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
14:15:51.0244 5568  npsvctrig - ok
14:15:51.0307 5568  [ 61C583D971CC3411CCD3D58704E9301B ] nsi             C:\Windows\system32\nsisvc.dll
14:15:51.0307 5568  nsi - ok
14:15:51.0354 5568  [ 9588CCD14571FA22F8F2ECCF198AB448 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:15:51.0369 5568  nsiproxy - ok
14:15:51.0447 5568  [ 73A349516FC2A9EC810E96685E7DF0E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:15:51.0525 5568  Ntfs - ok
14:15:51.0556 5568  [ 5850C28057DDEA04390B88F8CC482504 ] ntiopnp         C:\Windows\system32\drivers\ntiopnp.sys
14:15:51.0572 5568  ntiopnp - ok
14:15:51.0588 5568  [ 0F965AF67042AF539274738FFD0C8C71 ] Null            C:\Windows\system32\drivers\Null.sys
14:15:51.0603 5568  Null - ok
14:15:51.0650 5568  [ BD23FF50A9A59AAF48052F5E7D0682B0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:15:51.0666 5568  nvraid - ok
14:15:51.0681 5568  [ 108DD54A5B1E73F583AF7DC94CCE52B8 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:15:51.0697 5568  nvstor - ok
14:15:51.0712 5568  [ 5ED87C9C51CFE59B1DDFF8290719E0E4 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:15:51.0728 5568  nv_agp - ok
14:15:51.0806 5568  [ 2B8E4C792BED0E5882702720BC528AE5 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:15:51.0806 5568  ose - ok
14:15:51.0868 5568  [ BB3916021D0AC8D33C02C1161B7A2621 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:15:51.0900 5568  p2pimsvc - ok
14:15:51.0962 5568  [ 433A776514D8A57DA92467991AE2FEFF ] p2psvc          C:\Windows\system32\p2psvc.dll
14:15:51.0978 5568  p2psvc - ok
14:15:52.0024 5568  [ 8BCE63AF5B52642E832630F862DE96EF ] Parport         C:\Windows\System32\drivers\parport.sys
14:15:52.0024 5568  Parport - ok
14:15:52.0071 5568  [ 7289BE4566F0E5126868EB6E4292CC3C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:15:52.0087 5568  partmgr - ok
14:15:52.0102 5568  [ 49A439FEAB060F74B8EC7DBF44D4A7BA ] Parvdm          C:\Windows\System32\drivers\parvdm.sys
14:15:52.0118 5568  Parvdm - ok
14:15:52.0165 5568  [ B06FF821B79BED0912579A48140A4C46 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:15:52.0180 5568  PcaSvc - ok
14:15:52.0180 5568  [ EA828C84C8948D0E4994C1E0A45EB05F ] pci             C:\Windows\system32\drivers\pci.sys
14:15:52.0196 5568  pci - ok
14:15:52.0212 5568  [ B4444133ED61F87FD49A2ADD28285115 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:15:52.0305 5568  pciide - ok
14:15:52.0336 5568  [ 6E11FDE71F2015007CDD4AE9D2D700C9 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:15:52.0352 5568  pcmcia - ok
14:15:52.0368 5568  [ 8A56B080B12950D448D556FE4BA6C68C ] pcw             C:\Windows\system32\drivers\pcw.sys
14:15:52.0368 5568  pcw - ok
14:15:52.0414 5568  [ D046B75932043E203050D5416D69785D ] pdc             C:\Windows\system32\drivers\pdc.sys
14:15:52.0430 5568  pdc - ok
14:15:52.0477 5568  [ 50F9CC87D2F7DA89356C99B9F73580D6 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:15:52.0508 5568  PEAUTH - ok
14:15:52.0586 5568  [ D90D72035BA6DB320C9700E16552D0FE ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:15:52.0648 5568  PeerDistSvc - ok
14:15:52.0695 5568  [ CCF3E6C601D71A4CBB4C08B5591E5D26 ] pla             C:\Windows\system32\pla.dll
14:15:52.0758 5568  pla - ok
14:15:52.0773 5568  [ 84C433F0FA896BACFAB67D0B22CFA73C ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:15:52.0789 5568  PlugPlay - ok
14:15:52.0804 5568  [ 7BB1FAB338641C440FDCDEB8B243648A ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:15:52.0820 5568  PNRPAutoReg - ok
14:15:52.0851 5568  [ BB3916021D0AC8D33C02C1161B7A2621 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:15:52.0867 5568  PNRPsvc - ok
14:15:52.0898 5568  [ 9DC57EB201F2F77E874084176EAD5BCF ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:15:52.0929 5568  PolicyAgent - ok
14:15:52.0960 5568  [ 556848D77F36645260DE452513A54F5D ] Power           C:\Windows\system32\umpo.dll
14:15:52.0976 5568  Power - ok
14:15:52.0992 5568  [ 03D522782A0BB5108C8A43A10EE51CB0 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:15:53.0007 5568  PptpMiniport - ok
14:15:53.0132 5568  [ C5E38D8CACF357148BECFA9941B7F22C ] PrintNotify     C:\Windows\system32\spool\DRIVERS\W32X86\3\PrintConfig.dll
14:15:53.0194 5568  PrintNotify - ok
14:15:53.0226 5568  [ BD23C45A654066374E3EC7F4EF8FC9B6 ] Processor       C:\Windows\System32\drivers\processr.sys
14:15:53.0241 5568  Processor - ok
14:15:53.0257 5568  [ FEE5D89ABE17FBD24FE8A6FD91543316 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:15:53.0272 5568  ProfSvc - ok
14:15:53.0319 5568  [ 42E46DC7767F5AB664E3F6B36D9764AD ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:15:53.0335 5568  Psched - ok
