PWS:win32/zbot

miciba · 06.03.2013, 22:11

Hallo liebes Trojaner-Board,
es hat mich erwischt - ich glaube, es was eine Email mit zip-Anhang, den ich blödsinnigerweise geöffnet habe, aber in dem Moment war mir auch schon klar, dass das absolut doof war!

Der MSE hat den Trojaner zwar entdeckt, ihn gelöscht, will aber, dass ich den Rechner permanent neu starte!

Glücklicherweise bin ich ja nicht die einzige auf dieser Welt, die dieses Problem hat; Lenzmacher hatte im Februar hatte das gleiche Problem, M-K-D-B hat Anweisungen gegeben und so habe ich schon ein wenig vorgearbeitet!

Hier ist also die Logdatei von ADWCleaner:

Code:

ATTFilter

# AdwCleaner v2.114 - Datei am 06/03/2013 um 21:22:32 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Michaela - MICHAELA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Michaela\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\FreeRIP
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\FreeRIP
Ordner Gelöscht : C:\Users\Michaela\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\GreenTree Applications
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\GreenTree Applications
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\tz1jqmi2.default-1355567810384\prefs.js

C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\tz1jqmi2.default-1355567810384\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.order.1", "Ask.com");

*************************

AdwCleaner[S1].txt - [2053 octets] - [06/03/2013 21:22:32]

########## EOF - C:\AdwCleaner[S1].txt - [2113 octets] ##########

hier die Logdatei von JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.8 (03.04.2013:1)
OS: Windows 7 Home Premium x64
Ran by Michaela on 06.03.2013 at 21:31:11,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Michaela\AppData\Roaming\mozilla\firefox\profiles\tz1jqmi2.default-1355567810384\minidumps [48 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.03.2013 at 21:37:16,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und hier die Logdatei von Combofix

Code:

ATTFilter

ComboFix 13-03-05.01 - Michaela 06.03.2013  21:42:32.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3957.2547 [GMT 1:00]
ausgeführt von:: c:\users\Michaela\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\1abc6cc6-7642-443e-ad9d-336734fd2832.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5b35a8f1-54bf-4743-8fd7-358ffc15372a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\69eaa8a4-3131-4718-aad0-994ebde678d1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9192d3e9-aa66-4560-a2e3-209867aafd30.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d4ffe1c0-8021-4dfa-bf52-cb9224f001ce.dll
c:\programdata\PCDr\6032\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f8b3befb-ca07-4bff-8777-f565b237979f.dll
c:\users\Michaela\AppData\Roaming\Hyaq
c:\users\Michaela\AppData\Roaming\Hyaq\exhin.exe
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-06 bis 2013-03-06  ))))))))))))))))))))))))))))))
.
.
2013-03-06 20:49 . 2013-03-06 20:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-06 20:31 . 2013-03-06 20:31	--------	d-----w-	c:\windows\ERUNT
2013-03-06 20:30 . 2013-03-06 20:30	--------	d-----w-	C:\JRT
2013-03-06 20:25 . 2013-03-06 20:25	76232	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04082A08-9CAC-4B27-AD30-88332A7AE149}\offreg.dll
2013-03-06 20:00 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04082A08-9CAC-4B27-AD30-88332A7AE149}\mpengine.dll
2013-03-06 19:30 . 2013-03-06 19:34	--------	d-----w-	c:\users\Michaela\AppData\Roaming\Igsuri
2013-03-06 19:30 . 2013-03-06 19:30	--------	d-----w-	c:\users\Michaela\AppData\Roaming\Edmoq
2013-03-06 19:29 . 2013-03-06 19:29	--------	d-----w-	c:\users\Michaela\Imhrypz
2013-03-05 18:34 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-14 12:04 . 2013-02-14 12:04	--------	d-----w-	c:\users\Michaela\AppData\Local\ECRSC
2013-02-14 12:04 . 2013-02-14 12:04	--------	d-----w-	c:\programdata\ESTsoft
2013-02-14 12:03 . 2013-02-14 12:04	--------	d-----w-	c:\users\Michaela\AppData\Roaming\ESTsoft
2013-02-14 12:03 . 2013-02-14 12:04	--------	d-----w-	c:\program files (x86)\ESTsoft
2013-02-14 08:01 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 08:01 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 07:58 . 2013-01-09 01:48	17812992	----a-w-	c:\windows\system32\mshtml.dll
2013-02-14 07:58 . 2013-01-09 01:22	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-02-13 21:25 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 21:25 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 21:25 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 21:25 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 21:25 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 21:25 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 21:25 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 21:25 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 21:25 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 21:25 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 21:25 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 21:25 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 15:04 . 2012-10-01 08:28	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 15:04 . 2012-10-01 08:28	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-14 08:06 . 2012-09-30 21:34	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-10 10:53 . 2013-01-21 13:32	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-10 10:53 . 2013-01-21 13:31	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-01 12:18 . 2013-01-08 13:10	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-01 12:18 . 2013-01-08 13:10	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-01 12:18 . 2013-02-01 12:18	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-01-30 10:53 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59	230320	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-03-20 18:44	130008	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-08 13:10 . 2013-01-08 13:10	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-01-04 04:43 . 2013-02-13 21:25	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-03 19:27 . 2013-01-03 19:27	95184	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-03 19:27 . 2013-01-03 19:28	859072	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-01-03 19:27 . 2013-01-03 19:28	779704	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-12-16 17:11 . 2012-12-22 16:21	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 16:21	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 16:21	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 16:21	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 13:07	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 13:07	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 13:07	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 13:07	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 13:07	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 13:07	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 13:07	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 13:07	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 13:07	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 13:07	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 13:07	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 13:07	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 13:07	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 13:07	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 13:07	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 13:07	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 13:07	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 13:07	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 13:07	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 13:07	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 13:07	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 13:07	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 13:07	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 13:07	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 13:07	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 13:07	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 13:07	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 13:07	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 13:07	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 13:07	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 13:07	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 13:07	51712	----a-w-	c:\windows\SysWow64\esrb.rs
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-15 14:01	222712	----a-w-	c:\users\Michaela\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-15 14:01	222712	----a-w-	c:\users\Michaela\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-15 14:01	222712	----a-w-	c:\users\Michaela\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Michaela\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"yjvwewxb"="c:\users\Michaela\Imhrypz\uprqewxb.exe" [2013-03-06 32166]
"execlvvideo"="c:\users\Michaela\AppData\Roaming\execlvvideo.exe" [1680-05-10 194048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2010-04-27 138072]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-12-18 39136]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-12-18 825560]
.
c:\users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2008-3-19 6333954]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [2012-10-01 224096]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-10-01 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-10-01 13952]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-10-01 421376]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-05 11776]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-09-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-09-30 180736]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-11-26 25584]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2010-03-30 15360]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-04 1255736]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2012-10-01 16512]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe [2010-04-27 247152]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-10-01 86016]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-01 15:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-15 14:01	261624	----a-w-	c:\users\Michaela\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-15 14:01	261624	----a-w-	c:\users\Michaela\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-15 14:01	261624	----a-w-	c:\users\Michaela\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-01-24 477600]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{77E78051-C090-4FD5-ACFF-546CD93A4914}: NameServer = 10.74.210.210 10.74.210.211
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Lauvux - c:\users\Michaela\AppData\Roaming\Hyaq\exhin.exe
Wow6432Node-HKLM-Run-dellsupportcenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
AddRemove-TAPI - c:\windows\IsUn0407.exe
AddRemove-{501451DE-5808-4599-B544-8BD0915B6B24}_is1 - c:\program files (x86)\FreeRIP\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-06  21:50:48
ComboFix-quarantined-files.txt  2013-03-06 20:50
.
Vor Suchlauf: 15 Verzeichnis(se), 221.516.292.096 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 221.439.053.824 Bytes frei
.
- - End Of File - - 8A57A677574586937F1B0A54A3C63E27

