Taskmanager Spinnt Virus...

Raxx · 05.03.2013, 13:34

Hi

Mein kleiner Bruder hat irgent nen scheiß aus youtube gedownloadet was zu 100% virus ist und jetzt spinnt der Taskmanager

Er schliest und öffnet alle Dienste sowie Task andauernd...
Pc Funktioniert soweit aber irgentwas läuft das nicht richtig...

Hab die datei durch Virustotal laufen lassen seht selbst:

https://www.virustotal.com/de/file/fd8907d80d19821cd14d90e0c4fddb53699201628a6a113de5f5db0a167b59b4/analysis/1362480266/

Kennt das jemand oder kann abhilfe schaffen?!

Muss ich erstmal aufpassen wo ich mich einlogge Bank etc.?!

gmer Ging nicht der Stützt ab nach ca. 5 min, gmer_2.1.19155.exe Funktioniert nicht mehr

OTL

Zitat:

OTL logfile created on: 05.03.2013 12:57:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rene\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,37% Memory free
8,00 Gb Paging File | 6,68 Gb Available in Paging File | 83,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 37,27 Gb Total Space | 2,90 Gb Free Space | 7,77% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 33,94 Gb Free Space | 7,29% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,71 Gb Free Space | 99,85% Space Free | Partition Type: FAT32

Computer Name: RENE-PC | User Name: Rene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.05 12:49:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
PRC - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.01.20 04:10:06 | 006,039,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
PRC - [2012.11.26 22:45:33 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.11.19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2009.06.10 22:22:50 | 000,032,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.27 16:13:51 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.11.26 22:45:33 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.01 20:34:38 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2012.10.01 20:34:38 | 000,178,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.12.19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.12.10 03:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.11.08 03:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.08.24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2010.11.09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Rene\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&userid=EB_USER_ID&ctid=CT2625848&SSPV=TB_IESB25
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 5E 32 78 3F E8 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Rene\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{F2D8531B-F712-4FF5-A035-1667E3A140A4}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&CUI=UN40040751181637529&SSPV=TB_IESB25
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Rene\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2013.03.05 12:54:11 | 000,000,000 | ---D | M]

[2012.10.01 20:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: YouTube = C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Google Mail = C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Rene\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Rene\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB_DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Users\Rene\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [explorer.exe] C:\Users\Rene\AppData\Roaming\explorer.exe (Krzysztof Kowalczyk)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Rene\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rene\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rene\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CB927D12-4FF7-4A9E-A169-56E4B8A75598} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Element Behavior)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEC751E4-83B6-49D4-8E67-48CC69D6977B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.12.10 19:26:11 | 000,000,000 | ---D | M] - D:\Auto -- [ NTFS ]
O33 - MountPoints2\{abd422c2-542d-11e2-b1d9-90fba63850e9}\Shell - "" = AutoRun
O33 - MountPoints2\{abd422c2-542d-11e2-b1d9-90fba63850e9}\Shell\AutoRun\command - "" = F:\CMADownloader.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.05 12:57:02 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\AVG2012
[2013.03.05 12:55:48 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\TuneUp Software
[2013.03.05 12:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.03.05 12:55:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2013.03.05 12:54:00 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.03.05 12:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2013.03.05 12:53:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2013.03.05 12:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013.03.05 12:48:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
[2013.03.05 12:07:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.05 12:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.03.05 11:50:11 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\dclogs
[2013.03.05 11:50:10 | 000,861,184 | ---- | C] (Krzysztof Kowalczyk) -- C:\Users\Rene\AppData\Roaming\explorer.exe
[2013.03.04 18:44:27 | 000,000,000 | ---D | C] -- C:\Users\Rene\Documents\Raiderz
[2013.03.02 13:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2013.03.02 13:35:35 | 000,000,000 | ---D | C] -- C:\Users\Rene\Documents\Guild Wars 2
[2013.02.28 13:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
[2013.02.28 13:29:00 | 001,332,224 | ---- | C] (AD © 2009) -- C:\Windows\SysWow64\SYNSOEMU.DLL
[2013.02.28 13:29:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign
[2013.02.28 13:22:35 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2013.02.28 13:22:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2013.02.28 13:22:25 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2013.02.28 13:22:17 | 000,000,000 | ---D | C] -- C:\Users\Rene\Documents\Image-Line
[2013.02.28 13:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2013.02.28 13:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2013.02.28 13:22:05 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2013.02.28 13:21:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2013.02.28 13:08:54 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\FileZilla
[2013.02.28 13:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013.02.28 13:08:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013.02.20 19:49:26 | 000,051,972 | ---- | C] (Blizzard Entertainment) -- C:\Users\Rene\Desktop\Scan.dll
[2013.02.20 19:49:12 | 000,000,000 | ---D | C] -- C:\Users\Rene\Desktop\Cache
[2013.02.20 19:44:55 | 000,000,000 | ---D | C] -- C:\Users\Rene\Desktop\Logs
[2013.02.19 10:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.02.19 10:10:50 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.02.18 18:10:45 | 000,000,000 | ---D | C] -- C:\Users\Rene\Desktop\Neuer Ordner
[2013.02.17 18:18:01 | 000,000,000 | ---D | C] -- C:\Users\Rene\Desktop\Hurensohn
[2013.02.13 19:02:11 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Local\PMB Files
[2013.02.13 19:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.02.13 19:01:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.02.13 19:01:49 | 000,000,000 | ---D | C] -- C:\Users\Rene\.swt
[2013.02.12 17:24:08 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\TeamViewer
[2013.02.12 16:14:34 | 000,000,000 | ---D | C] -- C:\Users\Rene\Documents\Benutzerdefinierte Office-Vorlagen
[2013.02.08 21:26:43 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\LolClient
[2013.02.05 23:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games

========== Files - Modified Within 30 Days ==========

[2013.03.05 12:55:48 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2013.03.05 12:55:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2013.03.05 12:55:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2013.03.05 12:54:38 | 000,642,720 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013.03.05 12:54:28 | 000,377,856 | ---- | M] () -- C:\Users\Rene\Desktop\gmer_2.1.19155.exe
[2013.03.05 12:49:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
[2013.03.05 12:46:03 | 000,000,000 | ---- | M] () -- C:\Users\Rene\defogger_reenable
[2013.03.05 12:44:53 | 000,050,477 | ---- | M] () -- C:\Users\Rene\Desktop\Defogger.exe
[2013.03.05 12:29:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.05 12:26:29 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.05 12:26:29 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.05 12:18:05 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-121225185-1033156058-1426507469-1000UA.job
[2013.03.05 12:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.05 12:08:36 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.05 12:08:36 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.05 12:08:36 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.05 12:08:36 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.05 12:08:36 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.05 11:52:13 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.05 11:51:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.05 11:51:26 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.05 10:27:07 | 000,207,134 | ---- | M] () -- C:\Users\Rene\Desktop\bhop.exe
[2013.03.04 22:35:34 | 000,001,191 | ---- | M] () -- C:\Users\Rene\Desktop\Raiderz Launcher - Verknüpfung.lnk
[2013.03.04 15:18:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-121225185-1033156058-1426507469-1000Core.job
[2013.03.04 12:40:05 | 000,220,861 | ---- | M] () -- C:\Users\Rene\Desktop\ALICE VERTRAG.png
[2013.03.03 20:44:12 | 000,790,865 | ---- | M] () -- C:\Users\Rene\Desktop\1362114633783.gif
[2013.03.02 13:36:33 | 000,000,678 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2013.02.28 18:52:44 | 000,574,160 | ---- | M] () -- C:\Users\Rene\ts3_recording_13_02_28_18_52_38.wav
[2013.02.28 18:04:03 | 000,969,394 | ---- | M] () -- C:\Users\Rene\Desktop\Unbenannt.png
[2013.02.28 16:51:31 | 012,487,760 | ---- | M] () -- C:\ts3_recording_13_02_28_16_50_23.wav
[2013.02.28 13:22:35 | 000,001,138 | ---- | M] () -- C:\Users\Rene\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2013.02.28 13:22:24 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2013.02.28 13:08:52 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013.02.20 19:56:48 | 000,000,253 | ---- | M] () -- C:\Users\Rene\Desktop\WoW.mfil
[2013.02.20 19:49:26 | 000,051,972 | ---- | M] (Blizzard Entertainment) -- C:\Users\Rene\Desktop\Scan.dll
[2013.02.13 19:03:34 | 000,000,642 | ---- | M] () -- C:\Users\Rene\Desktop\Resume Download of Blacklight Retribution.url
[2013.02.13 16:40:49 | 000,767,145 | ---- | M] () -- C:\Users\Rene\Desktop\worldedit-5.5.1.zip
[2013.02.12 19:13:53 | 000,000,553 | ---- | M] () -- C:\Users\Rene\Desktop\server.properties
[2013.02.10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.02.08 23:57:33 | 000,861,184 | ---- | M] (Krzysztof Kowalczyk) -- C:\Users\Rene\AppData\Roaming\explorer.exe
[2013.02.06 00:36:30 | 000,021,575 | ---- | M] () -- C:\Users\Rene\Desktop\1178638.jpg
[2013.02.05 23:05:30 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk

========== Files Created - No Company Name ==========

[2013.03.05 12:55:48 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2013.03.05 12:55:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2013.03.05 12:55:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2013.03.05 12:54:28 | 000,377,856 | ---- | C] () -- C:\Users\Rene\Desktop\gmer_2.1.19155.exe
[2013.03.05 12:46:03 | 000,000,000 | ---- | C] () -- C:\Users\Rene\defogger_reenable
[2013.03.05 12:44:53 | 000,050,477 | ---- | C] () -- C:\Users\Rene\Desktop\Defogger.exe
[2013.03.05 10:26:59 | 000,207,134 | ---- | C] () -- C:\Users\Rene\Desktop\bhop.exe
[2013.03.04 22:35:34 | 000,001,191 | ---- | C] () -- C:\Users\Rene\Desktop\Raiderz Launcher - Verknüpfung.lnk
[2013.03.04 12:40:04 | 000,220,861 | ---- | C] () -- C:\Users\Rene\Desktop\ALICE VERTRAG.png
[2013.03.03 20:44:12 | 000,790,865 | ---- | C] () -- C:\Users\Rene\Desktop\1362114633783.gif
[2013.03.02 13:36:33 | 000,000,678 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2013.02.28 18:52:39 | 000,574,160 | ---- | C] () -- C:\Users\Rene\ts3_recording_13_02_28_18_52_38.wav
[2013.02.28 18:04:02 | 000,969,394 | ---- | C] () -- C:\Users\Rene\Desktop\Unbenannt.png
[2013.02.28 16:50:25 | 012,487,760 | ---- | C] () -- C:\ts3_recording_13_02_28_16_50_23.wav
[2013.02.28 13:22:35 | 000,001,138 | ---- | C] () -- C:\Users\Rene\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2013.02.28 13:22:24 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2013.02.28 13:08:52 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013.02.19 10:12:25 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.02.13 19:03:34 | 000,000,642 | ---- | C] () -- C:\Users\Rene\Desktop\Resume Download of Blacklight Retribution.url
[2013.02.06 00:36:30 | 000,021,575 | ---- | C] () -- C:\Users\Rene\Desktop\1178638.jpg
[2013.02.05 23:05:30 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.12.23 16:57:21 | 000,004,505 | ---- | C] () -- C:\Windows\SysWow64\drivers\tihid.sys
[2012.12.23 16:57:20 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\Tipage.dll
[2012.12.14 16:13:25 | 000,000,025 | ---- | C] () -- C:\Windows\AutoOC.ini
[2012.11.26 22:29:37 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.26 22:29:35 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.26 18:22:29 | 000,007,607 | ---- | C] () -- C:\Users\Rene\AppData\Local\Resmon.ResmonCfg
[2012.09.28 16:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.02.21 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\.minecraft
[2013.03.05 12:57:02 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\AVG2012
[2013.03.05 12:25:58 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\BitTorrent
[2013.03.05 11:53:38 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\dclogs
[2013.01.13 17:58:11 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\DVDVideoSoft
[2013.01.13 17:53:59 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.03.04 21:17:31 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\FileZilla
[2013.02.08 21:26:43 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\LolClient
[2013.02.11 19:18:17 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Mumble
[2012.11.25 18:24:34 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Opera
[2012.12.15 11:38:27 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Origin
[2013.02.12 17:33:30 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\TeamViewer
[2013.03.05 12:50:24 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\TS3Client
[2013.03.05 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\TuneUp Software

========== Purity Check ==========

< End of report >

Extras

Zitat:

OTL Extras logfile created on: 05.03.2013 12:57:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rene\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,37% Memory free
8,00 Gb Paging File | 6,68 Gb Available in Paging File | 83,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 37,27 Gb Total Space | 2,90 Gb Free Space | 7,77% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 33,94 Gb Free Space | 7,29% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,71 Gb Free Space | 99,85% Space Free | Partition Type: FAT32