14:15:53.0366 5568  [ 9D8D860A9CF57A47E0041C9BDA415130 ] QWAVE           C:\Windows\system32\qwave.dll
14:15:53.0382 5568  QWAVE - ok
14:15:53.0397 5568  [ 29E548E1C511BFBE56FA6438488DE0E0 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:15:53.0413 5568  QWAVEdrv - ok
14:15:53.0444 5568  [ C07E9331431C78D41F30E62A15E1D324 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:15:53.0444 5568  RasAcd - ok
14:15:53.0491 5568  [ F63755B2DCE1BE7927F5CEAB7991EFED ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:15:53.0506 5568  RasAgileVpn - ok
14:15:53.0522 5568  [ 63A57B7DDF705E4D7D6B0FF86BDBBF96 ] RasAuto         C:\Windows\System32\rasauto.dll
14:15:53.0538 5568  RasAuto - ok
14:15:53.0553 5568  [ 6E0649D7325D85C47C844EB3267E4625 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:15:53.0569 5568  Rasl2tp - ok
14:15:53.0600 5568  [ FA17FE26953E6B0DE7A5A966253869E9 ] RasMan          C:\Windows\System32\rasmans.dll
14:15:53.0616 5568  RasMan - ok
14:15:53.0631 5568  [ 5BA6DB7AD04A8EADE0A41E6C8427582B ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:15:53.0631 5568  RasPppoe - ok
14:15:53.0662 5568  [ 3A421DDA09E3BF96E9D698D13FDC139E ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:15:53.0662 5568  RasSstp - ok
14:15:53.0678 5568  [ E0E033E0A8122FEC2AAF48B99EBC70F9 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:15:53.0694 5568  rdbss - ok
14:15:53.0709 5568  [ 4FB0345ADE5C2E15EA1A22F173E71D37 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
14:15:53.0756 5568  rdpbus - ok
14:15:53.0772 5568  [ 2CAD2A13569741C67CD9C52F97E0F992 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:15:53.0787 5568  RDPDR - ok
14:15:53.0834 5568  [ 40083918DB637FCB8A2C2453A2284603 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:15:53.0834 5568  RdpVideoMiniport - ok
14:15:53.0865 5568  [ EA0E833A1418C28E6085DFFA68731EA5 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:15:53.0881 5568  RDPWD - ok
14:15:53.0881 5568  [ 38A8012D03150D6852B9CDDB24280F1A ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:15:53.0896 5568  rdyboost - ok
14:15:53.0943 5568  [ 9F38A0A16958C33552C92EAE5AFC9E5F ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:15:53.0959 5568  RemoteAccess - ok
14:15:53.0990 5568  [ 8331C0CF128BD1A56440B2E82AAA5EB5 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:15:54.0021 5568  RemoteRegistry - ok
14:15:54.0052 5568  [ 5AF682962162FCDB85B56CB8A0DB5E6B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:15:54.0068 5568  RpcEptMapper - ok
14:15:54.0115 5568  [ A8DDFFFBA3F655C82AB5D4A249E4D414 ] RpcLocator      C:\Windows\system32\locator.exe
14:15:54.0130 5568  RpcLocator - ok
14:15:54.0193 5568  [ BCD3562ACB27B8137BF809F61BA44E80 ] RpcSs           C:\Windows\system32\rpcss.dll
14:15:54.0224 5568  RpcSs - ok
14:15:54.0569 5568  [ C7BD738B9BF45E797A6089AF946BAC47 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:15:54.0569 5568  rspndr - ok
14:15:54.0647 5568  [ BF93264AE817867448A1A8D9F650A288 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x86.sys
14:15:54.0662 5568  RTL8168 - ok
14:15:54.0678 5568  [ E21867D4A8FF3824150E56979E333610 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
14:15:54.0678 5568  s3cap - ok
14:15:54.0709 5568  [ 0118D8C2B0B04F6B6FE620EADDA53449 ] SamSs           C:\Windows\system32\lsass.exe
14:15:54.0725 5568  SamSs - ok
14:15:54.0740 5568  [ 434F805B0B3840A52C19C96A7BB64AA3 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:15:54.0740 5568  sbp2port - ok
14:15:54.0787 5568  [ B1B737661EF9D779FEE8866CC38F7B98 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:15:54.0820 5568  SCardSvr - ok
14:15:54.0852 5568  [ 3F21FBE0550B41240B6A864F6C8C15E4 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:15:54.0867 5568  scfilter - ok
14:15:54.0914 5568  [ CDFE4C8A7AB71BD52B2804E5B4E9C4A2 ] Schedule        C:\Windows\system32\schedsvc.dll
14:15:54.0945 5568  Schedule - ok
14:15:54.0992 5568  [ BAEE72BFBEC7B96AA85F861A6F4FE428 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:15:55.0008 5568  SCPolicySvc - ok
14:15:55.0054 5568  [ 1D09A99E18AB7685324FA8A394A3EF9C ] sdbus           C:\Windows\System32\drivers\sdbus.sys
14:15:55.0054 5568  sdbus - ok
14:15:55.0086 5568  [ B433671D5A6D36D35141A56B6E75D086 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:15:55.0101 5568  SDRSVC - ok
14:15:55.0148 5568  [ 29A975CB4DDA873C80B0AAA91FFA74B8 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
14:15:55.0148 5568  sdstor - ok
14:15:55.0179 5568  [ A8CC993CED4DF9710ADAABC9DA66B660 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:15:55.0179 5568  secdrv - ok
14:15:55.0195 5568  [ B83564D1603B821CCD82CC335C87AD97 ] seclogon        C:\Windows\system32\seclogon.dll