Den Firefox habe ich inzwischen schon komplett mit Favoriten etc. gelöscht, ich werde ihn dann halt wieder neu installieren.

Wäre toll, wenn ihr mir helfen könntet!

Liebe Grüße
miciba

cosinus · 06.03.2013, 23:42

Hallo,

warum bitte führst du combofix aus, sind die Hinweise zu diesem Tool hier nicht deutlich genug?

Combofix soll nur ausgeführt werden wenn dir ein qualifizierter Helfer dazu geraten hat!

miciba · 07.03.2013, 07:48

Hallo cosinus,

weil das auf exakt die gleiche Fragestellung in der ersten Email die ersten drei Aufgaben waren, die auch Lenzmacher durchführen sollte.

Da stand:
1. ADW-Cleaner
2. Junkware Removal Tool
3. Combofix.

War das falsch?

Gruß miciba

cosinus · 07.03.2013, 09:16

Zitat:

War das falsch?

Ja! Du liest andere Themen durch aber die wichtigen Hinweise werden ignoriert.

Ist sowas hier denn nicht deutlich genug?

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

miciba · 07.03.2013, 18:40

Ja, lieber Cosinus!

Ich habe verstanden!!! Und - wie gesagt - ich kann lesen!

Und wir können hier sicherlich noch tagelang über mein "Vergehen" parlieren.

Ich wiederhole noch einmal: Es war nicht meine Absicht, etwas Verbotenes zu tun sondern ich wollte den Prozess abkürzen, ein wenig Vorarbeit leisten (ich gebe zu, ich lese andere Forumsbeiträge) und den Prozess abkürzen.
Asche auf mein Haupt, geht aber wohl nicht mehr rückgängig zu machen.

Kann mir denn nun niemand mehr helfen?
Soll ich meinen Laptop jetzt wegschmeissen?

m.

cosinus · 08.03.2013, 09:34

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

miciba · 08.03.2013, 19:46

Danke, dass du dich meiner annimmst!

Hier die OTL.txt:

Code:

ATTFilter

OTL logfile created on: 08.03.2013 19:38:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michaela\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 57,90% Memory free
7,73 Gb Paging File | 6,07 Gb Available in Paging File | 78,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 206,31 Gb Free Space | 69,23% Space Free | Partition Type: NTFS
 