Computer Name: RENE-PC | User Name: Rene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BEAB4BA-E75A-45CA-BAB5-4E27A4CD3C72}" = lport=138 | protocol=17 | dir=in | app=system |
"{1BC0F20F-E4F5-4137-9DB4-11DE292242A9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E9A48ED-4312-4308-B498-805462AC51D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24349518-A916-4011-9BD2-7332AF1D64A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2597D192-B098-4B9A-836B-49588B24497F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B6EBA28-7154-4551-BB16-09167A6DF0F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4239EB0C-E921-43E6-9186-AA05736F1EF9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{532C541A-B7A8-4571-BF77-EC689ACBC99C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{549C1C3F-060D-423E-A992-CBC4903958EF}" = lport=56231 | protocol=17 | dir=in | name=pando media booster |
"{59772F7F-DBC9-4916-9533-9D12EA055627}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{616525C8-7669-4465-85B1-E5A7DB175AF3}" = lport=56231 | protocol=6 | dir=in | name=pando media booster |
"{69B56736-66E4-46B2-AF80-A95ACFC877A7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89A0AC92-4CC7-4B1C-BE65-FAC30EB41661}" = rport=10243 | protocol=6 | dir=out | app=system |
"{89E534F1-1BB5-463B-B914-17FDC22F6F57}" = rport=139 | protocol=6 | dir=out | app=system |
"{8AD7C6F5-29F3-4C81-A9DD-C429E2603BAA}" = lport=445 | protocol=6 | dir=in | app=system |
"{972F1AA6-ED3B-4F1D-A388-15BE0F732248}" = lport=137 | protocol=17 | dir=in | app=system |
"{A2919452-96A3-44E4-870B-3BC0FCF2C63B}" = rport=445 | protocol=6 | dir=out | app=system |
"{A341412B-19AC-4A0D-8637-E794D2052719}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8C617BF-56B9-499F-B604-9CBCB6FE2C9A}" = lport=56231 | protocol=17 | dir=in | name=pando media booster |
"{A9F08CA2-3570-48C9-9B04-C520832EDB68}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{AB6CC1BE-4747-417A-AAA0-7EE7ED36ADCE}" = rport=138 | protocol=17 | dir=out | app=system |
"{B1E009D3-EBB4-4A48-8A8B-805A9D43E891}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5869867-813D-4C2B-B66C-B2E4BFC1E4C6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D0981C0C-6AB8-451F-BE9B-FDBEC50ADEF6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D36E9B2F-09B3-4EE5-B83C-F6FF75D32F00}" = lport=139 | protocol=6 | dir=in | app=system |
"{E4E1F892-0028-46CB-A596-1130315B9B2A}" = lport=56231 | protocol=6 | dir=in | name=pando media booster |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A60248-F891-4EF5-8F03-2DBB1CB6F3EB}" = protocol=17 | dir=in | app=d:\games_apps\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{0C8AC602-B94D-4AAF-987C-5340D9BB77D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0D27F5D4-B8AC-4217-A10D-78C7FB68542A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{15E187D9-82B5-4985-8320-995E781FE6A6}" = protocol=6 | dir=in | app=d:\games_apps\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{18A9CC93-3F77-4282-8A3A-891845DE97C2}" = protocol=17 | dir=in | app=d:\games_apps\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{194E3A31-DA60-4822-B787-9C722F06FAD2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{210776BD-29F1-4104-A165-C90C090C2F01}" = protocol=17 | dir=in | app=d:\games_apps\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{276F0CD6-9138-4F3A-B7BE-01D4EC5DE582}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{29838947-1818-40BB-8E06-83F6EE449ACD}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{2B56AC63-8230-48A1-82BA-17486974EABF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{304062DC-98E0-4CBB-86A5-408E21C568D0}" = protocol=17 | dir=in | app=d:\games_apps\steam\steamapps\common\bullet run\launchpad.exe |
"{31FE0627-578B-4C32-BD0C-3AFC5B163AAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{354C486E-BA2A-4603-B0AC-7CA4EB80D2CD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{39B8FD3A-12A2-4A20-81A7-D5E930196094}" = protocol=6 | dir=in | app=d:\games_apps\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{3D9631E5-9DA4-4003-867E-DEE22E9EED6A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3E2C5CE0-0346-42B7-ACE3-27670B09DA82}" = dir=in | app=c:\users\rene\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{3F5D7F60-0D5E-4259-8677-F23D6CB1B827}" = protocol=6 | dir=in | app=d:\games_apps\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{4119F657-CD50-40F5-A66A-8813C23232DF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{41B3ACD0-FBBA-4CB7-A43C-C5E4C68B03BA}" = protocol=17 | dir=in | app=d:\games_apps\steam\steamapps\common\dota 2 beta\dota.exe |
"{42C81E39-3D44-4FD6-8B2D-D5B8E1EA6812}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43EEEF3D-B2D3-470E-A559-6E2CBA489353}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{44CACC1D-7EC7-4C2D-8AD2-F8ADC6453A40}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{52F9B458-FB5B-4CAD-B34C-A7187D9AC18D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{558DDA0E-51D7-42B5-B086-6B149DDE7A62}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{619F714C-146E-42A7-975E-05DD3643DB91}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{61DFD982-AEB7-4A99-80FE-04E1F66755E7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6A4B3B16-3EBA-48EE-961B-E335D4AC8C4B}" = protocol=6 | dir=in | app=d:\games_apps\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{6D021BEA-AFFA-49A5-A2E4-690FE7EE27BF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6E88D40A-3C14-4ECF-9ED1-D62060A9528E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{71C0F4EE-ADE6-4AA2-B4A3-FE26636A540C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{726A0479-BA1C-4CEF-B23F-7BE9699AAF67}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{74D6508C-A487-4A9D-9AAC-72CF98B231DE}" = protocol=17 | dir=in | app=d:\games_apps\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{7A74667C-9FD2-4C51-AFC0-0975FDE3F41E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{7C0CBEA9-634D-474A-9726-5967AC33E1FE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{801931B6-73A6-4AC2-98D0-3EEAFB34FA81}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{8089ECDC-C8AA-465E-A464-AB65EBD1F6FC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{80D31A04-0E4E-457A-AE85-409F61C9046D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{82C9E66D-4BB7-4223-BC03-17E444C0159D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{86A587EC-EF87-431F-9BDC-4CF3E68467B8}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{86FC4377-7645-4676-B041-44580E41A1D1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{88E324F5-D2D6-4B5E-A078-A1C8CE8661BE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{8A1F667C-88D1-4962-9E2F-AC5D7AAA0D67}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99368D3B-E5F9-44B4-8744-22CECB66C6F1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9A11BBBD-C8D6-400B-A8DD-C8F1ED386291}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9D124201-90F9-4F5F-BA5F-2695B63F163B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A196E3F6-C9FA-421D-B41A-D9B1FEF68147}" = protocol=6 | dir=out | app=system |
"{A28B6C04-46AF-456F-9990-FC5DF30DE69D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A592EAFC-05AD-4D42-BE4B-02CC2597B554}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A6EE7591-C3D4-441F-8D6A-AA31939AFDA9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B3486812-B0AF-43AA-8B3C-D00E13AD006F}" = protocol=17 | dir=in | app=d:\program files (x86)\origin\games\battlefield 3\bf3.exe |
"{B62E8304-BF8C-4677-A017-481933E8C6DE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{B723A56B-F1AA-4E7C-BC13-E946BF3CE492}" = protocol=17 | dir=in | app=d:\games_apps\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{BB1BCE89-D680-4C47-99F0-79FF744939FB}" = protocol=17 | dir=in | app=d:\games_apps\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{BBC2ACF9-9748-466F-B536-A5A989A8E624}" = protocol=6 | dir=in | app=d:\games_apps\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{BDE01172-9737-4D68-9CF3-30BD8A878FD6}" = protocol=6 | dir=in | app=d:\games_apps\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{C444E068-FDA6-4BEF-B713-986B54891A76}" = protocol=6 | dir=in | app=d:\program files (x86)\origin\games\battlefield 3\bf3.exe |
"{C890CD52-6569-47AA-9540-DCDBE7720653}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CF8672EF-3015-4BFF-8ED8-0F8ED741C7F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D0352572-2B26-4F4A-93B6-6FF99B723509}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D626486A-3CCD-40DC-AE6C-609DF8197233}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DA336C94-3F2D-45CC-96E7-8BB189E84BD7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DEF4F8D6-840C-4FAF-B673-874D4E275FD6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{E4D5F015-3AE5-47AD-9752-32A37219A869}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EBC73EC7-A4F1-4D95-A3C6-38FE39B565BA}" = protocol=6 | dir=in | app=d:\games_apps\steam\steamapps\common\bullet run\launchpad.exe |
"{FA9F651A-0FA5-40E5-991D-AA92637A9C03}" = protocol=6 | dir=in | app=d:\games_apps\steam\steamapps\common\dota 2 beta\dota.exe |
"{FCD509C1-4CED-467A-8092-36E5B71CFFB3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{469F56CD-A28F-4F4D-8A8F-3B9D96B699C9}D:\games_apps\steam\steam.exe" = protocol=6 | dir=in | app=d:\games_apps\steam\steam.exe |
"TCP Query User{49837DCA-87EF-4C0E-A91E-EAFEB40750AD}D:\games_apps\steam\steamapps\onkymonky\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\games_apps\steam\steamapps\onkymonky\counter-strike source\hl2.exe |
"TCP Query User{5A04BCD6-08A9-45CB-AC1F-DE515921AE15}D:\program files (x86)\call of duty\coduomp.exe" = protocol=6 | dir=in | app=d:\program files (x86)\call of duty\coduomp.exe |
"TCP Query User{5A7090B5-7B1D-4C61-8A1A-8934D73BB9C9}C:\users\rene\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\rene\appdata\local\temp\gw2.exe |
"TCP Query User{9D374B93-452F-40AD-B261-23C748E9143C}D:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{DE2118A2-1ED4-4241-A0BF-1A6D9A3FFEDC}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{1C4816D7-256C-475A-90C2-23AEDB4C2DC6}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{44FCD381-64F4-4C61-8989-B0BB300C4127}D:\games_apps\steam\steam.exe" = protocol=17 | dir=in | app=d:\games_apps\steam\steam.exe |
"UDP Query User{5DA8B46F-BC9F-40BE-8BBB-FB357A9BFF1B}C:\users\rene\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\rene\appdata\local\temp\gw2.exe |
"UDP Query User{A3251DE0-76AF-4F3A-9061-D2BD73C75EF6}D:\program files (x86)\call of duty\coduomp.exe" = protocol=17 | dir=in | app=d:\program files (x86)\call of duty\coduomp.exe |
"UDP Query User{CABF1D44-6136-49DE-A107-1D8818F65771}D:\games_apps\steam\steamapps\onkymonky\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\games_apps\steam\steamapps\onkymonky\counter-strike source\hl2.exe |
"UDP Query User{F521F5A1-F36C-4D31-8A51-63193111096D}D:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\guild wars 2\gw2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8EBE1375-11F7-482D-936C-4C575F3D9BCB}" = AVG 2012
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F2A13695-0BD3-47E2-91E0-2F5DB86FA439}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24F2E03B-ACF2-42FB-8A2A-5F015ACBDD16}" = FOX ONE
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{75B90ADC-066D-454C-9D3C-CB0C6BAF7A27}_is1" = ClearSky Benchmark 1.0
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.3.0
"ASIO4ALL" = ASIO4ALL
"Battlelog Web Plugins" = Battlelog Web Plugins
"BitTorrent" = BitTorrent
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.2.7.1
"FL Studio 10" = FL Studio 10
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"IL Download Manager" = IL Download Manager
"Mouse Joypad V1.0" = Mouse Joypad V1.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.14.1738" = Opera 12.14
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"Steam App 201790" = Orcs Must Die! 2
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848" = DVDVideoSoftTB DE Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19.02.2013 16:24:27 | Computer Name = Rene-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw5mp.exe, Version: 0.0.0.0, Zeitstempel:
0x50b9061a Name des fehlerhaften Moduls: rename me or die.dll, Version: 0.0.0.0,
Zeitstempel: 0x51180cf8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000010c8 ID des fehlerhaften
Prozesses: 0xd74 Startzeit der fehlerhaften Anwendung: 0x01ce0edf07735863 Pfad der
fehlerhaften Anwendung: d:\games_apps\steam\steamapps\common\call of duty modern
warfare 3\iw5mp.exe Pfad des fehlerhaften Moduls: C:\Users\Rene\Desktop\Neuer Ordner\rename
me or die.dll Berichtskennung: 5b654387-7ad2-11e2-9746-90fba63850e9

Error - 19.02.2013 17:17:14 | Computer Name = Rene-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw5mp.exe, Version: 0.0.0.0, Zeitstempel:
0x50b9061a Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0xde4 Startzeit der fehlerhaften Anwendung: 0x01ce0edf23abe12c Pfad der fehlerhaften
Anwendung: d:\games_apps\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: ba9dc9cc-7ad9-11e2-9746-90fba63850e9

Error - 20.02.2013 16:01:18 | Computer Name = Rene-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw5mp.exe, Version: 0.0.0.0, Zeitstempel:
0x50b9061a Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x77c Startzeit der fehlerhaften Anwendung: 0x01ce0f9ed6702977 Pfad der fehlerhaften
Anwendung: d:\games_apps\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 49aca483-7b98-11e2-94a5-90fba63850e9

Error - 20.02.2013 18:05:55 | Computer Name = Rene-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw5mp.exe, Version: 0.0.0.0, Zeitstempel:
0x50b9061a Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0xb54 Startzeit der fehlerhaften Anwendung: 0x01ce0fb21a814e2c Pfad der fehlerhaften
Anwendung: d:\games_apps\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: b25325f5-7ba9-11e2-94a5-90fba63850e9

Error - 21.02.2013 10:23:20 | Computer Name = Rene-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw5mp.exe, Version: 0.0.0.0, Zeitstempel:
0x50b9061a Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000096 Fehleroffset: 0x003d5d4a ID des fehlerhaften Prozesses:
0xfe4 Startzeit der fehlerhaften Anwendung: 0x01ce103c3151c4c3 Pfad der fehlerhaften
Anwendung: d:\games_apps\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 3d30d98c-7c32-11e2-b638-90fba63850e9

Error - 21.02.2013 10:23:20 | Computer Name = Rene-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
der Datenträger fehlt. Das Programm iw5mp.exe wurde wegen dieses Fehlers geschlossen.

Programm:
iw5mp.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: 00000000 Datenträgertyp: 0

Error - 21.02.2013 11:43:27 | Computer Name = Rene-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw5mp.exe, Version: 0.0.0.0, Zeitstempel:
0x50b9061a Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x3b2c0000 ID des fehlerhaften Prozesses:
0x104c Startzeit der fehlerhaften Anwendung: 0x01ce10454d491262 Pfad der fehlerhaften
Anwendung: d:\games_apps\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 6e796a77-7c3d-11e2-b638-90fba63850e9

Error - 21.02.2013 12:22:39 | Computer Name = Rene-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.90.5 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9e4 Startzeit:
01ce104f1d581612 Endzeit: 93 Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID:

Error - 22.02.2013 08:47:41 | Computer Name = Rene-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw5mp.exe, Version: 0.0.0.0, Zeitstempel:
0x50b9061a Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x604 Startzeit der fehlerhaften Anwendung: 0x01ce10f6dfe00a2d Pfad der fehlerhaften
Anwendung: d:\games_apps\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 0b6388ec-7cee-11e2-8349-90fba63850e9

Error - 05.03.2013 07:18:05 | Computer Name = Rene-PC | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 25.02.2013 08:15:10 | Computer Name = Rene-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 25.02.2013 13:04:39 | Computer Name = Rene-PC | Source = bowser | ID = 8003
Description =

Error - 27.02.2013 13:03:37 | Computer Name = Rene-PC | Source = DCOM | ID = 10010
Description =

Error - 03.03.2013 14:10:11 | Computer Name = Rene-PC | Source = bowser | ID = 8003
Description =

Error - 03.03.2013 14:34:14 | Computer Name = Rene-PC | Source = bowser | ID = 8003
Description =

Error - 03.03.2013 14:49:16 | Computer Name = Rene-PC | Source = bowser | ID = 8003
Description =

Error - 03.03.2013 14:52:16 | Computer Name = Rene-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 03.03.2013 15:34:19 | Computer Name = Rene-PC | Source = bowser | ID = 8003
Description =

Error - 04.03.2013 13:35:42 | Computer Name = Rene-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 05.03.2013 06:51:35 | Computer Name = Rene-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?03.?2013 um 11:50:26 unerwartet heruntergefahren.