14:15:55.0226 5568  seclogon - ok
14:15:55.0257 5568  [ 64355214ECE4573F553353597779EF11 ] SENS            C:\Windows\System32\sens.dll
14:15:55.0273 5568  SENS - ok
14:15:55.0320 5568  [ 867C301E8B790040AE9CF6486E8041DF ] SensorsSimulatorDriver C:\Windows\system32\DRIVERS\WUDFRd.sys
14:15:55.0335 5568  SensorsSimulatorDriver - ok
14:15:55.0351 5568  [ 7E4F0DCAF6739C830B8043CCBF79ABBF ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:15:55.0382 5568  SensrSvc - ok
14:15:55.0429 5568  [ 3DE395F302C4DCD3D4792EB786A7B402 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
14:15:55.0444 5568  SerCx - ok
14:15:55.0476 5568  [ C706C88BAEE6B23C86C791EF47D901D4 ] Serenum         C:\Windows\System32\drivers\serenum.sys
14:15:55.0491 5568  Serenum - ok
14:15:55.0507 5568  [ F492965E2EDDB1BCA2E000A1085BE082 ] Serial          C:\Windows\System32\drivers\serial.sys
14:15:55.0522 5568  Serial - ok
14:15:55.0554 5568  [ 409C91880A6A70FDD33CFEDC43D0F808 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
14:15:55.0569 5568  sermouse - ok
14:15:55.0632 5568  [ E19B1B639B5017BF6224744565B08E38 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:15:55.0647 5568  SessionEnv - ok
14:15:55.0663 5568  [ BDF7F7AC3700DAF0A19D19C008D408C0 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
14:15:55.0678 5568  sfloppy - ok
14:15:55.0756 5568  [ 578AA5D3C4A4C1052C9B13B4FA748B00 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:15:55.0772 5568  SharedAccess - ok
14:15:55.0819 5568  [ C416B8E2EF38D100DA19C4DA8A3E8A17 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:15:55.0834 5568  ShellHWDetection - ok
14:15:55.0881 5568  [ A5A3C56B5E46F77E6992A3772F8E4C8D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:15:55.0897 5568  sisagp - ok
14:15:55.0897 5568  [ 39763193254A265FDA6F08EF375549DF ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:15:55.0912 5568  SiSRaid2 - ok
14:15:55.0928 5568  [ 2A95CC135283B3C56B783171532B62D0 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:15:55.0944 5568  SiSRaid4 - ok
14:15:56.0006 5568  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
14:15:56.0022 5568  SkypeUpdate - ok
14:15:56.0084 5568  [ 1FA732F662375B134B510B44686BABD2 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:15:56.0100 5568  SNMPTRAP - ok
14:15:56.0115 5568  [ 3B3EDACFE0E7B117AF01A4C8F37C9913 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
14:15:56.0131 5568  spaceport - ok
14:15:56.0146 5568  [ C8E9372645392E23CF36B4C1686B1509 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
14:15:56.0162 5568  SpbCx - ok
14:15:56.0209 5568  [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan        C:\Windows\system32\speedfan.sys
14:15:56.0224 5568  speedfan - ok
14:15:56.0256 5568  [ D246A6F32CD74A0AE1F00EF7C73A1DBC ] Spooler         C:\Windows\System32\spoolsv.exe
14:15:56.0271 5568  Spooler - ok
14:15:56.0365 5568  [ ED4B93745C905B985BBE197970FFBF2E ] sppsvc          C:\Windows\system32\sppsvc.exe
14:15:56.0505 5568  sppsvc - ok
14:15:56.0583 5568  [ 90A07229992B24FC4C419D56E58CF075 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:15:56.0599 5568  SQLWriter - ok
14:15:56.0646 5568  [ 8B20E19AF56E21E9549D4CA496BB78D6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:15:56.0661 5568  srv - ok
14:15:56.0708 5568  [ 9804186617BBB92BC8361D01A59BFD58 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:15:56.0724 5568  srv2 - ok
14:15:56.0739 5568  [ 3CC26136D8A0180899F3FF02F44DD43B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:15:56.0770 5568  srvnet - ok
14:15:56.0817 5568  [ 9B4B2E29751312BF65CBE301AFB746A1 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:15:56.0833 5568  SSDPSRV - ok
14:15:56.0833 5568  [ F23D18AF0C34B5167BA72F9B95EEAB06 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:15:56.0848 5568  SstpSvc - ok
14:15:56.0880 5568  Steam Client Service - ok
14:15:56.0895 5568  [ CC17B7A7C4DD72BE2B10DAF254147A2B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:15:56.0911 5568  stexstor - ok
14:15:56.0958 5568  [ B9A28B6DA5EFEE202FAD396FEDFE73D8 ] StiSvc          C:\Windows\System32\wiaservc.dll
14:15:56.0989 5568  StiSvc - ok
14:15:57.0036 5568  [ C34BCFA72A8BFE7D80092084B6A1E375 ] storahci        C:\Windows\system32\drivers\storahci.sys
14:15:57.0051 5568  storahci - ok
14:15:57.0098 5568  [ B00DA575ADF228C1D33269CDE92A68EC ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
14:15:57.0114 5568  storflt - ok
14:15:57.0145 5568  [ 9AA77CAD9ADF035109B9E65EB3F8D61A ] StorSvc         C:\Windows\system32\storsvc.dll
14:15:57.0160 5568  StorSvc - ok
14:15:57.0176 5568  [ 5C538C4975B53C31500BC535FF436CDC ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:15:57.0192 5568  storvsc - ok