Computer Name: MICHAELA-PC | User Name: Michaela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Michaela\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Michaela\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files (x86)\Join Air\UIExec.exe ()
PRC - C:\Program Files (x86)\Join Air\AssistantServices.exe ()
PRC - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\PDFMaker\PDFMOfficeAddIn.DEU ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files (x86)\Join Air\UIExec.exe ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\CGamma.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\CSensor.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Macromedia Licensing Service) -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (Internet Manager. RunOuc) -- C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe ()
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (UI Assistant Service) -- C:\Program Files (x86)\Join Air\AssistantServices.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (tcpipBM) -- C:\Windows\SysNative\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (BMLoad) -- C:\Windows\SysNative\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (Spyder3) -- C:\Windows\SysNative\drivers\Spyder3.sys ()
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (PCDSRVC{1E208CE0-FB7451FF-06020200}_0) -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3813123265-4216506191-3036052169-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3813123265-4216506191-3036052169-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3813123265-4216506191-3036052169-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3813123265-4216506191-3036052169-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3813123265-4216506191-3036052169-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.29 09:09:23 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2013.03.06 21:49:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3813123265-4216506191-3036052169-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe ()
O4 - HKU\S-1-5-21-3813123265-4216506191-3036052169-1000..\Run: [Akamai NetSession Interface] C:\Users\Michaela\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3813123265-4216506191-3036052169-1000..\Run: [execlvvideo] C:\Users\Michaela\AppData\Roaming\execlvvideo.exe ()
O4 - HKU\S-1-5-21-3813123265-4216506191-3036052169-1000..\Run: [yjvwewxb] C:\Users\Michaela\Imhrypz\uprqewxb.exe ()
O4 - Startup: C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3813123265-4216506191-3036052169-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3813123265-4216506191-3036052169-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3813123265-4216506191-3036052169-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77E78051-C090-4FD5-ACFF-546CD93A4914}: NameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F11D028-FCD6-4F9A-BF12-EA91507E3FEF}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.08 19:36:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michaela\Desktop\OTL.exe
[2013.03.06 21:54:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.06 21:50:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.06 21:41:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.06 21:41:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.06 21:41:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.06 21:40:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.06 21:40:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.06 21:39:48 | 005,036,545 | R--- | C] (Swearware) -- C:\Users\Michaela\Desktop\ComboFix.exe
[2013.03.06 21:31:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.06 21:30:47 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.06 21:27:34 | 000,547,723 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Michaela\Desktop\JRT.exe
[2013.03.06 20:30:13 | 000,000,000 | ---D | C] -- C:\Users\Michaela\AppData\Roaming\Igsuri
[2013.03.06 20:30:13 | 000,000,000 | ---D | C] -- C:\Users\Michaela\AppData\Roaming\Edmoq
[2013.03.06 20:29:43 | 000,000,000 | ---D | C] -- C:\Users\Michaela\Imhrypz
[2013.02.28 08:05:43 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.28 08:05:43 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.28 08:05:43 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.28 08:05:43 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.28 08:05:37 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.28 08:05:37 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.28 08:05:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 08:05:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 08:05:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 08:05:29 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.28 08:05:29 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.28 08:05:29 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.28 08:05:29 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 08:05:29 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 08:05:29 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 08:05:29 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 08:05:29 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 08:05:28 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.28 08:05:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 08:05:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 08:05:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 08:05:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 08:05:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 08:05:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 08:05:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 08:05:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 08:05:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 08:05:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 08:05:26 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.28 08:05:26 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.28 08:05:26 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.28 08:05:26 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.28 08:05:26 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.28 08:05:25 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.28 08:05:25 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.28 08:05:25 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.28 08:05:25 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.28 08:05:24 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.28 08:05:24 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.28 08:05:24 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.28 08:05:23 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.27 10:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.14 13:04:07 | 000,000,000 | ---D | C] -- C:\Users\Michaela\AppData\Local\ECRSC
[2013.02.14 13:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALZip
[2013.02.14 13:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ESTsoft
[2013.02.14 13:03:58 | 000,000,000 | ---D | C] -- C:\Users\Michaela\AppData\Roaming\ESTsoft
[2013.02.14 13:03:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESTsoft
[2013.02.14 08:59:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 08:59:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 08:59:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 08:59:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 08:59:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 08:59:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 08:59:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 08:59:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 08:59:06 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 08:59:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 08:59:05 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 08:59:05 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 08:59:03 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 08:59:03 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 08:59:03 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 22:25:31 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 22:25:30 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 22:25:30 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 22:25:25 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 22:25:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 22:25:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 22:25:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 22:25:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 22:25:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 22:25:21 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.08 19:36:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michaela\Desktop\OTL.exe
[2013.03.08 19:33:31 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.08 19:33:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.06 22:01:05 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.06 22:01:05 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.06 21:53:37 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.06 21:49:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.06 21:40:27 | 005,036,545 | R--- | M] (Swearware) -- C:\Users\Michaela\Desktop\ComboFix.exe
[2013.03.06 21:27:43 | 000,547,723 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Michaela\Desktop\JRT.exe
[2013.03.06 21:18:47 | 000,597,667 | ---- | M] () -- C:\Users\Michaela\Desktop\adwcleaner.exe
[2013.03.04 08:41:48 | 000,001,456 | ---- | M] () -- C:\Users\Michaela\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2013.03.01 09:12:48 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.01 09:12:48 | 000,654,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.01 09:12:48 | 000,616,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.01 09:12:48 | 000,130,096 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.01 09:12:48 | 000,106,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.28 10:34:09 | 000,823,511 | ---- | M] () -- C:\Users\Michaela\Desktop\Migration von J15 nach J25 v2.pdf
[2013.02.27 16:04:51 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.27 16:04:51 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.20 03:01:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.14 09:27:45 | 011,516,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.11 00:20:33 | 000,005,886 | ---- | M] () -- C:\Users\Michaela\Documents\merle_text.odt
 
========== Files Created - No Company Name ==========
 
[2013.03.06 21:41:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.06 21:41:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.06 21:41:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.06 21:41:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.06 21:41:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.06 21:18:42 | 000,597,667 | ---- | C] () -- C:\Users\Michaela\Desktop\adwcleaner.exe
[2013.02.28 10:34:09 | 000,823,511 | ---- | C] () -- C:\Users\Michaela\Desktop\Migration von J15 nach J25 v2.pdf
[2013.02.11 00:09:39 | 000,005,886 | ---- | C] () -- C:\Users\Michaela\Documents\merle_text.odt
[2013.01.17 18:26:07 | 000,007,601 | ---- | C] () -- C:\Users\Michaela\AppData\Local\Resmon.ResmonCfg
[2012.12.27 18:22:27 | 000,004,230 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.12.27 18:21:00 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2012.11.27 09:49:14 | 000,001,456 | ---- | C] () -- C:\Users\Michaela\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.11.26 23:40:58 | 000,000,132 | ---- | C] () -- C:\Users\Michaela\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
[2012.11.26 23:13:41 | 000,000,132 | ---- | C] () -- C:\Users\Michaela\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
[2012.11.14 22:32:47 | 000,000,132 | ---- | C] () -- C:\Users\Michaela\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.10.29 12:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.10.29 12:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.10.29 12:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.10.29 12:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.10.29 12:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.30 22:28:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.30 21:44:19 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1601.01.01 01:00:00 | 000,194,048 | ---- | C] () -- C:\Users\Michaela\AppData\Roaming\execlvvideo.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.08 19:40:28 | 000,000,000 | ---D | M] -- C:\Users\Michaela\AppData\Roaming\Arohu
[2012.12.14 08:27:43 | 000,000,000 | ---D | M] -- C:\Users\Michaela\AppData\Roaming\com.adobe.dmp.contentviewer
[2013.03.08 19:41:16 | 000,000,000 | ---D | M] -- C:\Users\Michaela\AppData\Roaming\Deemo
[2013.03.06 21:54:47 | 000,000,000 | ---D | M] -- C:\Users\Michaela\AppData\Roaming\Dropbox
[2013.03.06 20:30:13 | 000,000,000 | ---D | M] -- C:\Users\Michaela\AppData\Roaming\Edmoq
[2013.01.09 22:49:51 | 000,000,000 | ---D | M] -- C:\Users\Michaela\AppData\Roaming\elsterformular
[2012.11.06 14:43:23 | 000,000,000 | ---D | M] -- C:\Users\Michaela\AppData\Roaming\FileZilla
[2013.03.06 20:34:49 | 000,000,000 | ---D | M] -- C:\Users\Michaela\AppData\Roaming\Igsuri
[2012.12.05 22:34:12 | 000,000,000 | ---D | M] -- C:\Users\Michaela\AppData\Roaming\OpenOffice.org
[2012.12.23 15:41:45 | 000,000,000 | ---D | M] -- C:\Users\Michaela\AppData\Roaming\PCDr
[2012.11.24 22:52:41 | 000,000,000 | ---D | M] -- C:\Users\Michaela\AppData\Roaming\Samsung
[2012.11.14 22:46:25 | 000,000,000 | ---D | M] -- C:\Users\Michaela\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.09.30 22:39:16 | 000,000,000 | ---D | M] -- C:\Users\Michaela\AppData\Roaming\T-Mobile
[2013.03.08 19:40:28 | 000,000,000 | ---D | M] -- C:\Users\Michaela\AppData\Roaming\Uwtyu
[2012.10.01 08:49:31 | 000,000,000 | ---D | M] -- C:\Users\Michaela\AppData\Roaming\WirelessManager
 