< End of report >

markusg · 05.03.2013, 14:28

hi
Trojaner-Board Upload Channel
datei mal da hochladen, die du bei Virustotal geprüft hast

Raxx · 05.03.2013, 14:57

Habe die Datei hochgelden.

Musste sie umbenennen ging sonst net hochzuladen!

danke schonmal im vorraus für die mühe

markusg · 05.03.2013, 17:05

Wie kann man sich mit nem 3 wochen alten trojaner infizieren...
danke fürs hochladen.
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Raxx · 05.03.2013, 19:24

Ja von einen netten Youtube video bekommt man sowas...

TDSSKiller hat nichts gefunden:
"no threats Found"

Aber ich glaube habe es schon gelöst, zumindestet funktioniert der Taskmanager wieder richtig...

Habe mal einfach paar ordern durchforstet und bin dabei auf die datei gestoßen:
[2013.03.05 11:50:10 | 000,861,184 | ---- | C] (Krzysztof Kowalczyk) -- C:\Users\Rene\AppData\Roaming\explorer.exe, die mir der komisch vorkam... Habs die gelöscht und dann pc neugestartet und es "geht" wieder...

Ist der noch da oder wars das?!

markusg · 05.03.2013, 20:58

wo ist das log?
ne das bekommt man nicht, wenn man aktuelle av-software nutz.
und hör bitte auf, selbst zu löschen, sonst kann ich mir die anleitungen auch sparen.

Raxx · 05.03.2013, 21:16

OKay sorry ;D

Zitat:

21:14:30.0117 4220 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:14:30.0454 4220 ============================================================
21:14:30.0454 4220 Current date / time: 2013/03/05 21:14:30.0454
21:14:30.0454 4220 SystemInfo:
21:14:30.0454 4220
21:14:30.0454 4220 OS Version: 6.1.7600 ServicePack: 0.0
21:14:30.0454 4220 Product type: Workstation
21:14:30.0454 4220 ComputerName: RENE-PC
21:14:30.0454 4220 UserName: Rene
21:14:30.0454 4220 Windows directory: C:\Windows
21:14:30.0454 4220 System windows directory: C:\Windows
21:14:30.0455 4220 Running under WOW64
21:14:30.0455 4220 Processor architecture: Intel x64
21:14:30.0455 4220 Number of processors: 2
21:14:30.0455 4220 Page size: 0x1000
21:14:30.0455 4220 Boot type: Normal boot
21:14:30.0455 4220 ============================================================
21:14:31.0656 4220 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:14:35.0918 4220 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:14:35.0923 4220 ============================================================
21:14:35.0923 4220 \Device\Harddisk0\DR0:
21:14:35.0942 4220 MBR partitions:
21:14:35.0942 4220 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A89182
21:14:35.0942 4220 \Device\Harddisk1\DR1:
21:14:35.0942 4220 MBR partitions:
21:14:35.0942 4220 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
21:14:35.0942 4220 ============================================================
21:14:35.0972 4220 C: <-> \Device\Harddisk0\DR0\Partition1
21:14:35.0979 4220 D: <-> \Device\Harddisk1\DR1\Partition1
21:14:35.0979 4220 ============================================================
21:14:35.0979 4220 Initialize success
21:14:35.0980 4220 ============================================================
21:14:44.0812 3104 ============================================================
21:14:44.0812 3104 Scan started
21:14:44.0812 3104 Mode: Manual; SigCheck; TDLFS;
21:14:44.0812 3104 ============================================================
21:14:45.0951 3104 ================ Scan system memory ========================
21:14:45.0951 3104 System memory - ok
21:14:45.0952 3104 ================ Scan services =============================
21:14:46.0142 3104 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
21:14:46.0200 3104 1394ohci - ok
21:14:46.0244 3104 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
21:14:46.0264 3104 ACPI - ok
21:14:46.0304 3104 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
21:14:46.0322 3104 AcpiPmi - ok
21:14:46.0462 3104 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:14:46.0474 3104 AdobeARMservice - ok
21:14:46.0630 3104 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:14:46.0647 3104 AdobeFlashPlayerUpdateSvc - ok
21:14:46.0714 3104 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:14:46.0736 3104 adp94xx - ok
21:14:46.0808 3104 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:14:46.0826 3104 adpahci - ok
21:14:46.0846 3104 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:14:46.0865 3104 adpu320 - ok
21:14:46.0910 3104 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:14:46.0954 3104 AeLookupSvc - ok
21:14:47.0003 3104 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
21:14:47.0021 3104 AFD - ok
21:14:47.0060 3104 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
21:14:47.0073 3104 agp440 - ok
21:14:47.0123 3104 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:14:47.0137 3104 ALG - ok
21:14:47.0167 3104 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
21:14:47.0179 3104 aliide - ok
21:14:47.0195 3104 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
21:14:47.0207 3104 amdide - ok
21:14:47.0253 3104 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:14:47.0268 3104 AmdK8 - ok
21:14:47.0291 3104 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:14:47.0306 3104 AmdPPM - ok
21:14:47.0347 3104 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
21:14:47.0361 3104 amdsata - ok
21:14:47.0383 3104 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:14:47.0398 3104 amdsbs - ok
21:14:47.0424 3104 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
21:14:47.0436 3104 amdxata - ok
21:14:47.0469 3104 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
21:14:47.0486 3104 AppID - ok
21:14:47.0521 3104 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:14:47.0555 3104 AppIDSvc - ok
21:14:47.0589 3104 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
21:14:47.0604 3104 Appinfo - ok
21:14:47.0670 3104 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:14:47.0688 3104 AppMgmt - ok
21:14:47.0738 3104 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:14:47.0753 3104 arc - ok
21:14:47.0768 3104 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:14:47.0783 3104 arcsas - ok
21:14:47.0814 3104 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:14:47.0856 3104 AsyncMac - ok
21:14:47.0880 3104 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
21:14:47.0896 3104 atapi - ok
21:14:47.0971 3104 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:14:48.0011 3104 AudioEndpointBuilder - ok
21:14:48.0043 3104 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:14:48.0084 3104 AudioSrv - ok
21:14:48.0363 3104 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
21:14:48.0447 3104 AVGIDSAgent - ok
21:14:48.0479 3104 [ 633360E94804E7BAFE642017817C9413 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
21:14:48.0495 3104 AVGIDSDriver - ok
21:14:48.0529 3104 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
21:14:48.0541 3104 AVGIDSFilter - ok
21:14:48.0586 3104 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
21:14:48.0596 3104 AVGIDSHA - ok
21:14:48.0647 3104 [ BE8BC5D10ABA05D7F6E79D8296906C86 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
21:14:48.0661 3104 Avgldx64 - ok
21:14:48.0732 3104 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
21:14:48.0741 3104 Avgmfx64 - ok
21:14:48.0801 3104 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
21:14:48.0810 3104 Avgrkx64 - ok
21:14:48.0863 3104 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
21:14:48.0879 3104 Avgtdia - ok
21:14:48.0923 3104 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:14:48.0935 3104 avgwd - ok
21:14:48.0985 3104 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:14:49.0002 3104 AxInstSV - ok
21:14:49.0065 3104 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:14:49.0084 3104 b06bdrv - ok
21:14:49.0130 3104 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:14:49.0146 3104 b57nd60a - ok
21:14:49.0218 3104 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:14:49.0232 3104 BDESVC - ok
21:14:49.0281 3104 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:14:49.0323 3104 Beep - ok
21:14:49.0397 3104 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
21:14:49.0462 3104 BFE - ok
21:14:49.0521 3104 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
21:14:49.0571 3104 BITS - ok
21:14:49.0614 3104 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:14:49.0628 3104 blbdrive - ok
21:14:49.0673 3104 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:14:49.0689 3104 bowser - ok
21:14:49.0727 3104 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:14:49.0745 3104 BrFiltLo - ok
21:14:49.0784 3104 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:14:49.0799 3104 BrFiltUp - ok
21:14:49.0840 3104 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
21:14:49.0856 3104 Browser - ok
21:14:49.0887 3104 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:14:49.0904 3104 Brserid - ok
21:14:49.0928 3104 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:14:49.0945 3104 BrSerWdm - ok
21:14:49.0968 3104 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:14:49.0984 3104 BrUsbMdm - ok
21:14:50.0003 3104 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:14:50.0018 3104 BrUsbSer - ok
21:14:50.0044 3104 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:14:50.0060 3104 BTHMODEM - ok
21:14:50.0115 3104 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:14:50.0151 3104 bthserv - ok
21:14:50.0189 3104 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:14:50.0225 3104 cdfs - ok
21:14:50.0258 3104 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:14:50.0276 3104 cdrom - ok
21:14:50.0331 3104 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
21:14:50.0370 3104 CertPropSvc - ok
21:14:50.0425 3104 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:14:50.0443 3104 circlass - ok
21:14:50.0474 3104 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:14:50.0493 3104 CLFS - ok
21:14:50.0566 3104 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:14:50.0583 3104 clr_optimization_v2.0.50727_32 - ok
21:14:50.0632 3104 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:14:50.0648 3104 clr_optimization_v2.0.50727_64 - ok
21:14:50.0730 3104 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:14:50.0744 3104 clr_optimization_v4.0.30319_32 - ok
21:14:50.0781 3104 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:14:50.0796 3104 clr_optimization_v4.0.30319_64 - ok
21:14:50.0833 3104 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:14:50.0847 3104 CmBatt - ok
21:14:50.0857 3104 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
21:14:50.0869 3104 cmdide - ok
21:14:50.0910 3104 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
21:14:50.0937 3104 CNG - ok
21:14:50.0958 3104 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:14:50.0971 3104 Compbatt - ok
21:14:50.0995 3104 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:14:51.0011 3104 CompositeBus - ok
21:14:51.0024 3104 COMSysApp - ok
21:14:51.0085 3104 [ 262969A3FAB32B9E17E63E2D17A57744 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
21:14:51.0095 3104 cpuz135 - ok
21:14:51.0111 3104 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:14:51.0124 3104 crcdisk - ok
21:14:51.0174 3104 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:14:51.0189 3104 CryptSvc - ok
21:14:51.0278 3104 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
21:14:51.0297 3104 CSC - ok
21:14:51.0325 3104 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
21:14:51.0346 3104 CscService - ok
21:14:51.0410 3104 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:14:51.0452 3104 DcomLaunch - ok
21:14:51.0491 3104 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:14:51.0530 3104 defragsvc - ok
21:14:51.0573 3104 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:14:51.0588 3104 DfsC - ok
21:14:51.0627 3104 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
21:14:51.0648 3104 Dhcp - ok
21:14:51.0685 3104 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:14:51.0720 3104 discache - ok
21:14:51.0766 3104 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:14:51.0778 3104 Disk - ok
21:14:51.0818 3104 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:14:51.0833 3104 Dnscache - ok
21:14:51.0877 3104 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
21:14:51.0914 3104 dot3svc - ok
21:14:51.0928 3104 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
21:14:51.0967 3104 DPS - ok
21:14:52.0010 3104 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:14:52.0029 3104 drmkaud - ok
21:14:52.0096 3104 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:14:52.0124 3104 DXGKrnl - ok
21:14:52.0152 3104 EagleX64 - ok
21:14:52.0191 3104 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:14:52.0229 3104 EapHost - ok
21:14:52.0373 3104 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:14:52.0430 3104 ebdrv - ok
21:14:52.0473 3104 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
21:14:52.0488 3104 EFS - ok
21:14:52.0577 3104 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:14:52.0602 3104 ehRecvr - ok
21:14:52.0638 3104 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:14:52.0655 3104 ehSched - ok
21:14:52.0722 3104 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:14:52.0743 3104 elxstor - ok
21:14:52.0755 3104 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
21:14:52.0770 3104 ErrDev - ok
21:14:52.0829 3104 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:14:52.0869 3104 EventSystem - ok
21:14:52.0900 3104 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:14:52.0939 3104 exfat - ok
21:14:52.0991 3104 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:14:53.0029 3104 fastfat - ok
21:14:53.0096 3104 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
21:14:53.0117 3104 Fax - ok
21:14:53.0128 3104 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:14:53.0144 3104 fdc - ok
21:14:53.0179 3104 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:14:53.0216 3104 fdPHost - ok
21:14:53.0223 3104 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:14:53.0259 3104 FDResPub - ok
21:14:53.0297 3104 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:14:53.0310 3104 FileInfo - ok
21:14:53.0319 3104 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:14:53.0356 3104 Filetrace - ok
21:14:53.0370 3104 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:14:53.0384 3104 flpydisk - ok
21:14:53.0425 3104 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:14:53.0441 3104 FltMgr - ok
21:14:53.0507 3104 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
21:14:53.0534 3104 FontCache - ok
21:14:53.0591 3104 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:14:53.0603 3104 FontCache3.0.0.0 - ok
21:14:53.0624 3104 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:14:53.0636 3104 FsDepends - ok
21:14:53.0674 3104 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:14:53.0686 3104 Fs_Rec - ok
21:14:53.0735 3104 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:14:53.0752 3104 fvevol - ok
21:14:53.0798 3104 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:14:53.0811 3104 gagp30kx - ok
21:14:53.0882 3104 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
21:14:53.0911 3104 gpsvc - ok
21:14:54.0023 3104 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:14:54.0035 3104 gupdate - ok
21:14:54.0050 3104 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:14:54.0061 3104 gupdatem - ok
21:14:54.0090 3104 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:14:54.0108 3104 hcw85cir - ok
21:14:54.0214 3104 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:14:54.0243 3104 HdAudAddService - ok
21:14:54.0272 3104 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:14:54.0296 3104 HDAudBus - ok
21:14:54.0343 3104 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:14:54.0360 3104 HidBatt - ok
21:14:54.0386 3104 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:14:54.0406 3104 HidBth - ok
21:14:54.0432 3104 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:14:54.0448 3104 HidIr - ok
21:14:54.0486 3104 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:14:54.0522 3104 hidserv - ok
21:14:54.0571 3104 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:14:54.0585 3104 HidUsb - ok
21:14:54.0621 3104 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:14:54.0656 3104 hkmsvc - ok