14:15:57.0207 5568  [ 8DF8D4AEADF32F5D4C6FFA9936E16A10 ] svsvc           C:\Windows\system32\svsvc.dll
14:15:57.0223 5568  svsvc - ok
14:15:57.0238 5568  [ 8DCA45AD5E2D83E00A1952BE2B541A27 ] swenum          C:\Windows\System32\drivers\swenum.sys
14:15:57.0254 5568  swenum - ok
14:15:57.0285 5568  [ B53421FCD315F35837A07716E9F7A1E7 ] swprv           C:\Windows\System32\swprv.dll
14:15:57.0316 5568  swprv - ok
14:15:57.0363 5568  [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
14:15:57.0379 5568  SynTP - ok
14:15:57.0410 5568  [ 72EFFCDAAFDB8FB568A56B02D5703B76 ] SysMain         C:\Windows\system32\sysmain.dll
14:15:57.0441 5568  SysMain - ok
14:15:57.0488 5568  [ EEBC8D1EE91FC6C632DE6996FEA9252A ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
14:15:57.0504 5568  SystemEventsBroker - ok
14:15:57.0519 5568  [ 3705A5E2A2834EA94EF073D87AF88D8F ] TabletInputService C:\Windows\System32\TabSvc.dll
14:15:57.0535 5568  TabletInputService - ok
14:15:57.0582 5568  [ 4A10477302BB35A17ED818CD8720478A ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:15:57.0597 5568  TapiSrv - ok
14:15:57.0675 5568  [ DA9D8FD38190C66E747D13B7F5E1945A ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:15:57.0722 5568  Tcpip - ok
14:15:57.0769 5568  [ DA9D8FD38190C66E747D13B7F5E1945A ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:15:57.0816 5568  TCPIP6 - ok
14:15:57.0862 5568  [ D40FB114D559FDDE599293E1B5107644 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:15:57.0878 5568  tcpipreg - ok
14:15:57.0909 5568  [ 0886D9F1B5A5334FBB143A260E4BFB5C ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:15:57.0909 5568  tdx - ok
14:15:58.0003 5568  [ 42BA22394C499648C03079742BFA593B ] Te.Service      C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
14:15:58.0018 5568  Te.Service ( UnsignedFile.Multi.Generic ) - warning
14:15:58.0018 5568  Te.Service - detected UnsignedFile.Multi.Generic (1)
14:15:58.0050 5568  [ 0E099CC6D72DD47CAB9CC3D5DDF0A93E ] terminpt        C:\Windows\System32\drivers\terminpt.sys
14:15:58.0065 5568  terminpt - ok
14:15:58.0128 5568  [ 10DA7F780EF287FEA7D70C1633C68F0B ] TermService     C:\Windows\System32\termsrv.dll
14:15:58.0143 5568  TermService - ok
14:15:58.0143 5568  [ 14378287DC6D4CF1E3279AA9EBD70665 ] Themes          C:\Windows\system32\themeservice.dll
14:15:58.0159 5568  Themes - ok
14:15:58.0190 5568  [ CAAAB04E7775D8F11E166482F3596539 ] THREADORDER     C:\Windows\system32\mmcss.dll
14:15:58.0190 5568  THREADORDER - ok
14:15:58.0252 5568  [ 9A15D7655125CB1FDEF007D30230CABC ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
14:15:58.0252 5568  TimeBroker - ok
14:15:58.0299 5568  [ FDFF6B80C62FAA6F8A22A64ACF0D18D3 ] TPM             C:\Windows\system32\drivers\tpm.sys
14:15:58.0315 5568  TPM - ok
14:15:58.0362 5568  [ 7B19BA44B3A44494DBA300206FABA998 ] TrkWks          C:\Windows\System32\trkwks.dll
14:15:58.0377 5568  TrkWks - ok
14:15:58.0440 5568  [ FD9F6ED4C26CA21B8DD2994F14BD98FC ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:15:58.0455 5568  TrustedInstaller - ok
14:15:58.0502 5568  [ B9E622309DE8C780E6818531586F2221 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:15:58.0518 5568  TsUsbFlt - ok
14:15:58.0533 5568  [ 074440A1C04913F7DF81839565A47917 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
14:15:58.0533 5568  TsUsbGD - ok
14:15:58.0564 5568  [ 62EE13D4EE7DB793C13F33F51A21170E ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:15:58.0580 5568  tunnel - ok
14:15:58.0596 5568  [ E0750A399E378C8433165C843FD7F732 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:15:58.0611 5568  uagp35 - ok
14:15:58.0627 5568  [ B3B9DDEEFC3B823B3067DCADCD80014D ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
14:15:58.0642 5568  UASPStor - ok
14:15:58.0689 5568  [ C1798C9CEC2802C6C23119F269747E05 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
14:15:58.0689 5568  UCX01000 - ok
14:15:58.0720 5568  [ 942D7B29F95DC6C5D14B8758044627C1 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:15:58.0736 5568  udfs - ok
14:15:58.0783 5568  [ 3F7B87F8E850907783AC681AF542601D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:15:58.0798 5568  UI0Detect - ok
14:15:58.0814 5568  [ C4FE9CC8AA769B1D140C07308574969D ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:15:58.0830 5568  uliagpkx - ok
14:15:58.0861 5568  [ D54E16CE5FF8493E611CFF34F96F5A00 ] umbus           C:\Windows\System32\drivers\umbus.sys
14:15:58.0861 5568  umbus - ok
14:15:58.0892 5568  [ 4F92FB5D2353C1B75F0C3138C1822FC3 ] UmPass          C:\Windows\System32\drivers\umpass.sys
14:15:58.0892 5568  UmPass - ok
14:15:58.0923 5568  [ CC0CC034C75F8D445B7E561BA018E166 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:15:58.0939 5568  UmRdpService - ok