========== Purity Check ==========
 
 

< End of report >

und die Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 08.03.2013 19:38:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michaela\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 57,90% Memory free
7,73 Gb Paging File | 6,07 Gb Available in Paging File | 78,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 206,31 Gb Free Space | 69,23% Space Free | Partition Type: NTFS
 
Computer Name: MICHAELA-PC | User Name: Michaela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = jsfile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02455A92-EFA2-42A1-B780-50800D41A627}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0325D206-6788-442D-AF89-908AC87BC5BC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{044A3E2E-CCEC-4702-9907-D7D997190013}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{11A354B8-CA66-4099-9DDA-64906AB89C29}" = lport=137 | protocol=17 | dir=in | app=system | 
"{124C4E7B-89FF-4D62-9020-1DD6B8D0A8B8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1C921454-A49F-498D-A55B-8A0399799DF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1FD531F2-6E64-4058-97A0-3483EF8A56C1}" = lport=5031 | protocol=17 | dir=in | name=avm tapi services for fritz!box - udp 5031 | 
"{22089AC9-18EF-4D96-8D3F-38AC9763BF6D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{265D2767-E17F-4F48-B895-B2829907DC81}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3087CF9A-3B84-4BF2-9B0C-E529056D8C83}" = rport=445 | protocol=6 | dir=out | app=system | 
"{33AA000A-CBAB-4A29-A5BA-74CA7D7FB39D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{47A3C984-B278-4B88-99B6-3300CE75F486}" = rport=137 | protocol=17 | dir=out | app=system | 
"{66365D4D-628A-4A75-B8D3-9045479F1361}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6B73C6A0-808F-4A94-8D29-91F2DF207A68}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6D02FF64-1680-4101-8E3D-DBBF3F085973}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78EA08C5-4AAD-431E-932B-9E68F0852841}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7A42638E-51DD-4111-860B-69C66831557D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{88434A46-1439-4192-843D-3655BCA56FA6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8CE059DA-D903-4395-8926-E40BCE192D59}" = lport=138 | protocol=17 | dir=in | app=system | 
"{90E37A83-D4C4-4F4A-BD62-CF637E4D5404}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A818CAAE-6069-4DBA-A944-858A05479389}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C9ECF3C4-E768-4212-ABF6-174EA25188DE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D97A59C3-4386-412C-A94B-62B6DA90C48E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DE6082CC-8E44-4276-A226-47AA21EBE52D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E41BF8F8-C7FF-4A01-92EF-E9F5EF9F9B42}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E5850D0C-FA25-4010-8585-ABD796EEF828}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E69A9C82-E0DF-43A9-87AB-A6515CDCC065}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0129A6CB-A353-49D9-A11B-87ABD2AE1BC5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{02C4A6E0-5CBA-4C14-9511-CF7E3E45AD79}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{057BC3D5-F6B7-48FF-A293-9AD7F59C4ED3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CC86627-1376-48BA-9725-2C39AFA11E3E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{16EF9C74-1A90-4719-A9CE-F23E884C3679}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1B15002E-13F4-486B-A8A1-00D6C9D2D3DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3594D269-E3F3-4589-887B-BCEDB38A6A37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A68F64F-B044-4FD5-9365-94CA660DD527}" = protocol=17 | dir=in | app=c:\users\michaela\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5199CE9E-195A-4DF0-A702-D063050BB14E}" = protocol=6 | dir=out | app=system | 
"{60F72E41-EAAF-46C1-8582-B730EEBD8083}" = dir=in | app=c:\users\michaela\appdata\local\microsoft\skydrive\skydrive.exe | 
"{624FBF54-97F4-4D5E-9052-6D5229E098B4}" = protocol=6 | dir=in | app=c:\program files (x86)\tapi services for fritz!box\fboxset.exe | 
"{673590A9-937C-43F8-8C06-E2D4EC3B216B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{71CAF327-2092-4A87-B2E2-076B3600DAB0}" = protocol=17 | dir=in | app=c:\program files (x86)\tapi services for fritz!box\igd_finder.exe | 
"{7D2F3045-6B70-465B-AE79-EB04E5473CAB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7EA334E6-7E8F-45FF-94F5-F2A1FA4D6D05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{868D8DAA-A61E-4008-9EB5-6FC6C46400B0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8BCEE4E2-A633-4193-9958-1A54E43D10A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D617EB6-7324-4046-AA6F-E2D0D5F902F9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{8EBE79B4-A80A-41FC-B55F-D773417F2BB2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A5B65AB1-ADED-42EC-96B1-BBC1AB3A1303}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A8274474-BEE0-4FF2-A7C2-DCD5C2CD104D}" = protocol=17 | dir=in | app=c:\program files (x86)\tapi services for fritz!box\fboxset.exe | 
"{A995F6E6-B3B0-4C66-A074-262519A18EDC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C7080FD3-61AF-42D1-A695-87B6108EBCAA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D84E2A79-795A-47A8-A34A-6E6DAC22CD1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC7827C0-02C6-4685-8A36-733705462167}" = protocol=6 | dir=in | app=c:\program files (x86)\tapi services for fritz!box\igd_finder.exe | 
