Ordner kehrt immer wieder zurück: C:\ProgramData\boost_interprocess?

Scharby · 03.03.2013, 20:17

Hallo liebe Gemeinde!

Dieser Ordner in C:\ProgramData\ heist: boost_interprocess und enthält meisten noch einen Unterordner und gehört nach meinen Nachforschungen zum GMA/Bundes/Etc.-Trojaner.
Ich habe Kein Java installiert!
Ein zufälliger Scan mit dem AdwCleaner machte mich auf dem Ordner aufmerksam und löschte die erkannten Probleme.
Leider hatte ich am nächsten Tag wieder den Ordner auf meinen System?
Ich benutze den Norton Internet Security 2013 und Malewarebytes.

cosinus · 03.03.2013, 20:59

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Scharby · 03.03.2013, 21:26

Hallo, danke für die Willkommensgrüße!

So scan mit Malewarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.03.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Stefan :: STEFAN-PC [Administrator]

03.03.2013 21:06:24
mbam-log-2013-03-03 (21-06-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 341651
Laufzeit: 8 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Und er ist wieder Da

Code:

ATTFilter

# AdwCleaner v2.113 - Datei am 03/03/2013 um 21:19:32 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Stefan - STEFAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stefan\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\boost_interprocess

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\i4e8hmx0.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R6].txt - [775 octets] - [03/03/2013 21:19:32]

########## EOF - C:\AdwCleaner[R6].txt - [834 octets] ##########

Jetzt glaube ich zu wissen wo der herkommt

Spiele gerade Diablo III und Zack er war wieder da.
Hab mal nen Sceenshot angehängt.

Hmm sehr seltsam?
Danke für die schnelle Antwort und ja, die Logs waren zu groß zum anhängen.

cosinus · 03.03.2013, 21:39

Ich hatte eigentlich Logs von Virenscanners erwartet, mit Funden.
Hatte denn jemals ein Virenscanner bei dir was gefunden?
Wenn ja warum hast du diese Logs nicht gepostet?

Scharby · 03.03.2013, 21:46

Nein, die Virenscanner haben nie etwas gefunden.
Nur der AdwCleaner springt an, das log dazu habe ich oben gepostet.

Sieht wohl nach Fehlalarm aus??? Scheint von Spieleclient zu kommen.

cosinus · 03.03.2013, 22:02

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Scharby · 03.03.2013, 23:30

OK, hier der GMER Log

Code:

ATTFilter

GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-03 23:17:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 OCZ-VERTEX4 rev.1.5 119,24GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\Stefan\AppData\Local\Temp\ugriqpob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                      0000000077bafc90 5 bytes JMP 00000001003c091c
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                    0000000077bafdf4 5 bytes JMP 00000001003c0048
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                             0000000077bafe88 5 bytes JMP 00000001003c02ee
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                          0000000077baffe4 5 bytes JMP 00000001003c04b2
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                  0000000077bb0018 5 bytes JMP 00000001003c09fe
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                          0000000077bb0048 5 bytes JMP 00000001003c0ae0
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                       0000000077bb0064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                          0000000077bb077c 5 bytes JMP 00000001003c012a
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                              0000000077bb086c 5 bytes JMP 00000001003c0758
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                        0000000077bb0884 5 bytes JMP 00000001003c0676
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                            0000000077bb0dd4 5 bytes JMP 00000001003c03d0
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                      0000000077bb1900 5 bytes JMP 00000001003c0594
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                  0000000077bb1bc4 5 bytes JMP 00000001003c083a
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                         0000000077bb1d50 5 bytes JMP 00000001003c020c
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                             00000000776a1492 7 bytes JMP 00000001003d059e
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                        000000007746524f 7 bytes JMP 00000001003c0f52
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                            00000000774653d0 7 bytes JMP 00000001003d0210
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                           0000000077465677 1 byte JMP 00000001003d0048
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                           0000000077465679 5 bytes {JMP 0xffffffff88f6a9d1}
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                  000000007746589a 7 bytes JMP 00000001003c0ca6
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                  0000000077465a1d 7 bytes JMP 00000001003d03d8
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                             0000000077465c9b 7 bytes JMP 00000001003d012c
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                               0000000077465d87 7 bytes JMP 00000001003d02f4
.text   C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1048] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123              0000000077467240 7 bytes JMP 00000001003c0e6e
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                   0000000077bafc90 5 bytes JMP 000000010011091c
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                 0000000077bafdf4 5 bytes JMP 0000000100110048
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                          0000000077bafe88 5 bytes JMP 00000001001102ee
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                       0000000077baffe4 5 bytes JMP 00000001001104b2
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                               0000000077bb0018 5 bytes JMP 00000001001109fe
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                       0000000077bb0048 5 bytes JMP 0000000100110ae0
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                    0000000077bb0064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                       0000000077bb077c 5 bytes JMP 000000010011012a
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                           0000000077bb086c 5 bytes JMP 0000000100110758
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                     0000000077bb0884 5 bytes JMP 0000000100110676
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                         0000000077bb0dd4 5 bytes JMP 00000001001103d0
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                   0000000077bb1900 5 bytes JMP 0000000100110594
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                               0000000077bb1bc4 5 bytes JMP 000000010011083a
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                      0000000077bb1d50 5 bytes JMP 000000010011020c
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                          00000000776a1492 7 bytes JMP 000000010012059e
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                     000000007746524f 7 bytes JMP 0000000100110f52
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                         00000000774653d0 7 bytes JMP 0000000100120210
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                        0000000077465677 1 byte JMP 0000000100120048
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                        0000000077465679 5 bytes {JMP 0xffffffff88cba9d1}
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                               000000007746589a 7 bytes JMP 0000000100110ca6
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                               0000000077465a1d 7 bytes JMP 00000001001203d8
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                          0000000077465c9b 7 bytes JMP 000000010012012c
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                            0000000077465d87 7 bytes JMP 00000001001202f4
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123           0000000077467240 7 bytes JMP 0000000100110e6e
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                          0000000077bafc90 5 bytes JMP 00000001002a091c
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                        0000000077bafdf4 5 bytes JMP 00000001002a0048
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                 0000000077bafe88 5 bytes JMP 00000001002a02ee
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                              0000000077baffe4 5 bytes JMP 00000001002a04b2
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                      0000000077bb0018 5 bytes JMP 00000001002a09fe
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                              0000000077bb0048 5 bytes JMP 00000001002a0ae0
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                           0000000077bb0064 5 bytes JMP 000000010003004c
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                              0000000077bb077c 5 bytes JMP 00000001002a012a
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                  0000000077bb086c 5 bytes JMP 00000001002a0758
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                            0000000077bb0884 5 bytes JMP 00000001002a0676
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                0000000077bb0dd4 5 bytes JMP 00000001002a03d0
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                          0000000077bb1900 5 bytes JMP 00000001002a0594
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                      0000000077bb1bc4 5 bytes JMP 00000001002a083a
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                             0000000077bb1d50 5 bytes JMP 00000001002a020c
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                 00000000776a1492 7 bytes JMP 00000001002b04bc
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206            000000007746524f 7 bytes JMP 00000001002a0f52
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                00000000774653d0 7 bytes JMP 00000001002b0210
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149               0000000077465677 1 byte JMP 00000001002b0048
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151               0000000077465679 5 bytes {JMP 0xffffffff88e4a9d1}
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                      000000007746589a 7 bytes JMP 00000001002a0ca6
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                      0000000077465a1d 7 bytes JMP 00000001002b03d8
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                 0000000077465c9b 7 bytes JMP 00000001002b012c
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                   0000000077465d87 7 bytes JMP 00000001002b02f4
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123  0000000077467240 7 bytes JMP 00000001002a0e6e
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                   0000000077081465 2 bytes [08, 77]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1632] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                  00000000770814bb 2 bytes [08, 77]
.text   ...                                                                                                                                                   * 2
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                               0000000077bafc90 5 bytes JMP 00000001001b091c
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                             0000000077bafdf4 5 bytes JMP 00000001001b0048
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                      0000000077bafe88 5 bytes JMP 00000001001b02ee
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                   0000000077baffe4 5 bytes JMP 00000001001b04b2
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                           0000000077bb0018 5 bytes JMP 00000001001b09fe
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                   0000000077bb0048 5 bytes JMP 00000001001b0ae0
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                0000000077bb0064 5 bytes JMP 000000010002004c
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                   0000000077bb077c 5 bytes JMP 00000001001b012a
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                       0000000077bb086c 5 bytes JMP 00000001001b0758
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                 0000000077bb0884 5 bytes JMP 00000001001b0676
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                     0000000077bb0dd4 5 bytes JMP 00000001001b03d0
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                               0000000077bb1900 5 bytes JMP 00000001001b0594
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                           0000000077bb1bc4 5 bytes JMP 00000001001b083a
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                  0000000077bb1d50 5 bytes JMP 00000001001b020c
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                 000000007746524f 7 bytes JMP 00000001001b0f52
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                     00000000774653d0 7 bytes JMP 00000001001c0210
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                    0000000077465677 1 byte JMP 00000001001c0048
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                    0000000077465679 5 bytes {JMP 0xffffffff88d5a9d1}
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                           000000007746589a 7 bytes JMP 00000001001b0ca6
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                           0000000077465a1d 7 bytes JMP 00000001001c03d8
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                      0000000077465c9b 7 bytes JMP 00000001001c012c
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                        0000000077465d87 7 bytes JMP 00000001001c02f4
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                       0000000077467240 7 bytes JMP 00000001001b0e6e
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[3208] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                      00000000776a1492 7 bytes JMP 00000001001c04bc
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                               0000000077bafc90 5 bytes JMP 00000001001f091c
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                             0000000077bafdf4 5 bytes JMP 00000001001f0048
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                      0000000077bafe88 5 bytes JMP 00000001001f02ee
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                   0000000077baffe4 5 bytes JMP 00000001001f04b2
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                           0000000077bb0018 5 bytes JMP 00000001001f09fe
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                   0000000077bb0048 5 bytes JMP 00000001001f0ae0
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                0000000077bb0064 5 bytes JMP 000000010002004c
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                   0000000077bb077c 5 bytes JMP 00000001001f012a
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                       0000000077bb086c 5 bytes JMP 00000001001f0758
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                 0000000077bb0884 5 bytes JMP 00000001001f0676
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                     0000000077bb0dd4 5 bytes JMP 00000001001f03d0
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                               0000000077bb1900 5 bytes JMP 00000001001f0594
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                           0000000077bb1bc4 5 bytes JMP 00000001001f083a
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                  0000000077bb1d50 5 bytes JMP 00000001001f020c
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                 000000007746524f 7 bytes JMP 00000001001f0f52
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                     00000000774653d0 7 bytes JMP 0000000100200210
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                    0000000077465677 1 byte JMP 0000000100200048
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                    0000000077465679 5 bytes {JMP 0xffffffff88d9a9d1}
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                           000000007746589a 7 bytes JMP 00000001001f0ca6
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                           0000000077465a1d 7 bytes JMP 00000001002003d8
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                      0000000077465c9b 7 bytes JMP 000000010020012c
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                        0000000077465d87 7 bytes JMP 00000001002002f4
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                       0000000077467240 7 bytes JMP 00000001001f0e6e
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3384] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                      00000000776a1492 7 bytes JMP 000000010020059e
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                     0000000077bafc90 5 bytes JMP 000000010028091c
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                   0000000077bafdf4 5 bytes JMP 0000000100280048
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                            0000000077bafe88 5 bytes JMP 00000001002802ee
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                         0000000077baffe4 5 bytes JMP 00000001002804b2
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                 0000000077bb0018 5 bytes JMP 00000001002809fe
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                         0000000077bb0048 5 bytes JMP 0000000100280ae0
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                      0000000077bb0064 5 bytes JMP 000000010002004c
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                         0000000077bb077c 5 bytes JMP 000000010028012a
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                             0000000077bb086c 5 bytes JMP 0000000100280758
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                       0000000077bb0884 5 bytes JMP 0000000100280676
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                           0000000077bb0dd4 5 bytes JMP 00000001002803d0
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                     0000000077bb1900 5 bytes JMP 0000000100280594
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                 0000000077bb1bc4 5 bytes JMP 000000010028083a
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                        0000000077bb1d50 5 bytes JMP 000000010028020c
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                       000000007746524f 7 bytes JMP 0000000100280f52
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                           00000000774653d0 7 bytes JMP 0000000100290210
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                          0000000077465677 1 byte JMP 0000000100290048
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                          0000000077465679 5 bytes {JMP 0xffffffff88e2a9d1}
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                 000000007746589a 7 bytes JMP 0000000100280ca6
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                 0000000077465a1d 7 bytes JMP 00000001002903d8
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                            0000000077465c9b 7 bytes JMP 000000010029012c
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                              0000000077465d87 7 bytes JMP 00000001002902f4
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                             0000000077467240 7 bytes JMP 0000000100280e6e
.text   C:\Users\Stefan\Desktop\gmer_2.1.19115.exe[2544] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                            00000000776a1492 7 bytes JMP 00000001002904bc