14:15:58.0939 5568  [ 4359A695FB0CF5C0C78A7FD2DACABC00 ] upnphost        C:\Windows\System32\upnphost.dll
14:15:58.0970 5568  upnphost - ok
14:15:59.0017 5568  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\Windows\System32\Drivers\usbaapl.sys
14:15:59.0017 5568  USBAAPL ( UnsignedFile.Multi.Generic ) - warning
14:15:59.0017 5568  USBAAPL - detected UnsignedFile.Multi.Generic (1)
14:15:59.0095 5568  [ ABFF3E6009343A2613D31FDC241A6D6E ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
14:15:59.0095 5568  usbccgp - ok
14:15:59.0142 5568  [ 614BDD1AB210F6DCE5EDFE0624717C94 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
14:15:59.0157 5568  usbcir - ok
14:15:59.0204 5568  [ E7614B639357ADCB056D5FAAB9E2FB00 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
14:15:59.0220 5568  usbehci - ok
14:15:59.0266 5568  [ 2398AB1409B50ED2CFEE58375A777133 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
14:15:59.0298 5568  usbhub - ok
14:15:59.0344 5568  [ B9890F0900897968615F7B604226A857 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
14:15:59.0376 5568  USBHUB3 - ok
14:15:59.0391 5568  [ D3641BCE4BE9858423CF0FA843A77AC1 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
14:15:59.0407 5568  usbohci - ok
14:15:59.0438 5568  [ 81F2E53B5945995FD5D459180EB21AE7 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
14:15:59.0454 5568  usbprint - ok
14:15:59.0485 5568  [ B1E7E4171205180587F46CF16EE7E599 ] usbscan         C:\Windows\System32\drivers\usbscan.sys
14:15:59.0500 5568  usbscan - ok
14:15:59.0532 5568  [ 727CE341DF7EFDC94F2868393549F497 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
14:15:59.0547 5568  USBSTOR - ok
14:15:59.0594 5568  [ 599D7D0A2DD4F5517DA1ADEAAF0B468F ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
14:15:59.0610 5568  usbuhci - ok
14:15:59.0625 5568  [ 670994311A3E0B3E99CE0DC70DA8909F ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:15:59.0656 5568  usbvideo - ok
14:15:59.0688 5568  [ AAA7CE0689651F4B06FA30A7FF001616 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
14:15:59.0703 5568  USBXHCI - ok
14:15:59.0734 5568  [ 0118D8C2B0B04F6B6FE620EADDA53449 ] VaultSvc        C:\Windows\system32\lsass.exe
14:15:59.0750 5568  VaultSvc - ok
14:15:59.0812 5568  [ 0AA85E1C967652071D283147AC4B17CD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:15:59.0812 5568  vdrvroot - ok
14:15:59.0968 5568  [ 9B2590EB5A93BA2E5C27B98C2EED81B0 ] vds             C:\Windows\System32\vds.exe
14:15:59.0984 5568  vds - ok
14:16:00.0218 5568  [ F70882757673FA7D4E466D811E1AC029 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
14:16:00.0234 5568  VerifierExt - ok
14:16:00.0281 5568  [ 38DF48D22D63C1054DEF23629003B027 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
14:16:00.0296 5568  vhdmp - ok
14:16:00.0327 5568  [ 91A67D2DDDD75D173A6590B75E305E3C ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:16:00.0343 5568  viaagp - ok
14:16:00.0374 5568  [ 05DD6EA970A2493D8BFCE2CFCF2F445C ] ViaC7           C:\Windows\System32\drivers\viac7.sys
14:16:00.0374 5568  ViaC7 - ok
14:16:00.0468 5568  [ 11283532CE62BA51557D00E09262ED78 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:16:00.0483 5568  viaide - ok
14:16:00.0530 5568  [ 4E11F13C400F4721E38CFC12976057DE ] Virtual Router  C:\Program Files\Virtual Router\VirtualRouterService.exe
14:16:00.0530 5568  Virtual Router ( UnsignedFile.Multi.Generic ) - warning
14:16:00.0530 5568  Virtual Router - detected UnsignedFile.Multi.Generic (1)
14:16:00.0608 5568  [ 7171B884DA8BFB1CE5C8BAE46D993CB1 ] VMAuthdService  C:\Program Files\VMware\VMware Player\vmware-authd.exe
14:16:00.0608 5568  VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
14:16:00.0608 5568  VMAuthdService - detected UnsignedFile.Multi.Generic (1)
14:16:00.0655 5568  [ 2E4777120FC246CCF76A69C7BB4AEF57 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:16:00.0671 5568  vmbus - ok
14:16:00.0686 5568  [ FA7B57977E55B60409FD9E36FC57395C ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
14:16:00.0702 5568  VMBusHID - ok
14:16:00.0749 5568  [ 753BD0240B6586ABA0D67A70B3EF44A0 ] vmci            C:\Windows\system32\drivers\vmci.sys
14:16:00.0764 5568  vmci - ok
14:16:00.0811 5568  [ 57AE02EE534B4BF0E09462C6C2665D55 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
14:16:00.0827 5568  vmicheartbeat - ok
14:16:00.0827 5568  [ 57AE02EE534B4BF0E09462C6C2665D55 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
14:16:00.0842 5568  vmickvpexchange - ok
14:16:00.0842 5568  [ 57AE02EE534B4BF0E09462C6C2665D55 ] vmicrdv         C:\Windows\System32\ICSvc.dll
14:16:00.0858 5568  vmicrdv - ok