"{DD23A012-A74F-466D-AD26-3DF1352BAA40}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{E14D05D2-E97B-431D-B73A-76A1DD1B0F58}" = protocol=6 | dir=in | app=c:\users\michaela\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EB3EA30A-744D-4D9D-AF46-36405B4F8BFD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EF43211D-04E2-40EA-99E7-EEC5115C1492}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F3AE181E-70DB-4AC6-8146-6376937903E1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F752914F-9E0E-49BC-88CF-E2E9E730492C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"TCP Query User{06BBFB32-02F2-4179-A02B-E2832FBD820E}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{4239DE61-E3DD-48B0-9833-4E11522F1231}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{45FB84F8-3260-45E6-B9D8-BEED551805C3}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{4697CF18-25AE-4C22-9545-D258A29F2BB2}C:\users\michaela\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\michaela\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{4CB6F99A-B376-4771-BA81-0BFDC3328564}C:\users\michaela\appdata\roaming\hyaq\exhin.exe" = protocol=6 | dir=in | app=c:\users\michaela\appdata\roaming\hyaq\exhin.exe | 
"TCP Query User{758542E4-FCCF-43E8-8BB6-6C6B942E122E}C:\users\michaela\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\michaela\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{8BB70CA6-4277-4328-9318-19908E28FF2E}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{9DA59812-F87D-47A0-B1C9-BCECA2072F9D}C:\program files (x86)\macromedia\dreamweaver mx 2004\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver mx 2004\dreamweaver.exe | 
"TCP Query User{A63597EF-B248-4257-AFDB-F836404410CA}C:\users\michaela\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\michaela\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{B6E8FF9C-489F-41A2-826E-554DCE3B7E9B}C:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{CEB6BA17-5EC5-4D91-A0C2-EF2906585F29}C:\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe | 
"TCP Query User{E2ACE535-CF35-453E-9F1B-FB4ABA677363}C:\users\michaela\appdata\roaming\arohu\ytig.exe" = protocol=6 | dir=in | app=c:\users\michaela\appdata\roaming\arohu\ytig.exe | 
"UDP Query User{0DD38648-5C35-4B8B-9BE1-90877314325E}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{3D6E28D4-EE1E-4783-BFCF-C5F2182419B6}C:\users\michaela\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\michaela\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{40283DE1-A40E-40F4-A510-BCA85323C11E}C:\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe | 
"UDP Query User{587E7142-7806-43EC-A3FA-ECF5BA47A9FC}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{78258FE9-C093-4EE7-B18B-B0DEB1986344}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{7B344173-815F-4829-ABEF-5A9BF12A05CC}C:\program files (x86)\macromedia\dreamweaver mx 2004\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver mx 2004\dreamweaver.exe | 
"UDP Query User{7E58E133-6E0F-4B2B-A6F2-0E5F02690FDB}C:\users\michaela\appdata\roaming\arohu\ytig.exe" = protocol=17 | dir=in | app=c:\users\michaela\appdata\roaming\arohu\ytig.exe | 
"UDP Query User{88EDB35F-96E8-4160-91DB-37FE29C2C7D4}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{898B3853-4883-417F-982A-59D44F7F254B}C:\users\michaela\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\michaela\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{95B31070-3E25-4A0B-9D8C-B64583BFE0A6}C:\users\michaela\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\michaela\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{E6DCFBF2-17A7-443A-8674-708ACCF6D9E9}C:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{FE4D9B4D-DF00-416B-8BAE-68C6023D0E2C}C:\users\michaela\appdata\roaming\hyaq\exhin.exe" = protocol=17 | dir=in | app=c:\users\michaela\appdata\roaming\hyaq\exhin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"PC-Doctor for Windows" = Dell Support Center
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{402F6F2E-5683-491C-977D-0CA599A07CAF}" = Adobe CS6 Design and Web Premium
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{483A865C-A74A-12BF-1276-D0111A488F50}" = Adobe® Content Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP 3.92
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PMUI.de-de_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00B5-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B5-0407-0000-0000000FF1CE}_Office14.PMUI.de-de_{B4E970EE-06BD-4834-97E8-943F7D31E4DF}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}_Office14.PMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip 8.51
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"ElsterFormular" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.3
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Internet Manager" = Internet Manager
"Office14.PMUI.de-de" = Microsoft Project Language Pack 2010 - German/Deutsch
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Spyder3Elite" = Spyder3Elite
"Spyder3Pro" = Spyder3Pro
"TAPI" = AVM TAPI Services for FRITZ!Box
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3813123265-4216506191-3036052169-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.03.2013 16:55:29 | Computer Name = Michaela-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 06.03.2013 16:53:43 | Computer Name = Michaela-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 06.03.2013 16:53:43 | Computer Name = Michaela-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 06.03.2013 16:53:54 | Computer Name = Michaela-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Internet Manager. OUC erreicht.
 
Error - 06.03.2013 16:53:54 | Computer Name = Michaela-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 06.03.2013 16:54:57 | Computer Name = Michaela-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 07.03.2013 13:45:26 | Computer Name = Michaela-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 07.03.2013 13:55:27 | Computer Name = Michaela-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 07.03.2013 13:59:31 | Computer Name = Michaela-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 07.03.2013 14:01:54 | Computer Name = Michaela-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 08.03.2013 14:33:27 | Computer Name = Michaela-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >

M.

cosinus · 08.03.2013, 19:52

Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

miciba · 10.03.2013, 17:56

Habe die mbar-scans gemacht und dann den gmer.
Soll ich jetzt einen mbar-scan noch einmal zusätzlich nach dem GMER durchführen?