---- User IAT/EAT - GMER 2.1 ----

IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@AEBV0@@Z]                                         [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!malloc]                                                              [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memcpy_s]                                                            [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!?what@exception@@UEBAPEBDXZ]                                         [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??1exception@@UEAA@XZ]                                               [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBD@Z]                                        [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!realloc]                                                             [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memmove_s]                                                           [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@XZ]                                               [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBDH@Z]                                       [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_CxxThrowException]                                                  [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_callnewh]                                                           [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!__CxxFrameHandler3]                                                  [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_XcptFilter]                                                         [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_initterm]                                                           [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_amsg_exit]                                                          [111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??1type_info@@UEAA@XZ]                                               [fffffffffffffffe] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_unlock]                                                             [100000000] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!__dllonexit]                                                         [400000002] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_lock]                                                               [a00000006] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_onexit]                                                             [160000000e] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memset]                                                              [2e0000001e] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_vsnwprintf]                                                         [5e0000003e] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!free]                                                                [be0000007e] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memcpy]                                                              [17e000000fe] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlGetNtProductType]                                                  [5fe000003fe] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[ntdll.dll!VerSetConditionMask]                                                  [bfe000007fe] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlVirtualUnwind]                                                     [17fe00000ffe] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlCaptureContext]                                                    [2ffe00001ffe] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlLookupFunctionEntry]                                               [5ffe00003ffe] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!GetTickCount]                                                      [0] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!LoadResource]                                                      [0] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!FindResourceW]                                                     [0] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!GetLastError]                                                      [0] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!LoadLibraryExW]                                                    [0] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!lstrlenW]                                                          [0] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!lstrcpynW]                                                         [4a5bc17400000000] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!lstrcmpiW]                                                         [200000000] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!DisableThreadLibraryCalls]                                         [0] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoTaskMemRealloc]                                                     [17ffe0000fffe] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoTaskMemAlloc]                                                       [2fffe0001fffe] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoTaskMemFree]                                                        [5fffe0003fffe] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoUninitialize]                                                       [9fffe0007fffe] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoInitializeEx]                                                       [dfffe000bfffe] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiDestroyDeviceInfoList]                                      [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupOpenInfFileW]                                                 [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupFindFirstLineW]                                               [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupGetIntField]                                                  [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupGetMultiSzFieldW]                                             [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiEnumDeviceInfo]                                             [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiOpenDevRegKey]                                              [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiGetClassDevsW]                                              [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupCloseInfFile]                                                 [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupGetStringFieldW]                                              [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[USER32.dll!CharNextW]                                                           [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[USER32.dll!LoadStringW]                                                         [1111111111111111] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[rtutils.dll!RouterLogDeregisterW]                                               [15fffe0013fffe] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[rtutils.dll!RouterLogRegisterW]                                                 [19fffe0017fffe] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[rtutils.dll!RouterLogEventW]                                                    [1dfffe001bfffe] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceDelete]                                             [0] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceDelete]                                            [80818086808006] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportRemove]                                   [8082868086031000] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminServerDisconnect]                                            [8585454545050514] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigServerDisconnect]                                           [5080303000000585] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminServerConnect]                                               [3827280008008080] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceCreate]                                             [3037000700805750] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceEnum]                                               [2000000088505030] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceGetHandle]                                          [8080888028] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceTransportAdd]                                       [808686868606060] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminTransportCreate]                                             [870707770707807] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigServerConnect]                                              [700080008000008] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceCreate]                                            [8] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceEnum]                                              [706050403020100] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportEnum]                                     [f0e0d0c0b0a0908] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceGetHandle]                                         [605040302010010] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportAdd]                                      [e0d0c0b0a090807] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportGetHandle]                                [100f] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportCreate]                                            [0] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportDelete]                                            [202010100000000] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportGetHandle]                                         [606050504040303] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportGetInfo]                                           [a0a090908080707] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigBufferFree]                                                 [e0e0d0d0c0c0b0b] 
IAT     C:\Windows\system32\svchost.exe[440] @ C:\Windows\system32\rascfg.dll[slc.dll!SLGetWindowsInformationDWORD]                                           [25fffe0023fffe] 

---- Threads - GMER 2.1 ----

Thread  C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [1632:1660]                                                                     0000000000030060

---- EOF - GMER 2.1 ----

Und der MBAR Log

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.03.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Stefan :: STEFAN-PC [administrator]

03.03.2013 23:25:50
mbar-log-2013-03-03 (23-25-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28633
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus · 04.03.2013, 09:15

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Scharby · 04.03.2013, 13:41

Log TDSSKiller:

Code:

ATTFilter

13:35:32.0946 1200  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:35:33.0601 1200  ============================================================
13:35:33.0601 1200  Current date / time: 2013/03/04 13:35:33.0601
13:35:33.0601 1200  SystemInfo:
13:35:33.0601 1200  
13:35:33.0601 1200  OS Version: 6.1.7601 ServicePack: 1.0
13:35:33.0601 1200  Product type: Workstation
13:35:33.0601 1200  ComputerName: STEFAN-PC
13:35:33.0601 1200  UserName: Stefan
13:35:33.0601 1200  Windows directory: C:\Windows
13:35:33.0601 1200  System windows directory: C:\Windows
13:35:33.0601 1200  Running under WOW64
13:35:33.0601 1200  Processor architecture: Intel x64
13:35:33.0601 1200  Number of processors: 6
13:35:33.0601 1200  Page size: 0x1000
13:35:33.0601 1200  Boot type: Normal boot
13:35:33.0601 1200  ============================================================
13:35:33.0929 1200  Drive \Device\Harddisk4\DR4 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:35:33.0929 1200  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:35:33.0929 1200  Drive \Device\Harddisk1\DR1 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:35:33.0929 1200  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:35:33.0929 1200  Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:35:34.0381 1200  ============================================================
13:35:34.0381 1200  \Device\Harddisk4\DR4:
13:35:34.0381 1200  MBR partitions:
13:35:34.0381 1200  \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
13:35:34.0381 1200  \Device\Harddisk0\DR0:
13:35:34.0381 1200  MBR partitions:
13:35:34.0381 1200  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:35:34.0381 1200  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0xEE49000
13:35:34.0381 1200  \Device\Harddisk1\DR1:
13:35:34.0381 1200  MBR partitions:
13:35:34.0381 1200  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCB800
13:35:34.0381 1200  \Device\Harddisk2\DR2:
13:35:34.0381 1200  MBR partitions:
13:35:34.0381 1200  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
13:35:34.0381 1200  \Device\Harddisk3\DR3:
13:35:34.0381 1200  MBR partitions:
13:35:34.0381 1200  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
13:35:34.0381 1200  ============================================================
13:35:34.0381 1200  C: <-> \Device\Harddisk0\DR0\Partition2
13:35:34.0381 1200  E: <-> \Device\Harddisk1\DR1\Partition1
13:35:34.0397 1200  D: <-> \Device\Harddisk3\DR3\Partition1
13:35:34.0412 1200  X: <-> \Device\Harddisk2\DR2\Partition1
13:35:34.0428 1200  F: <-> \Device\Harddisk4\DR4\Partition1
13:35:34.0428 1200  ============================================================
13:35:34.0444 1200  Initialize success
13:35:34.0444 1200  ============================================================
13:36:31.0867 3240  ============================================================
13:36:31.0867 3240  Scan started
13:36:31.0867 3240  Mode: Manual; SigCheck; TDLFS; 
13:36:31.0867 3240  ============================================================
13:36:31.0977 3240  ================ Scan system memory ========================
13:36:31.0977 3240  System memory - ok
13:36:31.0977 3240  ================ Scan services =============================
13:36:32.0008 3240  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:36:32.0055 3240  1394ohci - ok
13:36:32.0055 3240  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:36:32.0070 3240  ACPI - ok
13:36:32.0070 3240  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:36:32.0101 3240  AcpiPmi - ok
13:36:32.0101 3240  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:36:32.0101 3240  AdobeARMservice - ok
13:36:32.0133 3240  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:36:32.0133 3240  AdobeFlashPlayerUpdateSvc - ok
13:36:32.0148 3240  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:36:32.0164 3240  adp94xx - ok
13:36:32.0164 3240  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:36:32.0179 3240  adpahci - ok
13:36:32.0179 3240  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:36:32.0195 3240  adpu320 - ok
13:36:32.0195 3240  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:36:32.0242 3240  AeLookupSvc - ok
13:36:32.0242 3240  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
13:36:32.0257 3240  AFD - ok
13:36:32.0257 3240  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:36:32.0273 3240  agp440 - ok
13:36:32.0273 3240  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
13:36:32.0289 3240  ALG - ok
13:36:32.0289 3240  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:36:32.0304 3240  aliide - ok
13:36:32.0304 3240  ALSysIO - ok
13:36:32.0304 3240  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:36:32.0320 3240  amdide - ok
13:36:32.0320 3240  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:36:32.0335 3240  AmdK8 - ok
13:36:32.0335 3240  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:36:32.0335 3240  AmdPPM - ok
13:36:32.0351 3240  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:36:32.0351 3240  amdsata - ok
13:36:32.0351 3240  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:36:32.0367 3240  amdsbs - ok
13:36:32.0367 3240  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:36:32.0382 3240  amdxata - ok
13:36:32.0382 3240  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
13:36:32.0460 3240  AppID - ok
13:36:32.0460 3240  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:36:32.0476 3240  AppIDSvc - ok
13:36:32.0476 3240  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
13:36:32.0507 3240  Appinfo - ok
13:36:32.0507 3240  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:36:32.0523 3240  AppMgmt - ok
13:36:32.0523 3240  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:36:32.0538 3240  arc - ok
13:36:32.0538 3240  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:36:32.0538 3240  arcsas - ok
13:36:32.0554 3240  [ EDC0C73FA41DF1C8B1FEA3852AED2848 ] AsrHidFilter    C:\Windows\system32\DRIVERS\AsrHidFilter.sys
13:36:32.0569 3240  AsrHidFilter - ok
13:36:32.0569 3240  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:36:32.0601 3240  AsyncMac - ok
13:36:32.0601 3240  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
13:36:32.0601 3240  atapi - ok
13:36:32.0616 3240  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:36:32.0647 3240  AudioEndpointBuilder - ok
13:36:32.0647 3240  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:36:32.0679 3240  AudioSrv - ok
13:36:32.0679 3240  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:36:32.0694 3240  AxInstSV - ok
13:36:32.0710 3240  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
13:36:32.0725 3240  b06bdrv - ok
13:36:32.0725 3240  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:36:32.0741 3240  b57nd60a - ok
13:36:32.0741 3240  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:36:32.0757 3240  BDESVC - ok
13:36:32.0757 3240  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:36:32.0772 3240  Beep - ok
13:36:32.0788 3240  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
13:36:32.0819 3240  BFE - ok
13:36:32.0835 3240  [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130208.001\BHDrvx64.sys
13:36:32.0850 3240  BHDrvx64 - ok
13:36:32.0866 3240  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
13:36:32.0897 3240  BITS - ok
13:36:32.0897 3240  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:36:32.0897 3240  blbdrive - ok
13:36:32.0913 3240  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:36:32.0913 3240  bowser - ok
13:36:32.0913 3240  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:36:32.0928 3240  BrFiltLo - ok
13:36:32.0928 3240  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:36:32.0944 3240  BrFiltUp - ok
13:36:32.0944 3240  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
13:36:32.0959 3240  Browser - ok
13:36:32.0959 3240  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:36:32.0975 3240  Brserid - ok
13:36:32.0975 3240  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:36:32.0991 3240  BrSerWdm - ok
13:36:32.0991 3240  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:36:33.0006 3240  BrUsbMdm - ok
13:36:33.0006 3240  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:36:33.0022 3240  BrUsbSer - ok
13:36:33.0022 3240  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:36:33.0037 3240  BTHMODEM - ok
13:36:33.0037 3240  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
13:36:33.0053 3240  bthserv - ok
13:36:33.0069 3240  [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1402010.016\ccSetx64.sys
13:36:33.0069 3240  ccSet_NIS - ok
13:36:33.0069 3240  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:36:33.0100 3240  cdfs - ok
13:36:33.0100 3240  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:36:33.0115 3240  cdrom - ok
13:36:33.0115 3240  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
13:36:33.0147 3240  CertPropSvc - ok
13:36:33.0147 3240  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:36:33.0147 3240  circlass - ok
13:36:33.0162 3240  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:36:33.0178 3240  CLFS - ok
13:36:33.0178 3240  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:36:33.0193 3240  clr_optimization_v2.0.50727_32 - ok
13:36:33.0193 3240  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:36:33.0209 3240  clr_optimization_v2.0.50727_64 - ok
13:36:33.0209 3240  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:36:33.0225 3240  clr_optimization_v4.0.30319_32 - ok
13:36:33.0225 3240  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:36:33.0240 3240  clr_optimization_v4.0.30319_64 - ok
13:36:33.0240 3240  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:36:33.0240 3240  CmBatt - ok
13:36:33.0256 3240  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:36:33.0256 3240  cmdide - ok
13:36:33.0256 3240  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
13:36:33.0287 3240  CNG - ok
13:36:33.0287 3240  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:36:33.0287 3240  Compbatt - ok
13:36:33.0303 3240  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:36:33.0303 3240  CompositeBus - ok
13:36:33.0303 3240  COMSysApp - ok
13:36:33.0318 3240  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:36:33.0318 3240  crcdisk - ok
13:36:33.0318 3240  [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
13:36:33.0334 3240  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:36:33.0334 3240  Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:36:33.0334 3240  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
13:36:33.0334 3240  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:36:33.0334 3240  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:36:33.0349 3240  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:36:33.0349 3240  CryptSvc - ok
13:36:33.0365 3240  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
13:36:33.0381 3240  CSC - ok
13:36:33.0381 3240  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
13:36:33.0396 3240  CscService - ok
13:36:33.0412 3240  [ 7C62EF8F845C7595275BD140BC613AB9 ] CT20XUT         C:\Windows\system32\drivers\CT20XUT.SYS
13:36:33.0412 3240  CT20XUT - ok
13:36:33.0427 3240  [ 7C62EF8F845C7595275BD140BC613AB9 ] CT20XUT.SYS     C:\Windows\System32\drivers\CT20XUT.SYS
13:36:33.0427 3240  CT20XUT.SYS - ok
13:36:33.0443 3240  [ CBB7D529BEF84ACBEFF4383D2E641429 ] ctac32k         C:\Windows\system32\drivers\ctac32k.sys
13:36:33.0459 3240  ctac32k - ok
13:36:33.0459 3240  [ D48821CEA87EE02E61C8087931E65214 ] ctaud2k         C:\Windows\system32\drivers\ctaud2k.sys
13:36:33.0474 3240  ctaud2k - ok
13:36:33.0474 3240  [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
13:36:33.0490 3240  CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
13:36:33.0490 3240  CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
13:36:33.0505 3240  [ 96BE487253F4B5A0B5851A4884C2AD83 ] CTEXFIFX        C:\Windows\system32\drivers\CTEXFIFX.SYS
13:36:33.0521 3240  CTEXFIFX - ok
13:36:33.0537 3240  [ 96BE487253F4B5A0B5851A4884C2AD83 ] CTEXFIFX.SYS    C:\Windows\System32\drivers\CTEXFIFX.SYS
13:36:33.0552 3240  CTEXFIFX.SYS - ok
13:36:33.0568 3240  [ 103622BCED20E4F1BB28422AF2713763 ] CTHWIUT         C:\Windows\system32\drivers\CTHWIUT.SYS
13:36:33.0568 3240  CTHWIUT - ok
13:36:33.0568 3240  [ 103622BCED20E4F1BB28422AF2713763 ] CTHWIUT.SYS     C:\Windows\System32\drivers\CTHWIUT.SYS
13:36:33.0583 3240  CTHWIUT.SYS - ok
13:36:33.0583 3240  [ BD442E7C6CC3C6B601E5733D70F8DE10 ] ctprxy2k        C:\Windows\system32\drivers\ctprxy2k.sys
13:36:33.0583 3240  ctprxy2k - ok
13:36:33.0599 3240  [ 42E18F3D1C442137E37F0564D4AF1FE5 ] ctsfm2k         C:\Windows\system32\drivers\ctsfm2k.sys
13:36:33.0599 3240  ctsfm2k - ok
13:36:33.0615 3240  [ BA25D4B9B067248F7CAC416E855D706B ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
13:36:33.0615 3240  dc3d - ok
13:36:33.0630 3240  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:36:33.0646 3240  DcomLaunch - ok
13:36:33.0661 3240  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
13:36:33.0677 3240  defragsvc - ok
13:36:33.0693 3240  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:36:33.0708 3240  DfsC - ok
13:36:33.0708 3240  [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp         C:\Windows\system32\Drivers\DgiVecp.sys
13:36:33.0724 3240  DgiVecp - ok
13:36:33.0724 3240  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:36:33.0739 3240  Dhcp - ok
13:36:33.0739 3240  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
13:36:33.0771 3240  discache - ok
13:36:33.0771 3240  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:36:33.0771 3240  Disk - ok
13:36:33.0786 3240  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:36:33.0786 3240  Dnscache - ok
13:36:33.0802 3240  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:36:33.0817 3240  dot3svc - ok
13:36:33.0817 3240  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
13:36:33.0849 3240  DPS - ok
13:36:33.0849 3240  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:36:33.0864 3240  drmkaud - ok
13:36:33.0864 3240  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:36:33.0895 3240  DXGKrnl - ok
13:36:33.0895 3240  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
13:36:33.0911 3240  EapHost - ok
13:36:33.0942 3240  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
13:36:33.0973 3240  ebdrv - ok
13:36:33.0989 3240  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:36:33.0989 3240  eeCtrl - ok
13:36:34.0005 3240  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
13:36:34.0005 3240  EFS - ok
13:36:34.0020 3240  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:36:34.0036 3240  ehRecvr - ok
13:36:34.0036 3240  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
13:36:34.0051 3240  ehSched - ok
13:36:34.0051 3240  EIO64 - ok
13:36:34.0067 3240  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:36:34.0083 3240  elxstor - ok
13:36:34.0083 3240  [ A3A0790511C8303DEE122917835E2502 ] emupia          C:\Windows\system32\drivers\emupia2k.sys
13:36:34.0083 3240  emupia - ok
13:36:34.0098 3240  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:36:34.0098 3240  EraserUtilRebootDrv - ok
13:36:34.0098 3240  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:36:34.0114 3240  ErrDev - ok
13:36:34.0114 3240  [ DF2F6C1E55F6E81CFC7F688380D85816 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
13:36:34.0129 3240  EtronHub3 - ok
13:36:34.0129 3240  [ E093ABFB67A4B9D94F80611A7D0A8BB9 ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
13:36:34.0129 3240  EtronXHCI - ok
13:36:34.0145 3240  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
13:36:34.0161 3240  EventSystem - ok
13:36:34.0176 3240  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
13:36:34.0192 3240  exfat - ok
13:36:34.0192 3240  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:36:34.0223 3240  fastfat - ok
13:36:34.0239 3240  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
13:36:34.0254 3240  Fax - ok
13:36:34.0254 3240  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:36:34.0254 3240  fdc - ok
13:36:34.0270 3240  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:36:34.0285 3240  fdPHost - ok
13:36:34.0285 3240  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:36:34.0317 3240  FDResPub - ok
13:36:34.0317 3240  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:36:34.0332 3240  FileInfo - ok
13:36:34.0332 3240  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:36:34.0348 3240  Filetrace - ok
13:36:34.0348 3240  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:36:34.0363 3240  flpydisk - ok
13:36:34.0363 3240  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:36:34.0379 3240  FltMgr - ok
13:36:34.0395 3240  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
13:36:34.0410 3240  FontCache - ok
13:36:34.0410 3240  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:36:34.0426 3240  FontCache3.0.0.0 - ok
13:36:34.0426 3240  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:36:34.0441 3240  FsDepends - ok
13:36:34.0441 3240  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:36:34.0441 3240  Fs_Rec - ok
13:36:34.0457 3240  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:36:34.0457 3240  fvevol - ok
13:36:34.0473 3240  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:36:34.0473 3240  gagp30kx - ok
13:36:34.0488 3240  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
13:36:34.0519 3240  gpsvc - ok
13:36:34.0535 3240  [ 012895BB7AF4B86DE4BBE1212D9CA568 ] ha20x22k        C:\Windows\system32\drivers\ha20x22k.sys
13:36:34.0551 3240  ha20x22k - ok
13:36:34.0566 3240  [ F016406FF3A8B6419D805BFFAC454518 ] ha20x2k         C:\Windows\system32\drivers\ha20x2k.sys
13:36:34.0582 3240  ha20x2k - ok
13:36:34.0597 3240  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
13:36:34.0597 3240  hamachi - ok
13:36:34.0613 3240  [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
13:36:34.0660 3240  Hamachi2Svc - ok
13:36:34.0660 3240  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:36:34.0675 3240  hcw85cir - ok
13:36:34.0675 3240  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:36:34.0691 3240  HdAudAddService - ok
13:36:34.0691 3240  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:36:34.0707 3240  HDAudBus - ok
13:36:34.0707 3240  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:36:34.0722 3240  HidBatt - ok
13:36:34.0722 3240  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:36:34.0738 3240  HidBth - ok
13:36:34.0738 3240  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:36:34.0738 3240  HidIr - ok
13:36:34.0753 3240  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
13:36:34.0769 3240  hidserv - ok
13:36:34.0769 3240  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:36:34.0785 3240  HidUsb - ok
13:36:34.0785 3240  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:36:34.0816 3240  hkmsvc - ok
13:36:34.0816 3240  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:36:34.0831 3240  HomeGroupListener - ok
13:36:34.0831 3240  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:36:34.0847 3240  HomeGroupProvider - ok
13:36:34.0847 3240  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:36:34.0847 3240  HpSAMD - ok
13:36:34.0863 3240  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:36:34.0894 3240  HTTP - ok
13:36:34.0894 3240  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:36:34.0894 3240  hwpolicy - ok
13:36:34.0909 3240  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:36:34.0909 3240  i8042prt - ok
13:36:34.0925 3240  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:36:34.0925 3240  iaStorV - ok
13:36:34.0941 3240  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:36:34.0941 3240  IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:36:34.0941 3240  IDriverT - detected UnsignedFile.Multi.Generic (1)
13:36:34.0956 3240  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:36:34.0972 3240  idsvc - ok
13:36:34.0972 3240  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130301.002\IDSvia64.sys
13:36:34.0987 3240  IDSVia64 - ok
13:36:34.0987 3240  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:36:35.0003 3240  iirsp - ok
13:36:35.0003 3240  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:36:35.0034 3240  IKEEXT - ok
13:36:35.0050 3240  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
13:36:35.0050 3240  intelide - ok
13:36:35.0050 3240  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:36:35.0065 3240  intelppm - ok
13:36:35.0065 3240  [ A01C412699B6F21645B2885C2BAE4454 ] IOMap           C:\Windows\system32\drivers\IOMap64.sys
13:36:35.0081 3240  IOMap - ok
13:36:35.0081 3240  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:36:35.0097 3240  IPBusEnum - ok
13:36:35.0112 3240  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:36:35.0128 3240  IpFilterDriver - ok
13:36:35.0143 3240  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:36:35.0143 3240  iphlpsvc - ok
13:36:35.0159 3240  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:36:35.0159 3240  IPMIDRV - ok
13:36:35.0175 3240  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:36:35.0190 3240  IPNAT - ok
13:36:35.0190 3240  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:36:35.0206 3240  IRENUM - ok
13:36:35.0206 3240  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:36:35.0221 3240  isapnp - ok
13:36:35.0221 3240  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:36:35.0237 3240  iScsiPrt - ok
13:36:35.0237 3240  [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
13:36:35.0253 3240  k57nd60a - ok
13:36:35.0253 3240  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:36:35.0268 3240  kbdclass - ok
13:36:35.0268 3240  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:36:35.0268 3240  kbdhid - ok
13:36:35.0284 3240  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
13:36:35.0284 3240  KeyIso - ok
13:36:35.0284 3240  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:36:35.0299 3240  KSecDD - ok
13:36:35.0299 3240  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:36:35.0315 3240  KSecPkg - ok
13:36:35.0315 3240  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:36:35.0331 3240  ksthunk - ok
13:36:35.0346 3240  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:36:35.0377 3240  KtmRm - ok
13:36:35.0377 3240  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:36:35.0393 3240  LanmanServer - ok
13:36:35.0409 3240  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:36:35.0440 3240  LanmanWorkstation - ok
13:36:35.0440 3240  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:36:35.0455 3240  lltdio - ok
13:36:35.0471 3240  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:36:35.0487 3240  lltdsvc - ok
13:36:35.0502 3240  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:36:35.0518 3240  lmhosts - ok
13:36:35.0518 3240  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:36:35.0533 3240  LSI_FC - ok
13:36:35.0533 3240  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:36:35.0549 3240  LSI_SAS - ok
13:36:35.0549 3240  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:36:35.0549 3240  LSI_SAS2 - ok
13:36:35.0565 3240  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:36:35.0565 3240  LSI_SCSI - ok
13:36:35.0580 3240  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:36:35.0596 3240  luafv - ok
13:36:35.0596 3240  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:36:35.0611 3240  Mcx2Svc - ok
13:36:35.0611 3240  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
13:36:35.0627 3240  MDM ( UnsignedFile.Multi.Generic ) - warning
13:36:35.0627 3240  MDM - detected UnsignedFile.Multi.Generic (1)
13:36:35.0627 3240  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:36:35.0627 3240  megasas - ok
13:36:35.0643 3240  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:36:35.0658 3240  MegaSR - ok
13:36:35.0658 3240  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
13:36:35.0674 3240  MMCSS - ok
13:36:35.0674 3240  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
13:36:35.0705 3240  Modem - ok
13:36:35.0705 3240  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:36:35.0721 3240  monitor - ok
13:36:35.0721 3240  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:36:35.0736 3240  mouclass - ok
13:36:35.0736 3240  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:36:35.0736 3240  mouhid - ok
13:36:35.0752 3240  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:36:35.0752 3240  mountmgr - ok
13:36:35.0752 3240  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:36:35.0767 3240  mpio - ok
13:36:35.0767 3240  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:36:35.0799 3240  mpsdrv - ok
13:36:35.0799 3240  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:36:35.0830 3240  MpsSvc - ok
13:36:35.0845 3240  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:36:35.0845 3240  MRxDAV - ok
13:36:35.0861 3240  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:36:35.0861 3240  mrxsmb - ok
13:36:35.0877 3240  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:36:35.0877 3240  mrxsmb10 - ok
13:36:35.0892 3240  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:36:35.0892 3240  mrxsmb20 - ok
13:36:35.0892 3240  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:36:35.0908 3240  msahci - ok
13:36:35.0908 3240  [ 41FB1D61DF09C36CCAB0B04EEC66F6D5 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
13:36:35.0923 3240  MSCamSvc - ok
13:36:35.0923 3240  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:36:35.0939 3240  msdsm - ok
13:36:35.0939 3240  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
13:36:35.0955 3240  MSDTC - ok
13:36:35.0955 3240  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:36:35.0970 3240  Msfs - ok
13:36:35.0986 3240  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:36:36.0001 3240  mshidkmdf - ok
13:36:36.0001 3240  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:36:36.0017 3240  msisadrv - ok
13:36:36.0017 3240  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:36:36.0048 3240  MSiSCSI - ok
13:36:36.0048 3240  msiserver - ok
13:36:36.0048 3240  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:36:36.0064 3240  MSKSSRV - ok
13:36:36.0079 3240  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:36:36.0095 3240  MSPCLOCK - ok
13:36:36.0095 3240  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:36:36.0126 3240  MSPQM - ok
13:36:36.0126 3240  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:36:36.0142 3240  MsRPC - ok
13:36:36.0142 3240  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:36:36.0157 3240  mssmbios - ok
13:36:36.0157 3240  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:36:36.0173 3240  MSTEE - ok
13:36:36.0189 3240  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:36:36.0189 3240  MTConfig - ok
13:36:36.0189 3240  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:36:36.0204 3240  Mup - ok
13:36:36.0204 3240  [ 27D58494B9D6C27A3827FD9C3EF7CB63 ] mv91xxr         C:\Windows\system32\DRIVERS\mv91xxr.sys
13:36:36.0220 3240  mv91xxr - ok
13:36:36.0220 3240  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
13:36:36.0251 3240  napagent - ok
13:36:36.0251 3240  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:36:36.0267 3240  NativeWifiP - ok
13:36:36.0282 3240  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130302.016\ENG64.SYS
13:36:36.0282 3240  NAVENG - ok
13:36:36.0298 3240  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130302.016\EX64.SYS