14:16:00.0873 5568  [ 57AE02EE534B4BF0E09462C6C2665D55 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
14:16:00.0889 5568  vmicshutdown - ok
14:16:00.0889 5568  [ 57AE02EE534B4BF0E09462C6C2665D55 ] vmictimesync    C:\Windows\System32\ICSvc.dll
14:16:00.0905 5568  vmictimesync - ok
14:16:00.0920 5568  [ 57AE02EE534B4BF0E09462C6C2665D55 ] vmicvss         C:\Windows\System32\ICSvc.dll
14:16:00.0920 5568  vmicvss - ok
14:16:00.0983 5568  [ DB38B7DDC2E5E0DB3984AAEE0BED93AF ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys
14:16:00.0983 5568  vmkbd - ok
14:16:01.0029 5568  [ A267D2321ED281359D301BFEB8202652 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
14:16:01.0045 5568  VMnetAdapter - ok
14:16:01.0092 5568  [ 7A4BB278D7860551A716D46349492692 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
14:16:01.0107 5568  VMnetBridge - ok
14:16:01.0123 5568  [ 03A7980C30E9F00F1EAC752612DC80CE ] VMnetDHCP       C:\Windows\system32\vmnetdhcp.exe
14:16:01.0139 5568  VMnetDHCP - ok
14:16:01.0154 5568  [ F804B83C419F4D60458C19F9FA7C4253 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
14:16:01.0170 5568  VMnetuserif - ok
14:16:01.0201 5568  [ AFB10AD9AA91D2F70C9F0E6BDA0D119B ] vmusb           C:\Windows\System32\Drivers\vmusb.sys
14:16:01.0217 5568  vmusb - ok
14:16:01.0279 5568  [ A77A76DD2773616651121B7EFA5948C1 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
14:16:01.0295 5568  VMUSBArbService - ok
14:16:01.0326 5568  [ F1D29D9C5DB9C144769F5CD7212BE555 ] VMware NAT Service C:\Windows\system32\vmnat.exe
14:16:01.0341 5568  VMware NAT Service - ok
14:16:01.0373 5568  [ 168CEE789DB3B6C2432059AAC8C8D933 ] vmx86           C:\Windows\system32\Drivers\vmx86.sys
14:16:01.0373 5568  vmx86 - ok
14:16:01.0388 5568  [ 7E8BCEEA56197925D944CA7D230596F7 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:16:01.0404 5568  volmgr - ok
14:16:01.0451 5568  [ 9C21037D3983D9B93190D2AA16570395 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:16:01.0466 5568  volmgrx - ok
14:16:01.0482 5568  [ 8E15C3D58A8ADE841060661DBA6E7A9B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:16:01.0497 5568  volsnap - ok
14:16:01.0513 5568  [ C5B79DA9C82C01EEFAABA713A858649E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:16:01.0529 5568  vsmraid - ok
14:16:01.0575 5568  [ C78C6BC9C3A65256B7A96B478C16278F ] vsock           C:\Windows\system32\drivers\vsock.sys
14:16:01.0575 5568  vsock - ok
14:16:01.0716 5568  [ B5D64BAE14CC740749562D49404ADA7D ] VSPerfDrv110    C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys
14:16:01.0716 5568  VSPerfDrv110 - ok
14:16:01.0778 5568  [ 700F5256DFCF1E65837F740EE0889F0F ] VSS             C:\Windows\system32\vssvc.exe
14:16:01.0809 5568  VSS - ok
14:16:01.0856 5568  [ AB5F5CC034E31E496606E666657F3CC2 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
14:16:01.0872 5568  VSTXRAID - ok
14:16:01.0887 5568  [ 23044877230094EE20D057BC63ED19F0 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:16:01.0903 5568  vwifibus - ok
14:16:01.0950 5568  [ 7139B7012EF75A82CA11177D4BF1CD37 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:16:01.0950 5568  vwififlt - ok
14:16:01.0965 5568  [ 3C93AA2C5AC6030706757DCEAF57CD64 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:16:01.0981 5568  vwifimp - ok
14:16:02.0028 5568  [ 56A40C6DFB12E33B88887C4F9D5917FF ] W32Time         C:\Windows\system32\w32time.dll
14:16:02.0075 5568  W32Time - ok
14:16:02.0090 5568  [ B4254668F5806AAA051A320FE88146F6 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
14:16:02.0106 5568  WacomPen - ok
14:16:02.0153 5568  [ 0D1401969D950975F18104DA56A20196 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:16:02.0153 5568  Wanarp - ok
14:16:02.0168 5568  [ 0D1401969D950975F18104DA56A20196 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:16:02.0168 5568  Wanarpv6 - ok
14:16:02.0215 5568  [ 09EA8F80C26FEAAE7D34AC82A871A909 ] wbengine        C:\Windows\system32\wbengine.exe
14:16:02.0262 5568  wbengine - ok
14:16:02.0277 5568  [ D7AB5A0119A208B53784863DF403C2F2 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:16:02.0293 5568  WbioSrvc - ok
14:16:02.0309 5568  [ AB66316B4ED378A2CBEA61D6C5844A98 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
14:16:02.0324 5568  Wcmsvc - ok
14:16:02.0371 5568  [ 2569DC92526501CA292A1985F54D174B ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:16:02.0387 5568  wcncsvc - ok
14:16:02.0402 5568  [ 1B0A5043CC13F7DEB9873CC464FB11C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:16:02.0418 5568  WcsPlugInService - ok
14:16:02.0433 5568  [ 9BF0CE1E215789664EB563A52EC0B83B ] Wd              C:\Windows\system32\drivers\wd.sys
14:16:02.0449 5568  Wd - ok