M.

gmer-log:

Code:

ATTFilter

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-10 17:51:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G1 rev.00000009 298,09GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Michaela\AppData\Local\Temp\uwlyqkow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Users\Michaela\AppData\Local\Akamai\netsession_win.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077891465 2 bytes [89, 77]
.text   C:\Users\Michaela\AppData\Local\Akamai\netsession_win.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000778914bb 2 bytes [89, 77]
.text   ...                                                                                                                       * 2
.text   C:\Users\Michaela\AppData\Local\Akamai\netsession_win.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077891465 2 bytes [89, 77]
.text   C:\Users\Michaela\AppData\Local\Akamai\netsession_win.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000778914bb 2 bytes [89, 77]
.text   ...                                                                                                                       * 2

---- Devices - GMER 2.1 ----

Device  \Driver\atapi \Device\Dev_fffffa8004940060                                                                                fffffa8003ffd880

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:3848]                                                            000007fefc122a7c

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                          2074

---- EOF - GMER 2.1 ----

und zwei MBAR-Logs:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michaela :: MICHAELA-PC [administrator]

10.03.2013 17:20:31
mbar-log-2013-03-10 (17-20-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29326
Time elapsed: 10 minute(s), 37 second(s)

Memory Processes Detected: 1
c:\Users\Michaela\AppData\Roaming\Arohu\ytig.exe (Trojan.Ransom.ED) -> 4832 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Zaekin (Trojan.Ransom.ED) -> Data: C:\Users\Michaela\AppData\Roaming\Arohu\ytig.exe -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|KB00090887.exe (Trojan.Agent.Gen) -> Data: "C:\Users\Michaela\AppData\Roaming\KB00090887.exe" -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
c:\Users\Michaela\AppData\Roaming\Arohu\ytig.exe (Trojan.Ransom.ED) -> Delete on reboot.
c:\Users\Michaela\AppData\Local\Temp\{150C3-CEF2D4-CEF6D4} (Trojan.FakeMS.PRGen) -> Delete on reboot.
c:\Users\Michaela\AppData\Local\Temp\{15CEB-CEF2D4-CEF6D4} (Trojan.FakeMS.PRGen) -> Delete on reboot.
c:\Users\Michaela\AppData\Roaming\KB00090887.exe (Trojan.Agent.Gen) -> Delete on reboot.

(end)

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michaela :: MICHAELA-PC [administrator]

10.03.2013 17:37:34
mbar-log-2013-03-10 (17-37-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29246
Time elapsed: 10 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus · 10.03.2013, 20:33

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

miciba · 10.03.2013, 21:39

Der aswMBR-Scan bricht wiederholt beim scannen von C:\Windows\assembly\GAS_MSIL\Microsofe.VisualStudio.Tool.Aplications (den Rest kann ich nicht mehr erkennen) ab. Ich kann dann das bisher erstellte Logfile leider nicht mehr kopieren.

Soll ich den TDSS-Killer jetzt trotzdem im Anschluß laufen lassen?

Gruß M.

cosinus · 10.03.2013, 22:10

Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

miciba · 10.03.2013, 22:21

Ja, das hat jetzt geklappt.

Soll ich jetzt den TDSS-Killer laufen lassen?
Gruß M.

Hier das Logfile:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-10 21:22:48
-----------------------------
21:22:48.118    OS Version: Windows x64 6.1.7601 Service Pack 1
21:22:48.118    Number of processors: 4 586 0x2502
21:22:48.133    ComputerName: MICHAELA-PC  UserName: Michaela
21:22:49.444    Initialize success
21:22:57.821    AVAST engine defs: 13031001
21:23:07.352    The log file has been saved successfully to "C:\Users\Michaela\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-10 22:11:38
-----------------------------
22:11:38.062    OS Version: Windows x64 6.1.7601 Service Pack 1
22:11:38.062    Number of processors: 4 586 0x2502
22:11:38.062    ComputerName: MICHAELA-PC  UserName: Michaela
22:11:39.560    Initialze error C000010E - driver not loaded
22:11:39.747    write error "aswCmnB.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
22:11:39.841    AVAST engine defs: 13031001
22:12:05.269    Service scanning
22:12:35.299    Modules scanning
22:12:35.299    Disk 0 trace - called modules:
22:12:35.299    
22:12:35.299    Scan finished successfully
22:12:58.995    The log file has been saved successfully to "C:\Users\Michaela\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-10 22:16:09
-----------------------------
22:16:09.395    OS Version: Windows x64 6.1.7601 Service Pack 1
22:16:09.395    Number of processors: 4 586 0x2502
22:16:09.395    ComputerName: MICHAELA-PC  UserName: Michaela
22:16:17.507    Initialize success
22:16:29.317    AVAST engine defs: 13031001
22:16:38.505    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:16:38.505    Disk 0 Vendor: FUJITSU_MHZ2320BH_G1 00000009 Size: 305245MB BusType: 11
22:16:38.521    Disk 0 MBR read successfully
22:16:38.521    Disk 0 MBR scan
22:16:38.521    Disk 0 Windows 7 default MBR code
22:16:38.536    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:16:38.599    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       305143 MB offset 206848
22:16:38.724    Disk 0 scanning C:\Windows\system32\drivers
22:16:56.320    Service scanning
22:17:36.584    Modules scanning
22:17:36.584    Disk 0 trace - called modules:
22:17:36.615    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
22:17:36.631    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bf8060]
22:17:36.631    3 CLASSPNP.SYS[fffff880019b543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004944060]
22:17:36.646    Scan finished successfully
22:17:45.195    Disk 0 MBR has been saved successfully to "C:\Users\Michaela\Desktop\MBR.dat"
22:17:45.242    The log file has been saved successfully to "C:\Users\Michaela\Desktop\aswMBR.txt"

cosinus · 10.03.2013, 22:31

Ja sicher, das Log vom TDSS brauch ich auch

miciba · 10.03.2013, 22:38

Hier das TDSS-Log:

Code:

ATTFilter

22:33:56.0613 1756  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:33:56.0800 1756  ============================================================
22:33:56.0800 1756  Current date / time: 2013/03/10 22:33:56.0800
22:33:56.0800 1756  SystemInfo:
22:33:56.0800 1756  
22:33:56.0800 1756  OS Version: 6.1.7601 ServicePack: 1.0
22:33:56.0800 1756  Product type: Workstation
22:33:56.0800 1756  ComputerName: MICHAELA-PC
22:33:56.0800 1756  UserName: Michaela
22:33:56.0800 1756  Windows directory: C:\Windows
22:33:56.0800 1756  System windows directory: C:\Windows
22:33:56.0800 1756  Running under WOW64
22:33:56.0800 1756  Processor architecture: Intel x64
22:33:56.0800 1756  Number of processors: 4
22:33:56.0800 1756  Page size: 0x1000
22:33:56.0800 1756  Boot type: Normal boot
22:33:56.0800 1756  ============================================================
22:33:58.0407 1756  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:33:58.0407 1756  ============================================================
22:33:58.0407 1756  \Device\Harddisk0\DR0:
22:33:58.0407 1756  MBR partitions:
22:33:58.0407 1756  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:33:58.0407 1756  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
22:33:58.0407 1756  ============================================================
22:33:58.0766 1756  C: <-> \Device\Harddisk0\DR0\Partition2
22:33:58.0766 1756  ============================================================
22:33:58.0766 1756  Initialize success
22:33:58.0766 1756  ============================================================
22:35:14.0426 4372  ============================================================
22:35:14.0426 4372  Scan started
22:35:14.0426 4372  Mode: Manual; SigCheck; TDLFS; 
22:35:14.0426 4372  ============================================================
22:35:14.0629 4372  ================ Scan system memory ========================
22:35:14.0629 4372  System memory - ok
22:35:14.0629 4372  ================ Scan services =============================
22:35:14.0769 4372  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
22:35:14.0863 4372  1394ohci - ok
22:35:14.0894 4372  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:35:14.0925 4372  ACPI - ok
22:35:14.0941 4372  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:35:15.0019 4372  AcpiPmi - ok
22:35:15.0175 4372  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:35:15.0190 4372  AdobeARMservice - ok
22:35:15.0315 4372  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:35:15.0346 4372  AdobeFlashPlayerUpdateSvc - ok
22:35:15.0393 4372  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:35:15.0456 4372  adp94xx - ok
22:35:15.0502 4372  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:35:15.0534 4372  adpahci - ok
22:35:15.0549 4372  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:35:15.0565 4372  adpu320 - ok
22:35:15.0612 4372  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:35:15.0814 4372  AeLookupSvc - ok
22:35:15.0861 4372  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:35:15.0955 4372  AFD - ok
22:35:15.0986 4372  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:35:16.0002 4372  agp440 - ok
22:35:16.0048 4372  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:35:16.0095 4372  ALG - ok
22:35:16.0126 4372  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:35:16.0142 4372  aliide - ok
22:35:16.0236 4372  [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:35:16.0360 4372  AMD External Events Utility - ok
22:35:16.0392 4372  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:35:16.0407 4372  amdide - ok
22:35:16.0438 4372  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:35:16.0470 4372  AmdK8 - ok
22:35:16.0485 4372  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:35:16.0516 4372  AmdPPM - ok
22:35:16.0548 4372  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:35:16.0563 4372  amdsata - ok
22:35:16.0594 4372  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:35:16.0610 4372  amdsbs - ok
22:35:16.0641 4372  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:35:16.0657 4372  amdxata - ok
22:35:16.0704 4372  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:35:16.0891 4372  AppID - ok
22:35:16.0938 4372  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:35:17.0016 4372  AppIDSvc - ok
22:35:17.0047 4372  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
22:35:17.0125 4372  Appinfo - ok
22:35:17.0187 4372  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
22:35:17.0203 4372  arc - ok
22:35:17.0234 4372  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:35:17.0250 4372  arcsas - ok
22:35:17.0281 4372  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:35:17.0359 4372  AsyncMac - ok
22:35:17.0374 4372  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:35:17.0390 4372  atapi - ok
22:35:17.0562 4372  [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:35:17.0796 4372  atikmdag - ok
22:35:17.0842 4372  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:35:17.0952 4372  AudioEndpointBuilder - ok
22:35:17.0967 4372  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:35:18.0014 4372  AudioSrv - ok
22:35:18.0045 4372  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:35:18.0139 4372  AxInstSV - ok
22:35:18.0186 4372  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:35:18.0248 4372  b06bdrv - ok
22:35:18.0295 4372  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:35:18.0342 4372  b57nd60a - ok
22:35:18.0435 4372  [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
22:35:18.0529 4372  BCM43XX - ok
22:35:18.0591 4372  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:35:18.0638 4372  BDESVC - ok
22:35:18.0669 4372  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:35:18.0747 4372  Beep - ok
22:35:18.0903 4372  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:35:18.0997 4372  BFE - ok
22:35:19.0028 4372  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
22:35:19.0168 4372  BITS - ok
22:35:19.0200 4372  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:35:19.0231 4372  blbdrive - ok
22:35:19.0309 4372  [ 057F482CFDB57E75202E2E37795F2D3B ] BMLoad          C:\Windows\system32\drivers\BMLoad.sys
22:35:19.0340 4372  BMLoad ( UnsignedFile.Multi.Generic ) - warning
22:35:19.0340 4372  BMLoad - detected UnsignedFile.Multi.Generic (1)
22:35:19.0356 4372  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:35:19.0402 4372  bowser - ok
22:35:19.0434 4372  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:35:19.0465 4372  BrFiltLo - ok
22:35:19.0496 4372  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:35:19.0512 4372  BrFiltUp - ok
22:35:19.0574 4372  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
22:35:19.0636 4372  BridgeMP - ok
22:35:19.0683 4372  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:35:19.0730 4372  Browser - ok
22:35:19.0746 4372  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:35:19.0792 4372  Brserid - ok
22:35:19.0824 4372  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:35:19.0855 4372  BrSerWdm - ok
22:35:19.0886 4372  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:35:19.0917 4372  BrUsbMdm - ok
22:35:19.0933 4372  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:35:19.0964 4372  BrUsbSer - ok
22:35:19.0980 4372  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:35:20.0011 4372  BTHMODEM - ok
22:35:20.0042 4372  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:35:20.0089 4372  bthserv - ok
22:35:20.0120 4372  catchme - ok
22:35:20.0136 4372  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:35:20.0182 4372  cdfs - ok