13:36:36.0329 3240  NAVEX15 - ok
13:36:36.0345 3240  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:36:36.0360 3240  NDIS - ok
13:36:36.0360 3240  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:36:36.0391 3240  NdisCap - ok
13:36:36.0391 3240  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:36:36.0407 3240  NdisTapi - ok
13:36:36.0423 3240  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:36:36.0438 3240  Ndisuio - ok
13:36:36.0438 3240  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:36:36.0469 3240  NdisWan - ok
13:36:36.0469 3240  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:36:36.0485 3240  NDProxy - ok
13:36:36.0501 3240  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:36:36.0516 3240  NetBIOS - ok
13:36:36.0516 3240  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:36:36.0547 3240  NetBT - ok
13:36:36.0547 3240  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
13:36:36.0563 3240  Netlogon - ok
13:36:36.0563 3240  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
13:36:36.0594 3240  Netman - ok
13:36:36.0594 3240  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
13:36:36.0625 3240  netprofm - ok
13:36:36.0625 3240  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:36:36.0641 3240  NetTcpPortSharing - ok
13:36:36.0641 3240  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:36:36.0641 3240  nfrd960 - ok
13:36:36.0657 3240  [ 4BA84C832E0741A294C4444556DFE993 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
13:36:36.0657 3240  NIS - ok
13:36:36.0672 3240  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:36:36.0672 3240  NlaSvc - ok
13:36:36.0688 3240  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:36:36.0703 3240  Npfs - ok
13:36:36.0703 3240  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
13:36:36.0735 3240  nsi - ok
13:36:36.0735 3240  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:36:36.0750 3240  nsiproxy - ok
13:36:36.0766 3240  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:36:36.0797 3240  Ntfs - ok
13:36:36.0797 3240  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
13:36:36.0828 3240  Null - ok
13:36:36.0828 3240  [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
13:36:36.0844 3240  NVHDA - ok
13:36:36.0953 3240  [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:36:37.0047 3240  nvlddmkm - ok
13:36:37.0062 3240  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:36:37.0078 3240  nvraid - ok
13:36:37.0078 3240  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:36:37.0078 3240  nvstor - ok
13:36:37.0093 3240  [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc           C:\Windows\system32\nvvsvc.exe
13:36:37.0109 3240  nvsvc - ok
13:36:37.0125 3240  [ ABA5A88740635D37A2B6CEB27DBC738A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:36:37.0140 3240  nvUpdatusService - ok
13:36:37.0140 3240  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:36:37.0156 3240  nv_agp - ok
13:36:37.0171 3240  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:36:37.0171 3240  odserv - ok
13:36:37.0187 3240  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:36:37.0187 3240  ohci1394 - ok
13:36:37.0187 3240  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:36:37.0203 3240  ose - ok
13:36:37.0203 3240  [ 3395A2F150EC0F9F0A2E1ADDDECB867B ] ossrv           C:\Windows\system32\drivers\ctoss2k.sys
13:36:37.0218 3240  ossrv - ok
13:36:37.0218 3240  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:36:37.0234 3240  p2pimsvc - ok
13:36:37.0249 3240  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:36:37.0249 3240  p2psvc - ok
13:36:37.0265 3240  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:36:37.0265 3240  Parport - ok
13:36:37.0265 3240  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:36:37.0281 3240  partmgr - ok
13:36:37.0281 3240  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:36:37.0296 3240  PcaSvc - ok
13:36:37.0296 3240  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
13:36:37.0312 3240  pci - ok
13:36:37.0312 3240  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
13:36:37.0327 3240  pciide - ok
13:36:37.0327 3240  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:36:37.0343 3240  pcmcia - ok
13:36:37.0343 3240  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:36:37.0343 3240  pcw - ok
13:36:37.0359 3240  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:36:37.0390 3240  PEAUTH - ok
13:36:37.0405 3240  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:36:37.0421 3240  PeerDistSvc - ok
13:36:37.0437 3240  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:36:37.0452 3240  PerfHost - ok
13:36:37.0468 3240  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
13:36:37.0499 3240  pla - ok
13:36:37.0515 3240  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:36:37.0530 3240  PlugPlay - ok
13:36:37.0530 3240  [ AFA7A2192F0E52ACC715637227AB360F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
13:36:37.0546 3240  PMBDeviceInfoProvider - ok
13:36:37.0546 3240  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:36:37.0561 3240  PNRPAutoReg - ok
13:36:37.0561 3240  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:36:37.0577 3240  PNRPsvc - ok
13:36:37.0577 3240  [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64         C:\Windows\system32\DRIVERS\point64.sys
13:36:37.0593 3240  Point64 - ok
13:36:37.0593 3240  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:36:37.0624 3240  PolicyAgent - ok
13:36:37.0624 3240  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
13:36:37.0655 3240  Power - ok
13:36:37.0655 3240  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:36:37.0671 3240  PptpMiniport - ok
13:36:37.0686 3240  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:36:37.0686 3240  Processor - ok
13:36:37.0702 3240  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:36:37.0702 3240  ProfSvc - ok
13:36:37.0702 3240  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:36:37.0717 3240  ProtectedStorage - ok
13:36:37.0717 3240  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:36:37.0749 3240  Psched - ok
13:36:37.0764 3240  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:36:37.0780 3240  ql2300 - ok
13:36:37.0780 3240  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:36:37.0795 3240  ql40xx - ok
13:36:37.0795 3240  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
13:36:37.0811 3240  QWAVE - ok
13:36:37.0811 3240  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:36:37.0827 3240  QWAVEdrv - ok
13:36:37.0827 3240  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:36:37.0858 3240  RasAcd - ok
13:36:37.0858 3240  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:36:37.0889 3240  RasAgileVpn - ok
13:36:37.0889 3240  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
13:36:37.0905 3240  RasAuto - ok
13:36:37.0920 3240  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:36:37.0936 3240  Rasl2tp - ok
13:36:37.0936 3240  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
13:36:37.0967 3240  RasMan - ok
13:36:37.0967 3240  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:36:37.0998 3240  RasPppoe - ok
13:36:37.0998 3240  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:36:38.0029 3240  RasSstp - ok
13:36:38.0029 3240  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:36:38.0045 3240  rdbss - ok
13:36:38.0061 3240  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:36:38.0061 3240  rdpbus - ok
13:36:38.0076 3240  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:36:38.0092 3240  RDPCDD - ok
13:36:38.0092 3240  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:36:38.0107 3240  RDPDR - ok
13:36:38.0107 3240  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:36:38.0139 3240  RDPENCDD - ok
13:36:38.0139 3240  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:36:38.0154 3240  RDPREFMP - ok
13:36:38.0170 3240  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:36:38.0170 3240  RdpVideoMiniport - ok
13:36:38.0170 3240  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:36:38.0185 3240  RDPWD - ok
13:36:38.0185 3240  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:36:38.0201 3240  rdyboost - ok
13:36:38.0201 3240  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:36:38.0232 3240  RemoteAccess - ok
13:36:38.0232 3240  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:36:38.0263 3240  RemoteRegistry - ok
13:36:38.0263 3240  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:36:38.0279 3240  RpcEptMapper - ok
13:36:38.0295 3240  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
13:36:38.0295 3240  RpcLocator - ok
13:36:38.0310 3240  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
13:36:38.0326 3240  RpcSs - ok
13:36:38.0341 3240  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:36:38.0357 3240  rspndr - ok
13:36:38.0357 3240  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:36:38.0373 3240  s3cap - ok
13:36:38.0373 3240  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
13:36:38.0373 3240  SamSs - ok
13:36:38.0388 3240  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:36:38.0388 3240  sbp2port - ok
13:36:38.0404 3240  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:36:38.0419 3240  SCardSvr - ok
13:36:38.0419 3240  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:36:38.0451 3240  scfilter - ok
13:36:38.0451 3240  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
13:36:38.0482 3240  Schedule - ok
13:36:38.0497 3240  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:36:38.0513 3240  SCPolicySvc - ok
13:36:38.0513 3240  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:36:38.0529 3240  SDRSVC - ok
13:36:38.0529 3240  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:36:38.0560 3240  secdrv - ok
13:36:38.0560 3240  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
13:36:38.0575 3240  seclogon - ok
13:36:38.0591 3240  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
13:36:38.0607 3240  SENS - ok
13:36:38.0607 3240  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:36:38.0622 3240  SensrSvc - ok
13:36:38.0622 3240  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:36:38.0638 3240  Serenum - ok
13:36:38.0638 3240  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:36:38.0638 3240  Serial - ok
13:36:38.0653 3240  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:36:38.0653 3240  sermouse - ok
13:36:38.0669 3240  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:36:38.0685 3240  SessionEnv - ok
13:36:38.0685 3240  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:36:38.0700 3240  sffdisk - ok
13:36:38.0700 3240  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:36:38.0716 3240  sffp_mmc - ok
13:36:38.0716 3240  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:36:38.0731 3240  sffp_sd - ok
13:36:38.0731 3240  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:36:38.0747 3240  sfloppy - ok
13:36:38.0747 3240  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:36:38.0778 3240  SharedAccess - ok
13:36:38.0778 3240  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:36:38.0809 3240  ShellHWDetection - ok
13:36:38.0809 3240  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:36:38.0825 3240  SiSRaid2 - ok
13:36:38.0825 3240  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:36:38.0825 3240  SiSRaid4 - ok
13:36:38.0841 3240  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:36:38.0856 3240  Smb - ok
13:36:38.0856 3240  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:36:38.0872 3240  SNMPTRAP - ok
13:36:38.0872 3240  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:36:38.0887 3240  spldr - ok
13:36:38.0887 3240  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
13:36:38.0903 3240  Spooler - ok
13:36:38.0934 3240  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
13:36:38.0981 3240  sppsvc - ok
13:36:38.0997 3240  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:36:39.0012 3240  sppuinotify - ok
13:36:39.0028 3240  [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP           C:\Windows\System32\Drivers\NISx64\1402010.016\SRTSP64.SYS
13:36:39.0043 3240  SRTSP - ok
13:36:39.0043 3240  [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX          C:\Windows\system32\drivers\NISx64\1402010.016\SRTSPX64.SYS
13:36:39.0043 3240  SRTSPX - ok
13:36:39.0059 3240  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:36:39.0075 3240  srv - ok
13:36:39.0075 3240  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:36:39.0090 3240  srv2 - ok
13:36:39.0090 3240  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:36:39.0106 3240  srvnet - ok
13:36:39.0106 3240  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:36:39.0137 3240  SSDPSRV - ok
13:36:39.0137 3240  SSPORT - ok
13:36:39.0137 3240  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:36:39.0168 3240  SstpSvc - ok
13:36:39.0168 3240  ssudmdm - ok
13:36:39.0168 3240  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:36:39.0168 3240  stexstor - ok
13:36:39.0184 3240  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:36:39.0199 3240  stisvc - ok
13:36:39.0199 3240  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:36:39.0215 3240  storflt - ok
13:36:39.0215 3240  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:36:39.0215 3240  storvsc - ok
13:36:39.0231 3240  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:36:39.0231 3240  swenum - ok
13:36:39.0246 3240  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
13:36:39.0262 3240  swprv - ok
13:36:39.0277 3240  [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS           C:\Windows\system32\drivers\NISx64\1402010.016\SYMDS64.SYS
13:36:39.0293 3240  SymDS - ok
13:36:39.0293 3240  [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA          C:\Windows\system32\drivers\NISx64\1402010.016\SYMEFA64.SYS
13:36:39.0324 3240  SymEFA - ok
13:36:39.0324 3240  [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:36:39.0324 3240  SymEvent - ok
13:36:39.0340 3240  [ BFD99DC6C7FEB2F8B20D488FDF3A9A55 ] SymIM           C:\Windows\system32\DRIVERS\SymIMv.sys
13:36:39.0340 3240  SymIM - ok
13:36:39.0340 3240  [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON         C:\Windows\system32\drivers\NISx64\1402010.016\Ironx64.SYS
13:36:39.0355 3240  SymIRON - ok
13:36:39.0355 3240  [ 1605EBD8CB86AFC4430116065995279A ] SymNetS         C:\Windows\System32\Drivers\NISx64\1402010.016\SYMNETS.SYS
13:36:39.0371 3240  SymNetS - ok
13:36:39.0371 3240  Synth3dVsc - ok
13:36:39.0387 3240  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
13:36:39.0418 3240  SysMain - ok
13:36:39.0418 3240  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:36:39.0433 3240  TabletInputService - ok
13:36:39.0449 3240  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:36:39.0465 3240  TapiSrv - ok
13:36:39.0465 3240  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
13:36:39.0496 3240  TBS - ok
13:36:39.0511 3240  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:36:39.0543 3240  Tcpip - ok
13:36:39.0558 3240  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:36:39.0589 3240  TCPIP6 - ok
13:36:39.0589 3240  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:36:39.0605 3240  tcpipreg - ok
13:36:39.0605 3240  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:36:39.0605 3240  TDPIPE - ok
13:36:39.0621 3240  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:36:39.0621 3240  TDTCP - ok
13:36:39.0621 3240  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:36:39.0652 3240  tdx - ok
13:36:39.0652 3240  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:36:39.0667 3240  TermDD - ok
13:36:39.0667 3240  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
13:36:39.0699 3240  TermService - ok
13:36:39.0699 3240  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
13:36:39.0714 3240  Themes - ok
13:36:39.0714 3240  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
13:36:39.0745 3240  THREADORDER - ok
13:36:39.0745 3240  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
13:36:39.0761 3240  TrkWks - ok
13:36:39.0777 3240  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:36:39.0792 3240  TrustedInstaller - ok
13:36:39.0792 3240  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:36:39.0823 3240  tssecsrv - ok
13:36:39.0823 3240  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:36:39.0839 3240  TsUsbFlt - ok
13:36:39.0839 3240  tsusbhub - ok
13:36:39.0839 3240  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:36:39.0870 3240  tunnel - ok
13:36:39.0870 3240  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:36:39.0870 3240  uagp35 - ok
13:36:39.0886 3240  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:36:39.0901 3240  udfs - ok
13:36:39.0917 3240  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:36:39.0917 3240  UI0Detect - ok
13:36:39.0917 3240  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:36:39.0933 3240  uliagpkx - ok
13:36:39.0933 3240  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:36:39.0948 3240  umbus - ok
13:36:39.0948 3240  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:36:39.0964 3240  UmPass - ok
13:36:39.0964 3240  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
13:36:39.0979 3240  UmRdpService - ok
13:36:39.0979 3240  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
13:36:40.0011 3240  upnphost - ok
13:36:40.0011 3240  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:36:40.0026 3240  usbaudio - ok
13:36:40.0026 3240  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:36:40.0026 3240  usbccgp - ok
13:36:40.0042 3240  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:36:40.0042 3240  usbcir - ok
13:36:40.0057 3240  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:36:40.0057 3240  usbehci - ok
13:36:40.0057 3240  [ 33A58C5630200E17B51C8D73DD64181B ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
13:36:40.0073 3240  usbfilter - ok
13:36:40.0073 3240  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:36:40.0089 3240  usbhub - ok
13:36:40.0089 3240  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
13:36:40.0104 3240  usbohci - ok
13:36:40.0104 3240  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:36:40.0120 3240  usbprint - ok
13:36:40.0120 3240  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:36:40.0120 3240  USBSTOR - ok
13:36:40.0135 3240  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:36:40.0135 3240  usbuhci - ok
13:36:40.0151 3240  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:36:40.0151 3240  usbvideo - ok
13:36:40.0151 3240  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
13:36:40.0182 3240  UxSms - ok
13:36:40.0182 3240  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:36:40.0198 3240  VaultSvc - ok
13:36:40.0198 3240  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:36:40.0198 3240  vdrvroot - ok
13:36:40.0213 3240  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
13:36:40.0245 3240  vds - ok
13:36:40.0245 3240  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:36:40.0245 3240  vga - ok
13:36:40.0260 3240  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:36:40.0276 3240  VgaSave - ok
13:36:40.0276 3240  VGPU - ok
13:36:40.0291 3240  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:36:40.0291 3240  vhdmp - ok
13:36:40.0291 3240  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:36:40.0307 3240  viaide - ok
13:36:40.0307 3240  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:36:40.0323 3240  vmbus - ok
13:36:40.0323 3240  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:36:40.0338 3240  VMBusHID - ok
13:36:40.0338 3240  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:36:40.0338 3240  volmgr - ok
13:36:40.0354 3240  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:36:40.0369 3240  volmgrx - ok
13:36:40.0369 3240  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:36:40.0385 3240  volsnap - ok
13:36:40.0385 3240  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:36:40.0385 3240  vsmraid - ok
13:36:40.0401 3240  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
13:36:40.0447 3240  VSS - ok
13:36:40.0447 3240  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:36:40.0463 3240  vwifibus - ok
13:36:40.0463 3240  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
13:36:40.0494 3240  W32Time - ok
13:36:40.0494 3240  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:36:40.0510 3240  WacomPen - ok
13:36:40.0510 3240  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:36:40.0525 3240  WANARP - ok
13:36:40.0541 3240  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:36:40.0557 3240  Wanarpv6 - ok
13:36:40.0572 3240  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
13:36:40.0603 3240  wbengine - ok
13:36:40.0603 3240  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:36:40.0619 3240  WbioSrvc - ok
13:36:40.0619 3240  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:36:40.0635 3240  wcncsvc - ok
13:36:40.0635 3240  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:36:40.0650 3240  WcsPlugInService - ok
13:36:40.0650 3240  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:36:40.0666 3240  Wd - ok
13:36:40.0666 3240  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:36:40.0697 3240  Wdf01000 - ok
13:36:40.0697 3240  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:36:40.0728 3240  WdiServiceHost - ok
13:36:40.0728 3240  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:36:40.0744 3240  WdiSystemHost - ok
13:36:40.0744 3240  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
13:36:40.0759 3240  WebClient - ok
13:36:40.0759 3240  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:36:40.0791 3240  Wecsvc - ok
13:36:40.0791 3240  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:36:40.0806 3240  wercplsupport - ok
13:36:40.0822 3240  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:36:40.0837 3240  WerSvc - ok
13:36:40.0837 3240  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:36:40.0869 3240  WfpLwf - ok
13:36:40.0869 3240  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:36:40.0884 3240  WIMMount - ok
13:36:40.0884 3240  WinDefend - ok
13:36:40.0884 3240  WinHttpAutoProxySvc - ok
13:36:40.0884 3240  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:36:40.0915 3240  Winmgmt - ok
13:36:40.0931 3240  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
13:36:40.0978 3240  WinRM - ok
13:36:40.0978 3240  [ FE88B288356E7B47B74B13372ADD906D ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
13:36:40.0993 3240  winusb - ok
13:36:41.0009 3240  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:36:41.0025 3240  Wlansvc - ok
13:36:41.0025 3240  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:36:41.0040 3240  WmiAcpi - ok
13:36:41.0040 3240  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:36:41.0056 3240  wmiApSrv - ok
13:36:41.0056 3240  WMPNetworkSvc - ok
13:36:41.0056 3240  [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm      C:\Program Files\Zune\WMZuneComm.exe
13:36:41.0071 3240  WMZuneComm - ok
13:36:41.0071 3240  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:36:41.0087 3240  WPCSvc - ok
13:36:41.0087 3240  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:36:41.0103 3240  WPDBusEnum - ok
13:36:41.0103 3240  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:36:41.0134 3240  ws2ifsl - ok
13:36:41.0134 3240  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
13:36:41.0149 3240  wscsvc - ok
13:36:41.0149 3240  WSearch - ok
13:36:41.0165 3240  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:36:41.0196 3240  wuauserv - ok
13:36:41.0212 3240  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:36:41.0212 3240  WudfPf - ok
13:36:41.0227 3240  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:36:41.0227 3240  WUDFRd - ok
13:36:41.0227 3240  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:36:41.0243 3240  wudfsvc - ok
13:36:41.0243 3240  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:36:41.0259 3240  WwanSvc - ok
13:36:41.0321 3240  [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc  C:\Program Files\Zune\ZuneNss.exe
13:36:41.0430 3240  ZuneNetworkSvc - ok
13:36:41.0430 3240  [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc  C:\Program Files\Zune\ZuneWlanCfgSvc.exe
13:36:41.0446 3240  ZuneWlanCfgSvc - ok
13:36:41.0446 3240  ================ Scan global ===============================
13:36:41.0461 3240  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:36:41.0461 3240  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:36:41.0461 3240  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:36:41.0461 3240  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:36:41.0477 3240  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:36:41.0477 3240  [Global] - ok
13:36:41.0477 3240  ================ Scan MBR ==================================
13:36:41.0477 3240  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk4\DR4
13:36:41.0571 3240  \Device\Harddisk4\DR4 - ok
13:36:41.0586 3240  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:36:41.0680 3240  \Device\Harddisk0\DR0 - ok
13:36:41.0680 3240  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:36:41.0695 3240  \Device\Harddisk1\DR1 - ok
13:36:41.0695 3240  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
13:36:41.0758 3240  \Device\Harddisk2\DR2 - ok
13:36:41.0758 3240  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
13:36:41.0836 3240  \Device\Harddisk3\DR3 - ok
13:36:41.0836 3240  ================ Scan VBR ==================================
13:36:41.0851 3240  [ B6B0F08CA933B29DAC898DC658AA93C0 ] \Device\Harddisk4\DR4\Partition1
13:36:41.0851 3240  \Device\Harddisk4\DR4\Partition1 - ok
13:36:41.0851 3240  [ C1F8134F57B261915C64B9A884F86C76 ] \Device\Harddisk0\DR0\Partition1
13:36:41.0851 3240  \Device\Harddisk0\DR0\Partition1 - ok
13:36:41.0867 3240  [ 3A62C0AAD8A4CA4B3076122119A119DA ] \Device\Harddisk0\DR0\Partition2
13:36:41.0867 3240  \Device\Harddisk0\DR0\Partition2 - ok
13:36:41.0883 3240  [ 2213847F1CB9B58B47184CA16A5E2DA3 ] \Device\Harddisk1\DR1\Partition1
13:36:41.0883 3240  \Device\Harddisk1\DR1\Partition1 - ok
13:36:41.0883 3240  [ 2033E8EE2B9A94076E8AA112E86B260C ] \Device\Harddisk2\DR2\Partition1
13:36:41.0883 3240  \Device\Harddisk2\DR2\Partition1 - ok
13:36:41.0883 3240  [ D513C9EDB31C95C7A60C8DEA03895B83 ] \Device\Harddisk3\DR3\Partition1
13:36:41.0883 3240  \Device\Harddisk3\DR3\Partition1 - ok
13:36:41.0883 3240  ============================================================
13:36:41.0883 3240  Scan finished
13:36:41.0883 3240  ============================================================
13:36:41.0898 2012  Detected object count: 5
13:36:41.0898 2012  Actual detected object count: 5
13:36:56.0640 2012  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:36:56.0640 2012  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:36:56.0640 2012  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:36:56.0656 2012  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:36:56.0656 2012  CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
13:36:56.0656 2012  CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:36:56.0656 2012  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:36:56.0656 2012  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:36:56.0656 2012  MDM ( UnsignedFile.Multi.Generic ) - skipped by user
13:36:56.0656 2012  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:36:59.0339 3944  Deinitialize success