14:16:02.0496 5568  [ B73E9524D0034A1BC7CE10CED727A116 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
14:16:02.0496 5568  WdBoot - ok
14:16:02.0543 5568  [ CEA67D4279BF8A268062F08330179738 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:16:02.0574 5568  Wdf01000 - ok
14:16:02.0589 5568  [ 357EA02565E599297D3729340FE0F961 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
14:16:02.0605 5568  WdFilter - ok
14:16:02.0605 5568  [ 2FC34E39DD120AB985DF1F63B10A4B4D ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:16:02.0636 5568  WdiServiceHost - ok
14:16:02.0636 5568  [ 2FC34E39DD120AB985DF1F63B10A4B4D ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:16:02.0652 5568  WdiSystemHost - ok
14:16:02.0699 5568  [ FD800739494EE57DC7849BD64BDA1EEC ] WebClient       C:\Windows\System32\webclnt.dll
14:16:02.0714 5568  WebClient - ok
14:16:02.0745 5568  [ 476746404FC104242EE8F049F2A6FA4A ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:16:02.0761 5568  Wecsvc - ok
14:16:02.0761 5568  [ B8A6C4812FD65EF95EB0F723A48C2462 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:16:02.0808 5568  wercplsupport - ok
14:16:02.0839 5568  [ 4A1A99EB9B85679C0F97255E72A6DC85 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:16:02.0855 5568  WerSvc - ok
14:16:02.0870 5568  [ B7ADB3799F1B6D8172DFDCE1DA8937F5 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
14:16:02.0870 5568  WFPLWFS - ok
14:16:02.0901 5568  [ 1764AA30CDF8AF8995D4A3CEADF6AB0D ] WiaRpc          C:\Windows\System32\wiarpc.dll
14:16:02.0933 5568  WiaRpc - ok
14:16:02.0964 5568  [ 8B7BBA41B67E92B73BAFEBDF570B3703 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:16:02.0964 5568  WIMMount - ok
14:16:03.0026 5568  [ 36A695E1683671009C2FEA38B5EB4CD4 ] WinDefend       C:\Program Files\Windows Defender\MsMpEng.exe
14:16:03.0042 5568  WinDefend - ok
14:16:03.0104 5568  [ 7A4797475ABAD6ECF1BCB08637922ECA ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
14:16:03.0182 5568  WinHttpAutoProxySvc - ok
14:16:03.0291 5568  [ 62B866B25BA8A3FCAEC457738DDA726E ] winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:16:03.0307 5568  winmgmt - ok
14:16:03.0385 5568  [ EE08CA40473062F2962F1ED25C85306C ] WinRM           C:\Windows\system32\WsmSvc.dll
14:16:03.0447 5568  WinRM - ok
14:16:03.0494 5568  [ 30122927052480564DB0695B0CEADE62 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:16:03.0510 5568  WinUsb - ok
14:16:03.0588 5568  [ 70752CC656FE991392C1FD262D386863 ] WlanSvc         C:\Windows\System32\wlansvc.dll
14:16:03.0635 5568  WlanSvc - ok
14:16:03.0713 5568  [ 7194769CA375358E5BD89929C2C47B4C ] wlidsvc         C:\Windows\system32\wlidsvc.dll
14:16:03.0759 5568  wlidsvc - ok
14:16:03.0837 5568  [ F8A31500A1B7EFDB95E5103A7C7275C1 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
14:16:03.0837 5568  WmiAcpi - ok
14:16:03.0900 5568  [ 8899BED47FE375EE665AD1821598E471 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:16:03.0915 5568  wmiApSrv - ok
14:16:04.0009 5568  [ 207CB1C1770997621C1798E78EADCBBD ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:16:04.0025 5568  WMPNetworkSvc - ok
14:16:04.0040 5568  [ 9C3F5C7B716247756575235A3218FD38 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
14:16:04.0056 5568  wpcfltr - ok
14:16:04.0103 5568  [ 32B4145D0513E913C13A73C3E640C931 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:16:04.0103 5568  WPCSvc - ok
14:16:04.0134 5568  [ 9BB009547532C1F2DF14455CE1102A33 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:16:04.0134 5568  WPDBusEnum - ok
14:16:04.0149 5568  [ E5DCECD5A6A21AE48E94F6C9DC0E093C ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
14:16:04.0165 5568  WpdUpFltr - ok
14:16:04.0212 5568  [ 7CB94AFFC7F56C8E645381DB9C23F845 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:16:04.0227 5568  ws2ifsl - ok
14:16:04.0243 5568  [ 005950A4A8B36C551F25AF947CFA749D ] wscsvc          C:\Windows\System32\wscsvc.dll
14:16:04.0259 5568  wscsvc - ok
14:16:04.0259 5568  WSearch - ok
14:16:04.0352 5568  [ 0636D43456AD9CC717FE1890AB467EEC ] WSService       C:\Windows\System32\WSService.dll
14:16:04.0461 5568  WSService - ok
14:16:04.0539 5568  [ F815E68C555847518C8660FF9084F768 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:16:04.0617 5568  wuauserv - ok
14:16:04.0664 5568  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:16:04.0680 5568  WudfPf - ok
14:16:04.0695 5568  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
14:16:04.0695 5568  WUDFRd - ok
14:16:04.0711 5568  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFSensorLP    C:\Windows\system32\DRIVERS\WUDFRd.sys
14:16:04.0727 5568  WUDFSensorLP - ok
14:16:04.0773 5568  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:16:04.0789 5568  wudfsvc - ok