21:14:54.0685 3104 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:14:54.0701 3104 HomeGroupListener - ok
21:14:54.0740 3104 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:14:54.0756 3104 HomeGroupProvider - ok
21:14:54.0807 3104 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
21:14:54.0820 3104 HpSAMD - ok
21:14:54.0874 3104 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:14:54.0917 3104 HTTP - ok
21:14:54.0935 3104 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:14:54.0947 3104 hwpolicy - ok
21:14:54.0985 3104 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:14:54.0999 3104 i8042prt - ok
21:14:55.0055 3104 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
21:14:55.0073 3104 iaStorV - ok
21:14:55.0315 3104 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:14:55.0340 3104 idsvc - ok
21:14:55.0416 3104 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:14:55.0429 3104 iirsp - ok
21:14:55.0551 3104 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
21:14:55.0603 3104 IKEEXT - ok
21:14:55.0625 3104 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
21:14:55.0640 3104 intelide - ok
21:14:55.0675 3104 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:14:55.0694 3104 intelppm - ok
21:14:55.0705 3104 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:14:55.0744 3104 IPBusEnum - ok
21:14:55.0779 3104 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:14:55.0828 3104 IpFilterDriver - ok
21:14:55.0873 3104 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:14:55.0920 3104 iphlpsvc - ok
21:14:55.0927 3104 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:14:55.0945 3104 IPMIDRV - ok
21:14:55.0973 3104 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:14:56.0014 3104 IPNAT - ok
21:14:56.0051 3104 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:14:56.0068 3104 IRENUM - ok
21:14:56.0095 3104 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
21:14:56.0109 3104 isapnp - ok
21:14:56.0159 3104 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:14:56.0178 3104 iScsiPrt - ok
21:14:56.0226 3104 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:14:56.0240 3104 kbdclass - ok
21:14:56.0270 3104 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:14:56.0285 3104 kbdhid - ok
21:14:56.0304 3104 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
21:14:56.0317 3104 KeyIso - ok
21:14:56.0363 3104 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:14:56.0376 3104 KSecDD - ok
21:14:56.0414 3104 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:14:56.0428 3104 KSecPkg - ok
21:14:56.0474 3104 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:14:56.0509 3104 ksthunk - ok
21:14:56.0552 3104 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:14:56.0592 3104 KtmRm - ok
21:14:56.0655 3104 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:14:56.0672 3104 LanmanServer - ok
21:14:56.0709 3104 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:14:56.0754 3104 LanmanWorkstation - ok
21:14:56.0794 3104 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:14:56.0836 3104 lltdio - ok
21:14:56.0877 3104 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:14:56.0921 3104 lltdsvc - ok
21:14:56.0944 3104 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:14:56.0982 3104 lmhosts - ok
21:14:57.0032 3104 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:14:57.0046 3104 LSI_FC - ok
21:14:57.0055 3104 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:14:57.0068 3104 LSI_SAS - ok
21:14:57.0077 3104 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:14:57.0092 3104 LSI_SAS2 - ok
21:14:57.0107 3104 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:14:57.0122 3104 LSI_SCSI - ok
21:14:57.0181 3104 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:14:57.0218 3104 luafv - ok
21:14:57.0262 3104 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:14:57.0277 3104 Mcx2Svc - ok
21:14:57.0301 3104 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:14:57.0314 3104 megasas - ok
21:14:57.0346 3104 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:14:57.0365 3104 MegaSR - ok
21:14:57.0409 3104 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:14:57.0449 3104 MMCSS - ok
21:14:57.0475 3104 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:14:57.0512 3104 Modem - ok
21:14:57.0553 3104 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:14:57.0570 3104 monitor - ok
21:14:57.0605 3104 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:14:57.0618 3104 mouclass - ok
21:14:57.0643 3104 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:14:57.0658 3104 mouhid - ok
21:14:57.0675 3104 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:14:57.0690 3104 mountmgr - ok
21:14:57.0718 3104 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
21:14:57.0734 3104 mpio - ok
21:14:57.0760 3104 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:14:57.0799 3104 mpsdrv - ok
21:14:57.0862 3104 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:14:57.0909 3104 MpsSvc - ok
21:14:57.0940 3104 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:14:57.0963 3104 MRxDAV - ok
21:14:58.0011 3104 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:14:58.0026 3104 mrxsmb - ok
21:14:58.0048 3104 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:14:58.0065 3104 mrxsmb10 - ok
21:14:58.0085 3104 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:14:58.0099 3104 mrxsmb20 - ok
21:14:58.0118 3104 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
21:14:58.0135 3104 msahci - ok
21:14:58.0161 3104 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
21:14:58.0176 3104 msdsm - ok
21:14:58.0209 3104 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:14:58.0225 3104 MSDTC - ok
21:14:58.0251 3104 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:14:58.0288 3104 Msfs - ok
21:14:58.0303 3104 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:14:58.0338 3104 mshidkmdf - ok
21:14:58.0354 3104 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
21:14:58.0367 3104 msisadrv - ok
21:14:58.0394 3104 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:14:58.0432 3104 MSiSCSI - ok
21:14:58.0437 3104 msiserver - ok
21:14:58.0480 3104 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:14:58.0517 3104 MSKSSRV - ok
21:14:58.0542 3104 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:14:58.0577 3104 MSPCLOCK - ok
21:14:58.0584 3104 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:14:58.0625 3104 MSPQM - ok
21:14:58.0659 3104 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:14:58.0678 3104 MsRPC - ok
21:14:58.0702 3104 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:14:58.0716 3104 mssmbios - ok
21:14:58.0748 3104 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:14:58.0786 3104 MSTEE - ok
21:14:58.0818 3104 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:14:58.0835 3104 MTConfig - ok
21:14:58.0865 3104 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:14:58.0877 3104 Mup - ok
21:14:58.0928 3104 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
21:14:58.0970 3104 napagent - ok
21:14:59.0014 3104 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:14:59.0035 3104 NativeWifiP - ok
21:14:59.0107 3104 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:14:59.0135 3104 NDIS - ok
21:14:59.0153 3104 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:14:59.0189 3104 NdisCap - ok
21:14:59.0241 3104 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:14:59.0279 3104 NdisTapi - ok
21:14:59.0305 3104 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:14:59.0341 3104 Ndisuio - ok
21:14:59.0363 3104 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:14:59.0399 3104 NdisWan - ok
21:14:59.0417 3104 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:14:59.0455 3104 NDProxy - ok
21:14:59.0488 3104 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:14:59.0527 3104 NetBIOS - ok
21:14:59.0547 3104 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:14:59.0591 3104 NetBT - ok
21:14:59.0606 3104 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
21:14:59.0622 3104 Netlogon - ok
21:14:59.0683 3104 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:14:59.0725 3104 Netman - ok
21:14:59.0753 3104 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:14:59.0794 3104 netprofm - ok
21:14:59.0817 3104 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:14:59.0829 3104 NetTcpPortSharing - ok
21:14:59.0876 3104 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:14:59.0890 3104 nfrd960 - ok
21:14:59.0941 3104 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:14:59.0980 3104 NlaSvc - ok
21:14:59.0995 3104 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:15:00.0032 3104 Npfs - ok
21:15:00.0058 3104 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:15:00.0099 3104 nsi - ok
21:15:00.0107 3104 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:15:00.0147 3104 nsiproxy - ok
21:15:00.0229 3104 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:15:00.0274 3104 Ntfs - ok
21:15:00.0303 3104 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:15:00.0345 3104 Null - ok
21:15:00.0408 3104 [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
21:15:00.0430 3104 NVHDA - ok
21:15:00.0919 3104 [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:15:01.0107 3104 nvlddmkm - ok
21:15:01.0162 3104 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
21:15:01.0176 3104 nvraid - ok
21:15:01.0186 3104 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
21:15:01.0202 3104 nvstor - ok
21:15:01.0270 3104 [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:15:01.0295 3104 nvsvc - ok
21:15:01.0374 3104 [ ABA5A88740635D37A2B6CEB27DBC738A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:15:01.0405 3104 nvUpdatusService - ok
21:15:01.0438 3104 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
21:15:01.0454 3104 nv_agp - ok
21:15:01.0466 3104 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:15:01.0481 3104 ohci1394 - ok
21:15:01.0615 3104 [ B9C125314A025127FE562C116D614AA3 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:15:01.0633 3104 ose64 - ok
21:15:01.0864 3104 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:15:01.0954 3104 osppsvc - ok
21:15:01.0994 3104 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:15:02.0012 3104 p2pimsvc - ok
21:15:02.0041 3104 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:15:02.0060 3104 p2psvc - ok
21:15:02.0109 3104 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:15:02.0125 3104 Parport - ok
21:15:02.0170 3104 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:15:02.0186 3104 partmgr - ok
21:15:02.0212 3104 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:15:02.0232 3104 PcaSvc - ok
21:15:02.0250 3104 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
21:15:02.0265 3104 pci - ok
21:15:02.0278 3104 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
21:15:02.0292 3104 pciide - ok
21:15:02.0322 3104 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:15:02.0338 3104 pcmcia - ok
21:15:02.0366 3104 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:15:02.0379 3104 pcw - ok
21:15:02.0414 3104 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:15:02.0456 3104 PEAUTH - ok
21:15:02.0527 3104 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:15:02.0558 3104 PeerDistSvc - ok
21:15:02.0654 3104 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:15:02.0670 3104 PerfHost - ok
21:15:02.0744 3104 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
21:15:02.0792 3104 pla - ok
21:15:02.0838 3104 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:15:02.0857 3104 PlugPlay - ok
21:15:02.0875 3104 PnkBstrA - ok
21:15:02.0893 3104 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:15:02.0907 3104 PNRPAutoReg - ok
21:15:02.0935 3104 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:15:02.0954 3104 PNRPsvc - ok
21:15:03.0005 3104 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:15:03.0047 3104 PolicyAgent - ok
21:15:03.0086 3104 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:15:03.0125 3104 Power - ok
21:15:03.0182 3104 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:15:03.0219 3104 PptpMiniport - ok
21:15:03.0239 3104 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:15:03.0254 3104 Processor - ok
21:15:03.0302 3104 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
21:15:03.0318 3104 ProfSvc - ok
21:15:03.0332 3104 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:15:03.0346 3104 ProtectedStorage - ok
21:15:03.0384 3104 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:15:03.0422 3104 Psched - ok
21:15:03.0503 3104 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:15:03.0537 3104 ql2300 - ok
21:15:03.0551 3104 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:15:03.0565 3104 ql40xx - ok
21:15:03.0610 3104 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:15:03.0632 3104 QWAVE - ok
21:15:03.0651 3104 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:15:03.0669 3104 QWAVEdrv - ok
21:15:03.0685 3104 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:15:03.0720 3104 RasAcd - ok
21:15:03.0773 3104 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:15:03.0808 3104 RasAgileVpn - ok
21:15:03.0845 3104 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:15:03.0883 3104 RasAuto - ok
21:15:03.0899 3104 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:15:03.0938 3104 Rasl2tp - ok
21:15:03.0975 3104 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
21:15:04.0016 3104 RasMan - ok
21:15:04.0033 3104 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:15:04.0070 3104 RasPppoe - ok
21:15:04.0119 3104 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:15:04.0156 3104 RasSstp - ok
21:15:04.0177 3104 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:15:04.0219 3104 rdbss - ok
21:15:04.0234 3104 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:15:04.0250 3104 rdpbus - ok
21:15:04.0265 3104 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:15:04.0301 3104 RDPCDD - ok
21:15:04.0344 3104 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:15:04.0359 3104 RDPDR - ok
21:15:04.0392 3104 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:15:04.0431 3104 RDPENCDD - ok
21:15:04.0442 3104 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:15:04.0477 3104 RDPREFMP - ok
21:15:04.0517 3104 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:15:04.0533 3104 RDPWD - ok
21:15:04.0587 3104 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:15:04.0604 3104 rdyboost - ok
21:15:04.0637 3104 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:15:04.0677 3104 RemoteAccess - ok
21:15:04.0716 3104 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:15:04.0755 3104 RemoteRegistry - ok
21:15:04.0789 3104 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:15:04.0828 3104 RpcEptMapper - ok
21:15:04.0845 3104 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:15:04.0862 3104 RpcLocator - ok