Log asw MBR:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-04 13:38:44
-----------------------------
13:38:44.624    OS Version: Windows x64 6.1.7601 Service Pack 1
13:38:44.624    Number of processors: 6 586 0xA00
13:38:44.624    ComputerName: STEFAN-PC  UserName: Stefan
13:38:44.780    Initialize success
13:38:55.902    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
13:38:55.902    Disk 0 Vendor: OCZ-VERTEX4 1.5 Size: 122104MB BusType: 11
13:38:55.902    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
13:38:55.918    Disk 1 Vendor: OCZ-VERTEX3 2.25 Size: 57241MB BusType: 11
13:38:55.918    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP6T0L0-6
13:38:55.918    Disk 2 Vendor: WDC_WD2002FAEX-007BA0 05.01D05 Size: 1907729MB BusType: 11
13:38:55.934    Disk 3  \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP7T0L0-7
13:38:55.934    Disk 3 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 11
13:38:55.949    Disk 4  \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP1T0L0-1
13:38:55.949    Disk 4 Vendor: ST3320613AS CC2H Size: 305245MB BusType: 11
13:38:55.949    Disk 0 MBR read successfully
13:38:55.949    Disk 0 MBR scan
13:38:55.949    Disk 0 Windows 7 default MBR code
13:38:55.965    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:38:55.965    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       122002 MB offset 208896
13:38:55.965    Disk 0 scanning C:\Windows\system32\drivers
13:38:56.854    Service scanning
13:38:58.991    Modules scanning
13:38:59.007    Disk 0 trace - called modules:
13:38:59.007    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
13:38:59.022    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800de57060]
13:38:59.038    3 CLASSPNP.SYS[fffff88001b4643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800dbff680]
13:38:59.038    Scan finished successfully
13:39:59.192    Disk 0 MBR has been saved successfully to "C:\Users\Stefan\Desktop\MBR.dat"
13:39:59.207    The log file has been saved successfully to "C:\Users\Stefan\Desktop\aswMBR.txt"