14:16:04.0789 5568  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
14:16:04.0805 5568  WUDFWpdFs - ok
14:16:04.0805 5568  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
14:16:04.0820 5568  WUDFWpdMtp - ok
14:16:04.0867 5568  [ 5DB9AC725AF17FAEC17DC7A0ACC99152 ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:16:04.0883 5568  WwanSvc - ok
14:16:04.0914 5568  ================ Scan global ===============================
14:16:04.0961 5568  [ 8D41654D0A9E15635ACF5E18FF470AB1 ] C:\Windows\system32\basesrv.dll
14:16:05.0023 5568  [ 1EEFCA33A6329CE675FEFFBC563140A9 ] C:\Windows\system32\winsrv.dll
14:16:05.0070 5568  [ 78A87B9D36AAD6AFD6A24915389E1221 ] C:\Windows\system32\sxssrv.dll
14:16:05.0117 5568  [ 6528BAACA25356FE226904DD36C82BA7 ] C:\Windows\system32\services.exe
14:16:05.0117 5568  [Global] - ok
14:16:05.0117 5568  ================ Scan MBR ==================================
14:16:05.0132 5568  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:16:05.0916 5568  \Device\Harddisk0\DR0 - ok
14:16:05.0916 5568  ================ Scan VBR ==================================
14:16:05.0932 5568  [ D184637B4DCDD7602EC7F0F68B2D5294 ] \Device\Harddisk0\DR0\Partition1
14:16:05.0932 5568  \Device\Harddisk0\DR0\Partition1 - ok
14:16:05.0947 5568  [ 6D1ED9DF3F4BD85647F2BB4BFF3269FF ] \Device\Harddisk0\DR0\Partition2
14:16:05.0947 5568  \Device\Harddisk0\DR0\Partition2 - ok
14:16:05.0978 5568  [ 576B9365F2AD81F1E5CDD080A73C8E30 ] \Device\Harddisk0\DR0\Partition3
14:16:05.0978 5568  \Device\Harddisk0\DR0\Partition3 - ok
14:16:06.0010 5568  [ E6D31CCB36AA704839EA954C61EA93DD ] \Device\Harddisk0\DR0\Partition4
14:16:06.0010 5568  \Device\Harddisk0\DR0\Partition4 - ok
14:16:06.0010 5568  ============================================================
14:16:06.0010 5568  Scan finished
14:16:06.0010 5568  ============================================================
14:16:06.0025 5240  Detected object count: 8
14:16:06.0025 5240  Actual detected object count: 8
14:16:35.0559 5240  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:16:35.0559 5240  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:16:35.0559 5240  CPUCooLServer ( UnsignedFile.Multi.Generic ) - skipped by user
14:16:35.0559 5240  CPUCooLServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:16:35.0559 5240  fussvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:16:35.0559 5240  fussvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:16:35.0559 5240  giveio ( UnsignedFile.Multi.Generic ) - skipped by user
14:16:35.0559 5240  giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:16:35.0559 5240  Te.Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:16:35.0559 5240  Te.Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:16:35.0575 5240  USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
14:16:35.0575 5240  USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:16:35.0575 5240  Virtual Router ( UnsignedFile.Multi.Generic ) - skipped by user
14:16:35.0575 5240  Virtual Router ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:16:35.0575 5240  VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
14:16:35.0575 5240  VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 06.03.2013, 14:51

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

BackBraker · 06.03.2013, 15:20

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.8 (03.04.2013:1)
OS: Windows 8 Pro x86
Ran by marco_000 on 06.03.2013 at 14:54:01.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.03.2013 at 14:57:42.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hier ist noch das von adwcleaner.

Code:

ATTFilter

# AdwCleaner v2.114 - Datei am 06/03/2013 um 15:22:09 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 8 Pro  (32 bits)
# Benutzer : marco_000 - MLAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\marco_000\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16482

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.1 (de)

Datei : C:\Users\marco_000\AppData\Roaming\Mozilla\Firefox\Profiles\473p002m.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [855 octets] - [06/03/2013 15:22:09]

########## EOF - C:\AdwCleaner[S1].txt - [914 octets] ##########

Die anderen kommen noch. Aber OTL hab ich doch schon gemacht oder? O.o

06.03.2013, 12:17	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner auf meinem Laptop (serialcodes_net[1].htm) + SpyHunter 4 Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags) __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner auf meinem Laptop (serialcodes_net[1].htm) + SpyHunter 4

Plagegeister aller Art und deren Bekämpfung: Trojaner auf meinem Laptop (serialcodes_net[1].htm) + SpyHunter 4