21:15:04.0890 3104 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
21:15:04.0932 3104 RpcSs - ok
21:15:04.0969 3104 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:15:05.0006 3104 rspndr - ok
21:15:05.0039 3104 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:15:05.0056 3104 RTL8167 - ok
21:15:05.0083 3104 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
21:15:05.0096 3104 s3cap - ok
21:15:05.0124 3104 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
21:15:05.0142 3104 SamSs - ok
21:15:05.0180 3104 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
21:15:05.0195 3104 sbp2port - ok
21:15:05.0237 3104 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:15:05.0277 3104 SCardSvr - ok
21:15:05.0288 3104 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:15:05.0326 3104 scfilter - ok
21:15:05.0393 3104 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
21:15:05.0419 3104 Schedule - ok
21:15:05.0456 3104 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:15:05.0492 3104 SCPolicySvc - ok
21:15:05.0534 3104 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:15:05.0553 3104 SDRSVC - ok
21:15:05.0698 3104 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:15:05.0736 3104 secdrv - ok
21:15:05.0776 3104 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
21:15:05.0818 3104 seclogon - ok
21:15:05.0881 3104 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:15:05.0921 3104 SENS - ok
21:15:05.0940 3104 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:15:05.0958 3104 SensrSvc - ok
21:15:05.0970 3104 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:15:05.0986 3104 Serenum - ok
21:15:06.0040 3104 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:15:06.0056 3104 Serial - ok
21:15:06.0077 3104 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:15:06.0094 3104 sermouse - ok
21:15:06.0139 3104 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
21:15:06.0177 3104 SessionEnv - ok
21:15:06.0200 3104 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
21:15:06.0216 3104 sffdisk - ok
21:15:06.0234 3104 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:15:06.0250 3104 sffp_mmc - ok
21:15:06.0267 3104 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
21:15:06.0294 3104 sffp_sd - ok
21:15:06.0314 3104 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:15:06.0335 3104 sfloppy - ok
21:15:06.0396 3104 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:15:06.0436 3104 SharedAccess - ok
21:15:06.0478 3104 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:15:06.0504 3104 ShellHWDetection - ok
21:15:06.0531 3104 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:15:06.0546 3104 SiSRaid2 - ok
21:15:06.0589 3104 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:15:06.0606 3104 SiSRaid4 - ok
21:15:06.0678 3104 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:15:06.0692 3104 SkypeUpdate - ok
21:15:06.0738 3104 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:15:06.0775 3104 Smb - ok
21:15:06.0827 3104 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:15:06.0844 3104 SNMPTRAP - ok
21:15:06.0871 3104 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:15:06.0888 3104 spldr - ok
21:15:06.0967 3104 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
21:15:06.0997 3104 Spooler - ok
21:15:07.0125 3104 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
21:15:07.0186 3104 sppsvc - ok
21:15:07.0203 3104 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:15:07.0239 3104 sppuinotify - ok
21:15:07.0289 3104 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:15:07.0309 3104 srv - ok
21:15:07.0334 3104 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:15:07.0352 3104 srv2 - ok
21:15:07.0372 3104 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:15:07.0387 3104 srvnet - ok
21:15:07.0428 3104 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:15:07.0467 3104 SSDPSRV - ok
21:15:07.0481 3104 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:15:07.0520 3104 SstpSvc - ok
21:15:07.0607 3104 [ 78216A10BF8B200890A88D8820F33F14 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:15:07.0623 3104 Stereo Service - ok
21:15:07.0662 3104 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:15:07.0676 3104 stexstor - ok
21:15:07.0718 3104 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
21:15:07.0743 3104 stisvc - ok
21:15:07.0777 3104 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
21:15:07.0790 3104 storflt - ok
21:15:07.0808 3104 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
21:15:07.0821 3104 storvsc - ok
21:15:07.0853 3104 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:15:07.0865 3104 swenum - ok
21:15:07.0912 3104 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:15:07.0956 3104 swprv - ok
21:15:08.0020 3104 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
21:15:08.0059 3104 SysMain - ok
21:15:08.0088 3104 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:15:08.0109 3104 TabletInputService - ok
21:15:08.0136 3104 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
21:15:08.0178 3104 TapiSrv - ok
21:15:08.0219 3104 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:15:08.0256 3104 TBS - ok
21:15:08.0339 3104 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:15:08.0379 3104 Tcpip - ok
21:15:08.0462 3104 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:15:08.0505 3104 TCPIP6 - ok
21:15:08.0546 3104 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:15:08.0580 3104 tcpipreg - ok
21:15:08.0602 3104 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:15:08.0617 3104 TDPIPE - ok
21:15:08.0640 3104 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:15:08.0657 3104 TDTCP - ok
21:15:08.0690 3104 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:15:08.0727 3104 tdx - ok
21:15:08.0745 3104 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:15:08.0758 3104 TermDD - ok
21:15:08.0806 3104 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
21:15:08.0849 3104 TermService - ok
21:15:08.0863 3104 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:15:08.0888 3104 Themes - ok
21:15:08.0901 3104 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:15:08.0940 3104 THREADORDER - ok
21:15:08.0967 3104 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:15:09.0006 3104 TrkWks - ok
21:15:09.0077 3104 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:15:09.0094 3104 TrustedInstaller - ok
21:15:09.0107 3104 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:15:09.0144 3104 tssecsrv - ok
21:15:09.0192 3104 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:15:09.0230 3104 tunnel - ok
21:15:09.0265 3104 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:15:09.0279 3104 uagp35 - ok
21:15:09.0294 3104 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:15:09.0334 3104 udfs - ok
21:15:09.0389 3104 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:15:09.0406 3104 UI0Detect - ok
21:15:09.0411 3104 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
21:15:09.0426 3104 uliagpkx - ok
21:15:09.0444 3104 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:15:09.0459 3104 umbus - ok
21:15:09.0485 3104 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:15:09.0500 3104 UmPass - ok
21:15:09.0549 3104 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
21:15:09.0568 3104 UmRdpService - ok
21:15:09.0613 3104 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:15:09.0657 3104 upnphost - ok
21:15:09.0722 3104 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:15:09.0739 3104 usbaudio - ok
21:15:09.0773 3104 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:15:09.0790 3104 usbccgp - ok
21:15:09.0826 3104 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
21:15:09.0844 3104 usbcir - ok
21:15:09.0874 3104 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:15:09.0890 3104 usbehci - ok
21:15:09.0922 3104 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:15:09.0939 3104 usbhub - ok
21:15:09.0956 3104 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:15:09.0970 3104 usbohci - ok
21:15:09.0987 3104 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:15:10.0005 3104 usbprint - ok
21:15:10.0032 3104 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:15:10.0047 3104 USBSTOR - ok
21:15:10.0063 3104 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:15:10.0079 3104 usbuhci - ok
21:15:10.0107 3104 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:15:10.0149 3104 UxSms - ok
21:15:10.0166 3104 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
21:15:10.0180 3104 VaultSvc - ok
21:15:10.0233 3104 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
21:15:10.0246 3104 vdrvroot - ok
21:15:10.0278 3104 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
21:15:10.0303 3104 vds - ok
21:15:10.0328 3104 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:15:10.0345 3104 vga - ok
21:15:10.0364 3104 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:15:10.0400 3104 VgaSave - ok
21:15:10.0432 3104 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
21:15:10.0447 3104 vhdmp - ok
21:15:10.0476 3104 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
21:15:10.0489 3104 viaide - ok
21:15:10.0529 3104 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
21:15:10.0546 3104 vmbus - ok
21:15:10.0573 3104 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
21:15:10.0585 3104 VMBusHID - ok
21:15:10.0606 3104 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
21:15:10.0620 3104 volmgr - ok
21:15:10.0650 3104 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:15:10.0669 3104 volmgrx - ok
21:15:10.0688 3104 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
21:15:10.0707 3104 volsnap - ok
21:15:10.0745 3104 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:15:10.0761 3104 vsmraid - ok
21:15:10.0846 3104 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
21:15:10.0879 3104 VSS - ok
21:15:10.0892 3104 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:15:10.0912 3104 vwifibus - ok
21:15:10.0981 3104 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:15:11.0035 3104 W32Time - ok
21:15:11.0073 3104 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:15:11.0088 3104 WacomPen - ok
21:15:11.0128 3104 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:15:11.0167 3104 WANARP - ok
21:15:11.0172 3104 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:15:11.0209 3104 Wanarpv6 - ok
21:15:11.0267 3104 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
21:15:11.0298 3104 wbengine - ok
21:15:11.0321 3104 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:15:11.0343 3104 WbioSrvc - ok
21:15:11.0379 3104 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:15:11.0400 3104 wcncsvc - ok
21:15:11.0416 3104 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:15:11.0434 3104 WcsPlugInService - ok
21:15:11.0469 3104 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:15:11.0483 3104 Wd - ok
21:15:11.0541 3104 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:15:11.0567 3104 Wdf01000 - ok
21:15:11.0588 3104 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:15:11.0609 3104 WdiServiceHost - ok
21:15:11.0615 3104 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:15:11.0634 3104 WdiSystemHost - ok
21:15:11.0671 3104 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
21:15:11.0691 3104 WebClient - ok
21:15:11.0707 3104 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:15:11.0746 3104 Wecsvc - ok
21:15:11.0768 3104 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:15:11.0806 3104 wercplsupport - ok
21:15:11.0822 3104 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:15:11.0860 3104 WerSvc - ok
21:15:11.0898 3104 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:15:11.0935 3104 WfpLwf - ok
21:15:11.0956 3104 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:15:11.0969 3104 WIMMount - ok
21:15:11.0981 3104 WinDefend - ok
21:15:11.0987 3104 WinHttpAutoProxySvc - ok
21:15:12.0053 3104 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:15:12.0091 3104 Winmgmt - ok
21:15:12.0181 3104 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
21:15:12.0238 3104 WinRM - ok
21:15:12.0305 3104 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:15:12.0321 3104 WinUsb - ok
21:15:12.0373 3104 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:15:12.0403 3104 Wlansvc - ok
21:15:12.0426 3104 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:15:12.0443 3104 WmiAcpi - ok
21:15:12.0489 3104 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:15:12.0505 3104 wmiApSrv - ok
21:15:12.0540 3104 WMPNetworkSvc - ok
21:15:12.0567 3104 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:15:12.0588 3104 WPCSvc - ok
21:15:12.0604 3104 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:15:12.0625 3104 WPDBusEnum - ok
21:15:12.0658 3104 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:15:12.0710 3104 ws2ifsl - ok
21:15:12.0749 3104 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
21:15:12.0772 3104 wscsvc - ok
21:15:12.0777 3104 WSearch - ok
21:15:12.0890 3104 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:15:12.0938 3104 wuauserv - ok
21:15:12.0974 3104 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:15:12.0991 3104 WudfPf - ok
21:15:13.0022 3104 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:15:13.0038 3104 WUDFRd - ok
21:15:13.0059 3104 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:15:13.0075 3104 wudfsvc - ok
21:15:13.0117 3104 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:15:13.0139 3104 WwanSvc - ok
21:15:13.0264 3104 __FOX__FOXONE_DRIVER__ - ok
21:15:13.0300 3104 ================ Scan global ===============================
21:15:13.0331 3104 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:15:13.0363 3104 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
21:15:13.0382 3104 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
21:15:13.0415 3104 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:15:13.0457 3104 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:15:13.0460 3104 [Global] - ok
21:15:13.0460 3104 ================ Scan MBR ==================================
21:15:13.0471 3104 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:15:13.0935 3104 \Device\Harddisk0\DR0 - ok
21:15:13.0938 3104 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:15:14.0620 3104 \Device\Harddisk1\DR1 - ok
21:15:14.0621 3104 ================ Scan VBR ==================================
21:15:14.0624 3104 [ 131C7EC1969CDDCB0E593477D7F71A5C ] \Device\Harddisk0\DR0\Partition1
21:15:14.0625 3104 \Device\Harddisk0\DR0\Partition1 - ok
21:15:14.0629 3104 [ 7FC94081D784AF3972947ACC1C3E91E9 ] \Device\Harddisk1\DR1\Partition1
21:15:14.0631 3104 \Device\Harddisk1\DR1\Partition1 - ok
21:15:14.0636 3104 ============================================================
21:15:14.0636 3104 Scan finished
21:15:14.0636 3104 ============================================================
21:15:14.0647 4484 Detected object count: 0
21:15:14.0647 4484 Actual detected object count: 0