cosinus · 04.03.2013, 13:53

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Scharby · 04.03.2013, 20:01

Log Combofix

Code:

ATTFilter

ComboFix 13-03-04.01 - Stefan 04.03.2013  19:54:31.2.6 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.16373.14225 [GMT 1:00]
ausgeführt von:: c:\users\Stefan\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-04 bis 2013-03-04  ))))))))))))))))))))))))))))))
.
.
2013-03-04 18:57 . 2013-03-04 18:57	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-04 18:57 . 2013-03-04 18:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-04 17:27 . 2013-03-04 17:27	--------	d-----w-	c:\users\Stefan\AppData\Local\ElevatedDiagnostics
2013-03-03 19:30 . 2013-03-03 19:30	--------	d-----w-	c:\programdata\boost_interprocess
2013-02-27 19:59 . 2013-02-17 00:40	28672	----a-w-	c:\windows\system32\IEUDINIT.EXE
2013-02-27 19:50 . 2013-02-27 19:50	15846768	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-02-26 05:40 . 2013-02-10 03:25	963776	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-02-26 05:33 . 2013-02-26 05:33	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-02-26 05:29 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-26 05:29 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-26 05:29 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-26 05:29 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-26 05:29 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-26 05:29 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-26 05:29 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-26 05:29 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-26 05:29 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-26 05:29 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-26 05:29 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-26 05:29 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 19:53 . 2012-05-23 21:57	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 19:53 . 2012-05-23 21:57	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-26 18:48 . 2012-11-20 12:37	466520	----a-w-	c:\windows\system32\wrap_oal.dll
2013-02-26 18:47 . 2012-11-20 12:37	445016	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2013-02-26 18:47 . 2012-11-20 12:37	123480	----a-w-	c:\windows\system32\OpenAL32.dll
2013-02-26 18:47 . 2012-11-20 12:37	109144	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2013-02-26 05:32 . 2012-05-23 21:50	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-10 03:25 . 2012-10-10 20:23	2854344	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-10 03:25 . 2012-10-10 20:23	1114144	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-02-10 03:25 . 2012-10-10 20:23	15275744	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-10 01:04 . 2012-11-18 18:01	6393120	----a-w-	c:\windows\system32\nvcpl.dll
2013-02-10 01:04 . 2012-11-18 18:01	3472672	----a-w-	c:\windows\system32\nvsvc64.dll
2013-02-10 01:04 . 2012-11-18 18:01	877856	----a-w-	c:\windows\system32\nvvsvc.exe
2013-02-10 01:04 . 2012-11-18 18:01	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-02-10 01:04 . 2012-11-18 18:01	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-02-10 01:04 . 2012-11-18 18:01	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-02-09 13:25 . 2012-11-18 18:01	3035306	----a-w-	c:\windows\system32\nvcoproc.bin
2013-01-21 10:12 . 2013-01-21 10:12	2177664	----a-w-	c:\windows\system32\coin93.dll
2013-01-04 04:43 . 2013-02-26 05:29	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-29 10:34 . 2012-07-07 11:41	1813432	----a-w-	c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2012-07-07 11:41	1504696	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-12-18 19:37 . 2012-12-18 19:37	2014128	----a-w-	c:\windows\system32\drivers\ct20xflt.sys
2012-12-18 19:36 . 2012-12-18 19:36	18864	----a-w-	c:\windows\system32\drivers\pfmodnt.sys
2012-12-18 19:36 . 2012-12-18 19:36	1617328	----a-w-	c:\windows\system32\drivers\ha20x22k.sys
2012-12-18 19:36 . 2012-12-18 19:36	1572272	----a-w-	c:\windows\system32\drivers\ha20x2k.sys
2012-12-18 19:36 . 2012-12-18 19:36	120752	----a-w-	c:\windows\system32\drivers\emupia2k.sys
2012-12-18 19:36 . 2012-12-18 19:36	215472	----a-w-	c:\windows\system32\drivers\ctsfm2k.sys
2012-12-18 19:36 . 2012-12-18 19:36	18352	----a-w-	c:\windows\system32\drivers\ctprxy2k.sys
2012-12-18 19:35 . 2012-12-18 19:35	181680	----a-w-	c:\windows\system32\drivers\ctoss2k.sys
2012-12-18 19:35 . 2012-12-18 19:35	703152	----a-w-	c:\windows\system32\drivers\ctaud2k.sys
2012-12-18 19:35 . 2012-12-18 19:35	583088	----a-w-	c:\windows\system32\drivers\ctac32k.sys
2012-12-18 19:35 . 2012-12-18 19:35	1448368	----a-w-	c:\windows\system32\drivers\CTEXFIFX.sys
2012-12-18 19:35 . 2012-12-18 19:35	97712	----a-w-	c:\windows\system32\drivers\CTHWIUT.sys
2012-12-18 19:34 . 2012-12-18 19:34	232880	----a-w-	c:\windows\system32\drivers\CT20XUT.sys
2012-12-18 19:24 . 2012-12-18 19:24	218112	----a-w-	c:\windows\system32\ctdvinst.dll
2012-12-18 19:24 . 2012-12-18 19:24	73728	----a-w-	c:\windows\system32\ctcoinst.dll
2012-12-18 19:02 . 2012-12-18 19:02	55808	----a-w-	c:\windows\system32\ctasio64.dll
2012-12-18 19:02 . 2012-12-18 19:02	67584	----a-w-	c:\windows\system32\ctdpxy64.dll
2012-12-18 18:56 . 2012-12-18 18:56	89088	----a-w-	c:\windows\system32\ctosur64.dll
2012-12-18 18:56 . 2012-12-18 18:56	18432	----a-w-	c:\windows\system32\regplib.exe
2012-12-18 17:34 . 2012-12-18 17:34	14336	----a-w-	c:\windows\SysWow64\a3d.dll
2012-12-18 17:33 . 2012-12-18 17:33	13312	----a-w-	c:\windows\SysWow64\ac3api.dll
2012-12-18 17:32 . 2012-12-18 17:32	2560	----a-w-	c:\windows\SysWow64\CtxfiRes.dll
2012-12-18 17:32 . 2012-12-18 17:32	2560	----a-w-	c:\windows\system32\CtxfiRes.dll
2012-12-18 17:32 . 2012-12-18 17:32	42496	----a-w-	c:\windows\SysWow64\CTxfiBtn.dll
2012-12-18 17:32 . 2012-12-18 17:32	39424	----a-w-	c:\windows\SysWow64\CTxfiSpk.dll
2012-12-18 17:32 . 2012-12-18 17:32	24576	----a-w-	c:\windows\SysWow64\Ctxfihlp.exe
2012-12-18 17:25 . 2012-12-18 17:25	47104	----a-w-	c:\windows\SysWow64\CTxfiReg.exe
2012-12-18 17:25 . 2012-12-18 17:25	15360	----a-w-	c:\windows\SysWow64\Ct20xspi.dll
2012-12-18 17:25 . 2012-12-18 17:25	1268224	----a-w-	c:\windows\SysWow64\CTxfispi.exe
2012-12-18 17:16 . 2012-12-18 17:16	384647	----a-w-	c:\windows\system32\SET341B.tmp
2012-12-18 17:16 . 2012-12-18 17:16	384647	----a-w-	c:\windows\system32\SET1795.tmp
2012-12-18 17:14 . 2012-12-18 17:14	201216	----a-w-	c:\windows\SysWow64\ctemupia.dll
2012-12-18 17:07 . 2012-12-18 17:07	193024	----a-w-	c:\windows\SysWow64\ct_oal.dll
2012-12-18 17:07 . 2012-12-18 17:07	51712	----a-w-	c:\windows\SysWow64\ctasio.dll
2012-12-18 17:07 . 2012-12-18 17:07	61952	----a-w-	c:\windows\SysWow64\ctdproxy.dll
2012-12-18 17:06 . 2012-12-18 17:06	74240	----a-w-	c:\windows\SysWow64\ctosuser.dll
2012-12-18 17:06 . 2012-12-18 17:06	10240	----a-w-	c:\windows\SysWow64\sfman32.dll
2012-12-18 17:06 . 2012-12-18 17:06	137216	----a-w-	c:\windows\SysWow64\sfms32.dll
2012-12-18 17:06 . 2012-12-18 17:06	80896	----a-w-	c:\windows\SysWow64\piaproxy.dll
2012-12-18 17:00 . 2012-12-18 17:00	7680	----a-w-	c:\windows\SysWow64\enlocstr.exe
2012-12-18 16:59 . 2012-12-18 16:59	12800	----a-w-	c:\windows\SysWow64\killapps.exe
2012-12-18 16:59 . 2012-12-18 16:59	36864	----a-w-	c:\windows\SysWow64\devreg.dll
2012-12-18 08:31 . 2012-11-18 18:00	1510328	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2012-12-16 17:11 . 2012-12-20 18:59	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-20 18:59	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-20 18:59	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-20 18:59	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-14 15:49 . 2012-05-24 20:25	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 09:48	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 09:48	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 09:48	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 09:48	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 09:48	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 09:48	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 09:48	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 09:48	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 09:48	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 09:48	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 09:48	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 09:48	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 09:48	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 09:48	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 09:48	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 09:48	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 09:48	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 09:48	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 09:48	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 09:48	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 09:48	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 09:48	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 09:48	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 09:48	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 09:48	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 09:48	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 09:48	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 09:48	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 09:48	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 09:48	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 09:48	55296	----a-w-	c:\windows\SysWow64\cero.rs
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTxfiHlp"="CTXFIHLP.EXE" [2012-12-18 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 AsrHidFilter;AsrHidFilter;c:\windows\system32\DRIVERS\AsrHidFilter.sys [2011-02-17 17928]
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 ALSysIO;ALSysIO;c:\users\Stefan\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-11-20 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-11-20 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2012-12-18 232880]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2012-12-18 1448368]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2012-12-18 97712]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]
R3 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-09-25 474208]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 mv91xxr;mv91xxr;c:\windows\system32\DRIVERS\mv91xxr.sys [2010-10-21 302120]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1402010.016\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1402010.016\SYMEFA64.SYS [2012-10-04 1133216]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1402010.016\ccSetx64.sys [2012-08-20 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130301.002\IDSvia64.sys [2013-02-23 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1402010.016\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1402010.016\SYMNETS.SYS [2012-09-07 432800]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 143928]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2012-12-18 232880]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2012-12-18 1448368]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2012-12-18 97712]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-26 75904]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-14 138912]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2012-12-18 1617328]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-12-13 56448]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 19:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{C9A435EE-1A0E-423C-A756-A212F134C057}: NameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\i4e8hmx0.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Fatal1tySTU - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-04  19:58:30
ComboFix-quarantined-files.txt  2013-03-04 18:58
.
Vor Suchlauf: 12 Verzeichnis(se), 90.460.688.384 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 90.155.003.904 Bytes frei
.
- - End Of File - - 1DD3DBE9F18876121F5E0801A76D7118

cosinus · 04.03.2013, 20:08

Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
Folder::
c:\programdata\boost_interprocess

File::
c:\windows\system32\IEUDINIT.EXE
         
Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.
Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Scharby · 04.03.2013, 20:28

Hier das Combofix Log:

Code:

ATTFilter

ComboFix 13-03-04.01 - Stefan 04.03.2013  20:19:13.3.6 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.16373.14149 [GMT 1:00]
ausgeführt von:: c:\users\Stefan\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Stefan\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\IEUDINIT.EXE"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess
c:\windows\system32\IEUDINIT.EXE
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-04 bis 2013-03-04  ))))))))))))))))))))))))))))))
.
.
2013-03-04 19:22 . 2013-03-04 19:22	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-04 19:22 . 2013-03-04 19:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-04 17:27 . 2013-03-04 17:27	--------	d-----w-	c:\users\Stefan\AppData\Local\ElevatedDiagnostics
2013-02-27 19:50 . 2013-02-27 19:50	15846768	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-02-26 05:40 . 2013-02-10 03:25	963776	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-02-26 05:33 . 2013-02-26 05:33	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-02-26 05:29 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-26 05:29 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-26 05:29 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-26 05:29 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-26 05:29 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-26 05:29 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-26 05:29 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-26 05:29 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-26 05:29 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-26 05:29 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-26 05:29 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-26 05:29 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 19:53 . 2012-05-23 21:57	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 19:53 . 2012-05-23 21:57	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-26 18:48 . 2012-11-20 12:37	466520	----a-w-	c:\windows\system32\wrap_oal.dll
2013-02-26 18:47 . 2012-11-20 12:37	445016	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2013-02-26 18:47 . 2012-11-20 12:37	123480	----a-w-	c:\windows\system32\OpenAL32.dll
2013-02-26 18:47 . 2012-11-20 12:37	109144	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2013-02-26 05:32 . 2012-05-23 21:50	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-10 03:25 . 2012-10-10 20:23	2854344	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-10 03:25 . 2012-10-10 20:23	1114144	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-02-10 03:25 . 2012-10-10 20:23	15275744	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-10 01:04 . 2012-11-18 18:01	6393120	----a-w-	c:\windows\system32\nvcpl.dll
2013-02-10 01:04 . 2012-11-18 18:01	3472672	----a-w-	c:\windows\system32\nvsvc64.dll
2013-02-10 01:04 . 2012-11-18 18:01	877856	----a-w-	c:\windows\system32\nvvsvc.exe
2013-02-10 01:04 . 2012-11-18 18:01	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-02-10 01:04 . 2012-11-18 18:01	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-02-10 01:04 . 2012-11-18 18:01	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-02-09 13:25 . 2012-11-18 18:01	3035306	----a-w-	c:\windows\system32\nvcoproc.bin
2013-01-21 10:12 . 2013-01-21 10:12	2177664	----a-w-	c:\windows\system32\coin93.dll
2013-01-04 04:43 . 2013-02-26 05:29	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-29 10:34 . 2012-07-07 11:41	1813432	----a-w-	c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2012-07-07 11:41	1504696	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-12-18 19:37 . 2012-12-18 19:37	2014128	----a-w-	c:\windows\system32\drivers\ct20xflt.sys
2012-12-18 19:36 . 2012-12-18 19:36	18864	----a-w-	c:\windows\system32\drivers\pfmodnt.sys
2012-12-18 19:36 . 2012-12-18 19:36	1617328	----a-w-	c:\windows\system32\drivers\ha20x22k.sys
2012-12-18 19:36 . 2012-12-18 19:36	1572272	----a-w-	c:\windows\system32\drivers\ha20x2k.sys
2012-12-18 19:36 . 2012-12-18 19:36	120752	----a-w-	c:\windows\system32\drivers\emupia2k.sys
2012-12-18 19:36 . 2012-12-18 19:36	215472	----a-w-	c:\windows\system32\drivers\ctsfm2k.sys
2012-12-18 19:36 . 2012-12-18 19:36	18352	----a-w-	c:\windows\system32\drivers\ctprxy2k.sys
2012-12-18 19:35 . 2012-12-18 19:35	181680	----a-w-	c:\windows\system32\drivers\ctoss2k.sys
2012-12-18 19:35 . 2012-12-18 19:35	703152	----a-w-	c:\windows\system32\drivers\ctaud2k.sys
2012-12-18 19:35 . 2012-12-18 19:35	583088	----a-w-	c:\windows\system32\drivers\ctac32k.sys
2012-12-18 19:35 . 2012-12-18 19:35	1448368	----a-w-	c:\windows\system32\drivers\CTEXFIFX.sys
2012-12-18 19:35 . 2012-12-18 19:35	97712	----a-w-	c:\windows\system32\drivers\CTHWIUT.sys
2012-12-18 19:34 . 2012-12-18 19:34	232880	----a-w-	c:\windows\system32\drivers\CT20XUT.sys
2012-12-18 19:24 . 2012-12-18 19:24	218112	----a-w-	c:\windows\system32\ctdvinst.dll
2012-12-18 19:24 . 2012-12-18 19:24	73728	----a-w-	c:\windows\system32\ctcoinst.dll
2012-12-18 19:02 . 2012-12-18 19:02	55808	----a-w-	c:\windows\system32\ctasio64.dll
2012-12-18 19:02 . 2012-12-18 19:02	67584	----a-w-	c:\windows\system32\ctdpxy64.dll
2012-12-18 18:56 . 2012-12-18 18:56	89088	----a-w-	c:\windows\system32\ctosur64.dll
2012-12-18 18:56 . 2012-12-18 18:56	18432	----a-w-	c:\windows\system32\regplib.exe
2012-12-18 17:34 . 2012-12-18 17:34	14336	----a-w-	c:\windows\SysWow64\a3d.dll
2012-12-18 17:33 . 2012-12-18 17:33	13312	----a-w-	c:\windows\SysWow64\ac3api.dll
2012-12-18 17:32 . 2012-12-18 17:32	2560	----a-w-	c:\windows\SysWow64\CtxfiRes.dll
2012-12-18 17:32 . 2012-12-18 17:32	2560	----a-w-	c:\windows\system32\CtxfiRes.dll
2012-12-18 17:32 . 2012-12-18 17:32	42496	----a-w-	c:\windows\SysWow64\CTxfiBtn.dll
2012-12-18 17:32 . 2012-12-18 17:32	39424	----a-w-	c:\windows\SysWow64\CTxfiSpk.dll
2012-12-18 17:32 . 2012-12-18 17:32	24576	----a-w-	c:\windows\SysWow64\Ctxfihlp.exe
2012-12-18 17:25 . 2012-12-18 17:25	47104	----a-w-	c:\windows\SysWow64\CTxfiReg.exe
2012-12-18 17:25 . 2012-12-18 17:25	15360	----a-w-	c:\windows\SysWow64\Ct20xspi.dll
2012-12-18 17:25 . 2012-12-18 17:25	1268224	----a-w-	c:\windows\SysWow64\CTxfispi.exe
2012-12-18 17:16 . 2012-12-18 17:16	384647	----a-w-	c:\windows\system32\SET341B.tmp
2012-12-18 17:16 . 2012-12-18 17:16	384647	----a-w-	c:\windows\system32\SET1795.tmp
2012-12-18 17:14 . 2012-12-18 17:14	201216	----a-w-	c:\windows\SysWow64\ctemupia.dll
2012-12-18 17:07 . 2012-12-18 17:07	193024	----a-w-	c:\windows\SysWow64\ct_oal.dll
2012-12-18 17:07 . 2012-12-18 17:07	51712	----a-w-	c:\windows\SysWow64\ctasio.dll
2012-12-18 17:07 . 2012-12-18 17:07	61952	----a-w-	c:\windows\SysWow64\ctdproxy.dll
2012-12-18 17:06 . 2012-12-18 17:06	74240	----a-w-	c:\windows\SysWow64\ctosuser.dll
2012-12-18 17:06 . 2012-12-18 17:06	10240	----a-w-	c:\windows\SysWow64\sfman32.dll
2012-12-18 17:06 . 2012-12-18 17:06	137216	----a-w-	c:\windows\SysWow64\sfms32.dll
2012-12-18 17:06 . 2012-12-18 17:06	80896	----a-w-	c:\windows\SysWow64\piaproxy.dll
2012-12-18 17:00 . 2012-12-18 17:00	7680	----a-w-	c:\windows\SysWow64\enlocstr.exe
2012-12-18 16:59 . 2012-12-18 16:59	12800	----a-w-	c:\windows\SysWow64\killapps.exe
2012-12-18 16:59 . 2012-12-18 16:59	36864	----a-w-	c:\windows\SysWow64\devreg.dll
2012-12-18 08:31 . 2012-11-18 18:00	1510328	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2012-12-16 17:11 . 2012-12-20 18:59	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-20 18:59	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-20 18:59	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-20 18:59	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-14 15:49 . 2012-05-24 20:25	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 09:48	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 09:48	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 09:48	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 09:48	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 09:48	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 09:48	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 09:48	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 09:48	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 09:48	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 09:48	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 09:48	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 09:48	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 09:48	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 09:48	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 09:48	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 09:48	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 09:48	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 09:48	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 09:48	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 09:48	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 09:48	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 09:48	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 09:48	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 09:48	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 09:48	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 09:48	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 09:48	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 09:48	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 09:48	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 09:48	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 09:48	55296	----a-w-	c:\windows\SysWow64\cero.rs
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTxfiHlp"="CTXFIHLP.EXE" [2012-12-18 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 AsrHidFilter;AsrHidFilter;c:\windows\system32\DRIVERS\AsrHidFilter.sys [2011-02-17 17928]
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 ALSysIO;ALSysIO;c:\users\Stefan\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-11-20 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-11-20 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2012-12-18 232880]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2012-12-18 1448368]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2012-12-18 97712]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]
R3 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-09-25 474208]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 mv91xxr;mv91xxr;c:\windows\system32\DRIVERS\mv91xxr.sys [2010-10-21 302120]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1402010.016\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1402010.016\SYMEFA64.SYS [2012-10-04 1133216]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1402010.016\ccSetx64.sys [2012-08-20 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130301.002\IDSvia64.sys [2013-02-23 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1402010.016\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1402010.016\SYMNETS.SYS [2012-09-07 432800]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 143928]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2012-12-18 232880]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2012-12-18 1448368]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2012-12-18 97712]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-26 75904]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-14 138912]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2012-12-18 1617328]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-12-13 56448]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 19:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{C9A435EE-1A0E-423C-A756-A212F134C057}: NameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\i4e8hmx0.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-04  20:23:07
ComboFix-quarantined-files.txt  2013-03-04 19:23
ComboFix2.txt  2013-03-04 18:58
.
Vor Suchlauf: 12 Verzeichnis(se), 90.210.557.952 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 90.145.824.768 Bytes frei
.
- - End Of File - - 54591882B4179000C051120E0170C16A

Die Message-Box ist nicht erschienen.

cosinus · 04.03.2013, 21:06

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Scharby · 04.03.2013, 21:35

Das JRT Log:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.7 (03.03.2013:1)
OS: Windows 7 Ultimate x64
Ran by Stefan on 04.03.2013 at 21:18:38,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\i4e8hmx0.default\minidumps [103 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.03.2013 at 21:23:32,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Das AdwCleaner Log:

Code:

ATTFilter

# AdwCleaner v2.113 - Datei am 04/03/2013 um 21:26:08 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Stefan - STEFAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stefan\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\i4e8hmx0.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R7].txt - [722 octets] - [04/03/2013 21:26:08]

########## EOF - C:\AdwCleaner[R7].txt - [781 octets] ##########

Und zu guter letzt die beiden OTL Logs:

Code:

ATTFilter

OTL logfile created on: 04.03.2013 21:29:06 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,99 Gb Total Physical Memory | 13,54 Gb Available Physical Memory | 84,71% Memory free
16,77 Gb Paging File | 14,54 Gb Available in Paging File | 86,71% Paging File free
Paging file location(s): c:\pagefile.sys 800 800 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 84,00 Gb Free Space | 70,50% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 653,43 Gb Free Space | 70,15% Space Free | Partition Type: NTFS
Drive E: | 55,90 Gb Total Space | 17,26 Gb Free Space | 30,87% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 54,94 Gb Free Space | 18,43% Space Free | Partition Type: NTFS
Drive X: | 1863,01 Gb Total Space | 1521,37 Gb Free Space | 81,66% Space Free | Partition Type: NTFS
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.2.1.22\wincfi39.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\PROGRA~2\MICROS~2\Office12\ADDINS\UMOUTL~1.DLL ()
MOD - C:\PROGRA~2\MICROS~2\Office12\ADDINS\COLLEA~1.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ironx64.sys (Symantec Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (AsrHidFilter) -- C:\Windows\SysNative\drivers\AsrHidFilter.sys (ASRock Inc.)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (mv91xxr) -- C:\Windows\SysNative\drivers\mv91xxr.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (IOMap) -- C:\Windows\SysNative\drivers\IOMap64.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130304.003\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130304.003\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130301.002\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130208.001\BHDrvx64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1962966545-197323194-2037696592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1962966545-197323194-2037696592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 BB EA 99 E0 13 CE 01  [binary data]
IE - HKU\S-1-5-21-1962966545-197323194-2037696592-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1962966545-197323194-2037696592-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1962966545-197323194-2037696592-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1962966545-197323194-2037696592-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1962966545-197323194-2037696592-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1962966545-197323194-2037696592-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 4F F6 9C 69 B8 CD 01  [binary data]
IE - HKU\S-1-5-21-1962966545-197323194-2037696592-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1962966545-197323194-2037696592-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.03.04 16:56:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.09.10 19:57:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.26 06:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.13 21:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2013.03.03 23:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\i4e8hmx0.default\extensions
[2013.03.03 23:23:30 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\i4e8hmx0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.26 06:29:31 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\i4e8hmx0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.13 21:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.26 06:12:32 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.26 06:12:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.26 06:12:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.26 06:12:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.26 06:12:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.26 06:12:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.26 06:12:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.04 20:22:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\IPS\IPSBHO.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1962966545-197323194-2037696592-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1962966545-197323194-2037696592-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1962966545-197323194-2037696592-1004..\Run: [Fatal1tySTU]  File not found
O4 - HKU\S-1-5-21-1962966545-197323194-2037696592-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1962966545-197323194-2037696592-1004..\RunOnce: [CTAutoUpdate] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1962966545-197323194-2037696592-1004..\RunOnce: [CTPostBootSequencer] "C:\Users\Stefan\AppData\Local\Temp\CTPBSeq.exe" /reglaunch /self_destruct File not found
O4 - HKU\S-1-5-21-1962966545-197323194-2037696592-1004..\RunOnce: [InetReg] C:\Program Files (x86)\Creative\Produktregistrierung\German\InetReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1962966545-197323194-2037696592-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1962966545-197323194-2037696592-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1962966545-197323194-2037696592-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1962966545-197323194-2037696592-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1962966545-197323194-2037696592-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1962966545-197323194-2037696592-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9A435EE-1A0E-423C-A756-A212F134C057}: NameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.04 21:27:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2013.03.04 21:19:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.04 21:18:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.04 21:18:32 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.04 21:17:17 | 000,547,601 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Stefan\Desktop\JRT.exe
[2013.03.04 20:23:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.04 20:13:59 | 005,036,013 | R--- | C] (Swearware) -- C:\Users\Stefan\Desktop\ComboFix.exe
[2013.03.04 18:27:25 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\ElevatedDiagnostics
[2013.03.04 15:22:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.04 15:22:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.04 15:22:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.04 15:22:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.04 15:22:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.03 22:16:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\mbar-1.01.0.1021
[2013.02.27 21:11:26 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\WinDlg_124
[2013.02.27 20:56:58 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.27 20:56:58 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.27 20:56:58 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.27 20:56:58 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.02.27 20:56:58 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.02.27 20:56:58 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.02.27 20:56:58 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.02.27 20:56:58 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.27 20:56:58 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.02.27 20:56:58 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.02.27 20:56:58 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.27 20:56:58 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.02.27 20:56:58 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.27 20:56:58 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.27 20:56:58 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.27 20:56:58 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.02.27 20:56:58 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.02.27 20:56:58 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.27 20:56:58 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.02.27 20:56:58 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.02.27 20:56:58 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.27 20:56:58 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.27 20:56:58 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.02.27 20:56:58 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.02.27 20:56:58 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.02.27 20:56:58 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.02.27 20:56:58 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.27 20:56:58 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.02.27 20:56:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.02.27 20:56:58 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.02.27 20:56:58 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.02.27 20:56:58 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.02.27 20:56:58 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.02.27 20:56:58 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.27 20:56:58 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.02.27 20:56:58 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.02.27 20:56:58 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.02.27 20:56:58 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.02.27 20:56:58 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.02.27 20:56:58 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.02.27 20:56:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.02.27 20:56:58 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.02.27 20:56:58 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.27 20:56:58 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.02.27 20:56:58 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.02.27 20:56:58 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.02.27 20:56:58 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.02.27 20:56:58 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.27 20:56:58 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.02.27 20:56:58 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.02.27 20:56:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.02.27 20:56:58 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.02.27 20:56:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.02.27 20:56:58 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.02.27 20:56:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.02.27 20:56:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.02.27 20:56:58 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.02.27 20:56:58 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.02.27 20:56:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.02.27 20:56:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.02.27 20:56:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.02.27 20:56:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.02.27 20:56:58 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.02.27 20:56:58 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.02.27 20:56:58 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.02.27 20:56:58 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.02.27 20:56:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.02.27 20:56:58 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.02.27 20:50:44 | 015,846,768 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.02.27 14:16:45 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.27 14:16:45 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.27 14:16:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.27 14:16:45 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.27 14:16:44 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.27 14:16:44 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.27 14:16:43 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.27 14:16:43 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.27 14:16:43 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.27 14:16:43 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.27 14:16:43 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.27 14:16:43 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 14:16:43 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 14:16:43 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 14:16:43 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 14:16:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 14:16:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 14:16:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 14:16:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 14:16:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 14:16:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 14:16:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 14:16:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 14:16:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 14:16:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 14:16:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 14:16:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 14:16:43 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 14:16:43 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 14:16:42 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.27 14:16:42 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.27 14:16:42 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.27 14:16:42 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.27 14:16:42 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.27 14:16:42 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.27 14:16:42 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.27 14:16:42 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.27 14:16:42 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.27 14:16:42 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.27 14:16:42 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.27 14:16:42 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.26 06:54:13 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\CrystalDiskInfo5_4_0a
[2013.02.26 06:40:57 | 026,947,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.02.26 06:40:57 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.02.26 06:40:57 | 020,534,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.02.26 06:40:57 | 017,987,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.02.26 06:40:57 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.02.26 06:40:57 | 015,038,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.02.26 06:40:57 | 012,862,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.02.26 06:40:57 | 009,422,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.02.26 06:40:57 | 007,964,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.02.26 06:40:57 | 007,569,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.02.26 06:40:57 | 006,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.02.26 06:40:57 | 002,911,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.02.26 06:40:57 | 002,726,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.02.26 06:40:57 | 002,528,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.02.26 06:40:57 | 002,350,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.02.26 06:40:57 | 001,990,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.02.26 06:40:57 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420294.dll
[2013.02.26 06:40:57 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6420162.dll
[2013.02.26 06:40:57 | 000,963,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.02.26 06:40:57 | 000,250,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.02.26 06:40:57 | 000,205,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.02.26 06:40:57 | 000,194,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.02.26 06:40:57 | 000,031,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.02.26 06:33:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.26 06:33:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.26 06:29:45 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.26 06:29:45 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.26 06:29:45 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.26 06:29:43 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.26 06:29:43 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.26 06:29:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.26 06:29:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.26 06:29:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.26 06:29:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.26 06:29:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.25 23:14:28 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\testdisk-6.14-WIP.win
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.04 21:27:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2013.03.04 21:25:43 | 000,594,019 | ---- | M] () -- C:\Users\Stefan\Desktop\adwcleaner.exe
[2013.03.04 21:17:17 | 000,547,601 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Stefan\Desktop\JRT.exe
[2013.03.04 20:57:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.04 20:45:49 | 000,063,336 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000000-00001102-0000000B-00431102}.rfx
[2013.03.04 20:45:49 | 000,063,336 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000000-00001102-0000000B-00431102}.rfx
[2013.03.04 20:45:49 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000000-00001102-0000000B-00431102}.rfx
[2013.03.04 20:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.04 20:22:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.04 20:16:40 | 005,036,013 | R--- | M] (Swearware) -- C:\Users\Stefan\Desktop\ComboFix.exe
[2013.03.04 18:38:54 | 000,015,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.04 18:38:54 | 000,015,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.04 18:22:49 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.04 18:22:49 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.04 18:22:49 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.04 18:22:49 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.04 18:22:49 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.03 19:23:36 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable
[2013.02.28 23:29:24 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2013.02.28 23:29:24 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2013.02.27 20:56:58 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.27 20:56:58 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.27 20:56:58 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.27 20:56:58 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.02.27 20:56:58 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.02.27 20:56:58 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.02.27 20:56:58 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.02.27 20:56:58 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.27 20:56:58 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.02.27 20:56:58 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.02.27 20:56:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.27 20:56:58 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.02.27 20:56:58 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.27 20:56:58 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.27 20:56:58 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.27 20:56:58 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.02.27 20:56:58 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.02.27 20:56:58 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.27 20:56:58 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.02.27 20:56:58 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.02.27 20:56:58 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.27 20:56:58 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.27 20:56:58 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.02.27 20:56:58 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.02.27 20:56:58 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.02.27 20:56:58 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.02.27 20:56:58 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.27 20:56:58 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.02.27 20:56:58 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.02.27 20:56:58 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.02.27 20:56:58 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.02.27 20:56:58 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.02.27 20:56:58 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.02.27 20:56:58 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.27 20:56:58 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.02.27 20:56:58 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.02.27 20:56:58 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.02.27 20:56:58 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.02.27 20:56:58 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.02.27 20:56:58 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.02.27 20:56:58 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.02.27 20:56:58 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.02.27 20:56:58 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.27 20:56:58 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.02.27 20:56:58 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.02.27 20:56:58 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.02.27 20:56:58 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.02.27 20:56:58 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.27 20:56:58 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.02.27 20:56:58 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.02.27 20:56:58 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.02.27 20:56:58 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.02.27 20:56:58 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.02.27 20:56:58 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.02.27 20:56:58 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.02.27 20:56:58 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.02.27 20:56:58 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.02.27 20:56:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.02.27 20:56:58 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.02.27 20:56:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.02.27 20:56:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.02.27 20:56:58 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.02.27 20:56:58 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.02.27 20:56:58 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.02.27 20:56:58 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.27 20:56:58 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.27 20:56:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.02.27 20:56:58 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.02.27 20:56:58 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.02.27 20:56:58 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.02.27 20:53:04 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.27 20:53:04 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.27 20:50:44 | 015,846,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.02.26 19:48:00 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.02.26 19:47:59 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.02.26 19:47:59 | 000,123,480 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2013.02.26 19:47:59 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2013.02.26 19:47:59 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013.02.26 06:38:17 | 000,352,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 18:39:41 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\isolate.ini
[2013.02.10 04:25:27 | 026,947,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.02.10 04:25:27 | 025,256,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.02.10 04:25:27 | 020,534,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.02.10 04:25:27 | 017,987,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.02.10 04:25:27 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.02.10 04:25:27 | 015,275,744 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.02.10 04:25:27 | 015,038,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.02.10 04:25:27 | 012,862,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.02.10 04:25:27 | 009,422,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.02.10 04:25:27 | 007,964,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.02.10 04:25:27 | 007,569,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.02.10 04:25:27 | 006,267,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.02.10 04:25:27 | 002,911,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.02.10 04:25:27 | 002,854,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.02.10 04:25:27 | 002,726,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.02.10 04:25:27 | 002,528,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.02.10 04:25:27 | 002,350,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.02.10 04:25:27 | 001,990,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.02.10 04:25:27 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420294.dll
[2013.02.10 04:25:27 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6420162.dll
[2013.02.10 04:25:27 | 001,114,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.02.10 04:25:27 | 000,963,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.02.10 04:25:27 | 000,250,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.02.10 04:25:27 | 000,205,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.02.10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.02.10 02:04:31 | 006,393,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.02.10 02:04:31 | 003,472,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.02.10 02:04:29 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.02.10 02:04:29 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.02.10 02:04:29 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.02.09 14:25:36 | 003,035,306 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.04 15:22:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.04 15:22:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.04 15:22:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.04 15:22:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.04 15:22:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.03 19:23:36 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable
[2013.02.27 20:56:58 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.27 20:56:58 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.27 00:59:56 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2013.02.27 00:59:56 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2013.02.26 06:57:32 | 000,594,019 | ---- | C] () -- C:\Users\Stefan\Desktop\adwcleaner.exe
[2013.02.26 06:33:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.29 11:26:06 | 000,000,017 | ---- | C] () -- C:\Users\Stefan\AppData\Local\resmon.resmoncfg
[2012.12.18 19:35:42 | 000,017,979 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2012.12.18 18:34:34 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2012.12.18 18:32:14 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2012.12.18 18:16:06 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2012.12.18 18:16:06 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2012.12.18 18:00:06 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2012.12.18 17:59:58 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2012.11.21 13:45:56 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.11.21 13:45:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.11.20 13:28:11 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.07.23 19:57:20 | 000,110,592 | ---- | C] () -- C:\Windows\Wiainst.exe
[2012.05.23 23:41:02 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %SystemRoot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 04.03.2013 21:29:07 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,99 Gb Total Physical Memory | 13,54 Gb Available Physical Memory | 84,71% Memory free
16,77 Gb Paging File | 14,54 Gb Available in Paging File | 86,71% Paging File free
Paging file location(s): c:\pagefile.sys 800 800 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 84,00 Gb Free Space | 70,50% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 653,43 Gb Free Space | 70,15% Space Free | Partition Type: NTFS
Drive E: | 55,90 Gb Total Space | 17,26 Gb Free Space | 30,87% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 54,94 Gb Free Space | 18,43% Space Free | Partition Type: NTFS
Drive X: | 1863,01 Gb Total Space | 1521,37 Gb Free Space | 81,66% Space Free | Partition Type: NTFS
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1962966545-197323194-2037696592-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{32682F2E-A967-4FF0-8092-DD3F8D147A86}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{552D315C-F9CF-4C1E-A562-30BC9ACC9104}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5E486324-E47B-419D-AFB7-D5ACE2EE4942}" = lport=138 | protocol=17 | dir=in | app=system | 
"{679BA55C-9291-4A46-9A4F-4DE33ACE3E83}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9827A102-B355-49F7-B5F6-2AA84394C601}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{9ECF7E57-1C51-4CF7-AB76-FB263435ACBA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A9194572-7CC2-480C-BA3E-BC937AE0F9EA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B9B7382C-458D-4DBD-BD9B-5AC19D5D743E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BA0DDB81-164F-4D24-B2A7-B057AA9B944F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BC491552-DB13-4DB1-BD1E-A06D49CFB65E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C14BF0AE-99B7-4AFA-AECE-AED6A7C10978}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EBD156BB-358F-4EB2-9A45-6D83B8C07D3D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FE9E9844-E3AC-4B6F-A4D4-962ABD5B2037}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A29323D-1EF9-4929-8BF1-BFB4572A39CE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{160ECA4C-FB31-4070-B52F-487898C61A18}" = protocol=6 | dir=in | app=e:\anno 1404 - königsedition\tools\addonweb.exe | 
"{1E4F7F0C-DA3F-4FFA-9976-0EB6E7968F20}" = protocol=17 | dir=in | app=e:\anno 1404 - königsedition\anno4.exe | 
"{2988BB35-246E-4DE0-9765-3B7306A31629}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2A4E0B78-8259-4F33-8E71-16C0C5D5DB9C}" = protocol=17 | dir=in | app=e:\anno 1404 - königsedition\tools\addonweb.exe | 
"{2AD5A70D-410F-42E8-9C69-98783EADE4DD}" = protocol=17 | dir=in | app=e:\diablo iii\diablo iii.exe | 
"{310152AC-BFEA-4E9A-A23B-F5A6CB4326D3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{31A051B7-1439-4F6E-95F8-9BD4D1D76D00}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe | 
"{38331A54-808C-4739-B596-C9837C4C04D7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{48862055-ED30-47EC-A3B1-01D1E1AAFB4E}" = protocol=6 | dir=in | app=e:\anno 1404 - königsedition\anno4.exe | 
"{4C3C2B10-573B-4BE4-86A8-44937427A86B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{5920AF1C-A20C-49EC-827C-B849888D270A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{615EF69F-E62C-4195-B7BF-5F443F060297}" = protocol=17 | dir=in | app=e:\anno 1404 - königsedition\tools\anno4web.exe | 
"{64C86D98-CA14-440E-9379-8BEDDC343032}" = protocol=6 | dir=in | app=e:\diablo iii\diablo iii.exe | 
"{6A4391EE-0769-4888-BF5A-BC9DF39BC26E}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{6DC7D2AB-85B7-48D9-8E64-659AD6F61A14}" = protocol=17 | dir=in | app=e:\anno 1404 - königsedition\addon.exe | 
"{6DF795D8-B664-4267-B179-E42474EF3395}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{75796F5F-CD3B-4C6E-B42F-E691AB1EAE10}" = protocol=17 | dir=in | app=e:\anno 1404 - königsedition\tools\benchmark.exe | 
"{7E526867-2993-4164-9AE7-621B07C3E0D3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{89BCCF51-60B6-4ACF-8BAF-0F3219184B47}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe | 
"{96A8F086-CDAD-4FF2-96FE-A927FC0130BD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{9BA62994-2F60-46D8-9DC9-E1CF2155E61E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A5A03583-0B2C-4BAA-8420-1B80C80580AB}" = protocol=6 | dir=in | app=e:\anno 1404 - königsedition\tools\benchmark.exe | 
"{AC4C45C2-759C-4E73-8309-C839E8ACA086}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{BAAE2AAA-158B-4F93-A283-5D3026AA49A0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{BEBE572E-CAA6-40B3-9263-18492172762D}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{C3301A85-70BF-4694-B950-B5EECDA9AB74}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{C682152A-30AD-47CB-B827-9BC49CF53516}" = protocol=6 | dir=in | app=e:\anno 1404 - königsedition\tools\anno4web.exe | 
"{CCABEF8A-E56F-411E-8B6B-53D6147836B4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{CEE9D8A5-7F2E-4254-A6A5-4A1091446694}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{CFE698F2-AA7C-4885-965B-65375FBC837B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{DED40C55-3C40-4ACE-80E2-5D1D5182092B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{E21E140A-A5DE-4F3B-B6B3-DD10BA1EFB4D}" = protocol=6 | dir=in | app=e:\anno 1404 - königsedition\addon.exe | 
"{F8581B97-0657-4534-B722-9100401EC590}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9CF5E9B6-75C1-6899-00CD-82ACA9ACB664}" = AMD Catalyst Install Manager
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Kyocera Product Library" = Kyocera Product Library
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{28A1D7E5-6557-45EF-82A8-694B105880B5}" = PlayMemories Home
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diablo III" = Diablo III
"Diagnostics 4_5" = Creative-Diagnose
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"F-Stream Tuning_is1" = F-Stream Tuning v0.1.73.8
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"NIS" = Norton Internet Security
"OpenAL" = OpenAL
"PROPLUSR" = Microsoft Office Professional Plus 2007
"StarCraft II" = StarCraft II
"VLC media player" = VLC media player 2.0.5
 
< End of report >

03.03.2013, 21:39	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$Ordner kehrt immer wieder zurück: C:\ProgramData\boost_interprocess? - Standard$ Ordner kehrt immer wieder zurück: C:\ProgramData\boost_interprocess? Ich hatte eigentlich Logs von Virenscanners erwartet, mit Funden. Hatte denn jemals ein Virenscanner bei dir was gefunden? Wenn ja warum hast du diese Logs nicht gepostet? __________________ Logfiles bitte immer in CODE-Tags posten

Ordner kehrt immer wieder zurück: C:\ProgramData\boost_interprocess?

Plagegeister aller Art und deren Bekämpfung: Ordner kehrt immer wieder zurück: C:\ProgramData\boost_interprocess?