markusg · 05.03.2013, 21:18

hi,
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Raxx · 05.03.2013, 22:01

jo hat ganzschön gedauert ;D

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-03-05.01 - Rene 05.03.2013  21:38:47.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.4095.2636 [GMT 1:00]
ausgeführt von:: c:\users\Rene\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rene\AppData\Roaming\dclogs
c:\users\Rene\AppData\Roaming\dclogs\2013-03-05-3.dc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-05 bis 2013-03-05  ))))))))))))))))))))))))))))))
.
.
2013-03-05 20:49 . 2013-03-05 20:49	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-05 20:49 . 2013-03-05 20:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-05 13:35 . 2010-04-09 11:06	374664	----a-w-	c:\windows\system32\drivers\netio.sys
2013-03-05 11:57 . 2013-03-05 11:57	--------	d-----w-	c:\users\Rene\AppData\Roaming\AVG2012
2013-03-05 11:55 . 2013-03-05 11:55	--------	d-----w-	c:\users\Rene\AppData\Roaming\TuneUp Software
2013-03-05 11:55 . 2013-03-05 11:55	--------	d-----w-	c:\windows\SysWow64\drivers\AVG
2013-03-05 11:54 . 2013-03-05 11:54	--------	d-----w-	C:\$AVG
2013-03-05 11:53 . 2013-03-05 13:03	--------	d-----w-	c:\windows\system32\drivers\AVG
2013-03-05 11:53 . 2013-03-05 12:52	--------	d-----w-	c:\programdata\AVG2012
2013-03-05 11:51 . 2013-03-05 11:51	--------	d-----w-	c:\program files (x86)\AVG
2013-03-05 11:07 . 2013-03-05 13:14	--------	d-----w-	c:\programdata\MFAData
2013-03-05 11:07 . 2013-03-05 11:07	--------	d--h--w-	c:\programdata\Common Files
2013-02-28 12:29 . 2013-02-28 12:29	--------	d-----w-	c:\program files (x86)\Common Files\Digidesign
2013-02-28 12:29 . 2009-10-24 20:15	1332224	----a-w-	c:\windows\SysWow64\SYNSOEMU.DLL
2013-02-28 12:23 . 2013-02-28 12:23	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2013-02-28 12:23 . 2013-02-28 12:23	1700352	----a-w-	c:\windows\SysWow64\gdiplus.dll
2013-02-28 12:23 . 2013-02-28 12:23	1060864	----a-w-	c:\windows\SysWow64\mfc71.dll
2013-02-28 12:22 . 2013-02-28 12:22	--------	d-----w-	c:\program files (x86)\ASIO4ALL v2
2013-02-28 12:22 . 2006-06-20 08:56	225280	----a-w-	c:\windows\SysWow64\rewire.dll
2013-02-28 12:22 . 2013-02-28 12:22	--------	d-----w-	c:\program files (x86)\Image-Line
2013-02-28 12:22 . 2009-09-15 09:14	1554944	----a-w-	c:\windows\SysWow64\vorbis.acm
2013-02-28 12:21 . 2013-02-28 12:21	--------	d-----w-	c:\program files (x86)\Outsim
2013-02-28 12:08 . 2013-03-04 20:17	--------	d-----w-	c:\users\Rene\AppData\Roaming\FileZilla
2013-02-28 12:08 . 2013-02-28 12:08	--------	d-----w-	c:\program files (x86)\FileZilla FTP Client
2013-02-19 09:17 . 2013-02-19 09:17	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2013-02-19 09:10 . 2013-02-19 09:10	--------	d-----w-	C:\NVIDIA
2013-02-13 18:02 . 2013-03-05 15:51	--------	d-----w-	c:\users\Rene\AppData\Local\PMB Files
2013-02-13 18:02 . 2013-03-04 11:28	--------	d-----w-	c:\programdata\PMB Files
2013-02-13 18:01 . 2013-02-13 18:01	--------	d-----w-	c:\program files (x86)\Pando Networks
2013-02-13 18:01 . 2013-02-13 18:01	--------	d-----w-	c:\users\Rene\.swt
2013-02-12 16:24 . 2013-02-12 16:33	--------	d-----w-	c:\users\Rene\AppData\Roaming\TeamViewer
2013-02-09 17:43 . 2013-02-09 17:43	555808	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-02-08 20:26 . 2013-02-08 20:26	--------	d-----w-	c:\users\Rene\AppData\Roaming\LolClient
2013-02-05 22:05 . 2008-07-12 07:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2013-02-05 22:05 . 2008-07-12 07:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2013-02-05 22:05 . 2008-07-12 07:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 15:13 . 2012-11-25 21:39	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 15:13 . 2012-11-25 21:39	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-10 03:25 . 2012-10-10 20:23	2854344	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-10 03:25 . 2012-10-10 20:23	15275744	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-10 03:25 . 2012-10-10 20:23	12862400	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-02-10 03:25 . 2012-10-10 20:22	15038296	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-02-10 01:04 . 2012-11-25 18:44	6393120	----a-w-	c:\windows\system32\nvcpl.dll
2013-02-10 01:04 . 2012-11-25 18:44	3472672	----a-w-	c:\windows\system32\nvsvc64.dll
2013-02-10 01:04 . 2012-11-25 18:44	877856	----a-w-	c:\windows\system32\nvvsvc.exe
2013-02-10 01:04 . 2012-11-25 18:44	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-02-10 01:04 . 2012-11-25 18:44	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-02-10 01:04 . 2012-11-25 18:44	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-01-16 21:12 . 2012-11-26 21:40	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-01-16 21:12 . 2012-11-26 21:29	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-01-16 21:12 . 2012-11-26 21:29	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-12-10 02:28 . 2012-12-10 02:28	127328	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Rene\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2013-01-07 620440]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2013-01-07 15:37	620440	----a-w-	c:\users\Rene\AppData\LocalLow\CT2625848\ldrtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Rene\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2013-01-07 620440]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:38	1720976	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:38	1720976	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:38	1720976	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-12-04 1279384]
"Facebook Update"="c:\users\Rene\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-31 138096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-02-13 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-02 5174392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 __FOX__FOXONE_DRIVER__;__FOX__FOXONE_DRIVER__;c:\users\Rene\AppData\Local\Temp\FoxDriver.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 178824]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 36494043
*NewlyCreated* - 83206650
*NewlyCreated* - AVGIDSHA
*Deregistered* - 36494043
*Deregistered* - 83206650
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-05 09:29	1630672	----a-w-	c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-25 15:13]
.
2013-03-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-121225185-1033156058-1426507469-1000Core.job
- c:\users\Rene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-31 14:13]
.
2013-03-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-121225185-1033156058-1426507469-1000UA.job
- c:\users\Rene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-31 14:13]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-15 09:12]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-15 09:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:37	2322576	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:37	2322576	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:37	2322576	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&userid=EB_USER_ID&ctid=CT2625848&SSPV=TB_IESB25
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Rene\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-05  22:00:49
ComboFix-quarantined-files.txt  2013-03-05 21:00
.
Vor Suchlauf: 2.763.608.064 Bytes frei
Nach Suchlauf: 3.821.637.632 Bytes frei
.
- - End Of File - - FBEE7FE18B95919098866192510E83CB

--- --- ---

markusg · 06.03.2013, 14:13

Hi
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

05.03.2013, 14:28	#2
markusg /// Malware-holic	Taskmanager Spinnt Virus... hi Trojaner-Board Upload Channel datei mal da hochladen, die du bei Virustotal geprüft hast __________________ __________________

05.03.2013, 20:58	#6
markusg /// Malware-holic	Taskmanager Spinnt Virus... wo ist das log? ne das bekommt man nicht, wenn man aktuelle av-software nutz. und hör bitte auf, selbst zu löschen, sonst kann ich mir die anleitungen auch sparen. __________________ --> Taskmanager Spinnt Virus...

Taskmanager Spinnt Virus...

Log-Analyse und Auswertung: Taskmanager Spinnt Virus...