22:35:20.0198 4372  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:35:20.0229 4372  cdrom - ok
22:35:20.0260 4372  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:35:20.0354 4372  CertPropSvc - ok
22:35:20.0385 4372  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
22:35:20.0416 4372  circlass - ok
22:35:20.0448 4372  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:35:20.0479 4372  CLFS - ok
22:35:20.0541 4372  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:35:20.0557 4372  clr_optimization_v2.0.50727_32 - ok
22:35:20.0604 4372  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:35:20.0619 4372  clr_optimization_v2.0.50727_64 - ok
22:35:20.0697 4372  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:35:20.0728 4372  clr_optimization_v4.0.30319_32 - ok
22:35:20.0760 4372  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:35:20.0775 4372  clr_optimization_v4.0.30319_64 - ok
22:35:20.0806 4372  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:35:20.0838 4372  CmBatt - ok
22:35:20.0869 4372  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:35:20.0884 4372  cmdide - ok
22:35:20.0916 4372  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
22:35:20.0962 4372  CNG - ok
22:35:20.0994 4372  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:35:21.0009 4372  Compbatt - ok
22:35:21.0025 4372  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:35:21.0056 4372  CompositeBus - ok
22:35:21.0072 4372  COMSysApp - ok
22:35:21.0087 4372  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:35:21.0103 4372  crcdisk - ok
22:35:21.0181 4372  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:35:21.0212 4372  CryptSvc - ok
22:35:21.0243 4372  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:35:21.0368 4372  DcomLaunch - ok
22:35:21.0415 4372  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:35:21.0493 4372  defragsvc - ok
22:35:21.0524 4372  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:35:21.0586 4372  DfsC - ok
22:35:21.0618 4372  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:35:21.0680 4372  Dhcp - ok
22:35:21.0696 4372  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:35:21.0774 4372  discache - ok
22:35:21.0805 4372  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
22:35:21.0820 4372  Disk - ok
22:35:21.0852 4372  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:35:21.0914 4372  Dnscache - ok
22:35:21.0945 4372  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:35:22.0039 4372  dot3svc - ok
22:35:22.0054 4372  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:35:22.0132 4372  DPS - ok
22:35:22.0164 4372  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:35:22.0195 4372  drmkaud - ok
22:35:22.0242 4372  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:35:22.0273 4372  DXGKrnl - ok
22:35:22.0304 4372  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:35:22.0351 4372  EapHost - ok
22:35:22.0444 4372  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:35:22.0632 4372  ebdrv - ok
22:35:22.0663 4372  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:35:22.0710 4372  EFS - ok
22:35:22.0803 4372  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:35:22.0897 4372  ehRecvr - ok
22:35:22.0897 4372  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:35:22.0944 4372  ehSched - ok
22:35:22.0990 4372  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:35:23.0053 4372  elxstor - ok
22:35:23.0068 4372  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:35:23.0084 4372  ErrDev - ok
22:35:23.0131 4372  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:35:23.0224 4372  EventSystem - ok
22:35:23.0271 4372  [ 334C907536E815E56CD13108A6D5FB9D ] ewusbmbb        C:\Windows\system32\DRIVERS\ewusbwwan.sys
22:35:23.0318 4372  ewusbmbb - ok
22:35:23.0334 4372  [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
22:35:23.0396 4372  ew_hwusbdev - ok
22:35:23.0412 4372  [ 55E0EDA185869F7EA67EA97FD0655B39 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
22:35:23.0458 4372  ew_usbenumfilter - ok
22:35:23.0474 4372  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:35:23.0536 4372  exfat - ok
22:35:23.0583 4372  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:35:23.0646 4372  fastfat - ok
22:35:23.0692 4372  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:35:23.0770 4372  Fax - ok
22:35:23.0786 4372  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
22:35:23.0817 4372  fdc - ok
22:35:23.0833 4372  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:35:23.0911 4372  fdPHost - ok
22:35:23.0926 4372  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:35:24.0004 4372  FDResPub - ok
22:35:24.0036 4372  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:35:24.0067 4372  FileInfo - ok
22:35:24.0082 4372  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:35:24.0145 4372  Filetrace - ok
22:35:24.0160 4372  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:35:24.0176 4372  flpydisk - ok
22:35:24.0207 4372  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:35:24.0238 4372  FltMgr - ok
22:35:24.0285 4372  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
22:35:24.0379 4372  FontCache - ok
22:35:24.0426 4372  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:35:24.0441 4372  FontCache3.0.0.0 - ok
22:35:24.0457 4372  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:35:24.0472 4372  FsDepends - ok
22:35:24.0519 4372  [ B16B626996C74B564005BA855C5DEE90 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
22:35:24.0550 4372  fssfltr - ok
22:35:24.0644 4372  [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:35:24.0753 4372  fsssvc - ok
22:35:24.0784 4372  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:35:24.0800 4372  Fs_Rec - ok
22:35:24.0847 4372  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:35:24.0878 4372  fvevol - ok
22:35:24.0894 4372  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:35:24.0909 4372  gagp30kx - ok
22:35:24.0956 4372  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:35:25.0050 4372  gpsvc - ok
22:35:25.0065 4372  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:35:25.0096 4372  hcw85cir - ok
22:35:25.0143 4372  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:35:25.0174 4372  HdAudAddService - ok
22:35:25.0206 4372  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:35:25.0237 4372  HDAudBus - ok
22:35:25.0268 4372  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
22:35:25.0299 4372  HECIx64 - ok
22:35:25.0315 4372  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:35:25.0346 4372  HidBatt - ok
22:35:25.0346 4372  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:35:25.0377 4372  HidBth - ok
22:35:25.0408 4372  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:35:25.0440 4372  HidIr - ok
22:35:25.0455 4372  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
22:35:25.0518 4372  hidserv - ok
22:35:25.0533 4372  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:35:25.0549 4372  HidUsb - ok
22:35:25.0596 4372  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:35:25.0674 4372  hkmsvc - ok
22:35:25.0689 4372  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:35:25.0720 4372  HomeGroupListener - ok
22:35:25.0752 4372  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:35:25.0783 4372  HomeGroupProvider - ok
22:35:25.0814 4372  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:35:25.0830 4372  HpSAMD - ok
22:35:25.0876 4372  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:35:25.0986 4372  HTTP - ok
22:35:26.0001 4372  [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
22:35:26.0032 4372  huawei_enumerator - ok
22:35:26.0064 4372  [ 4B80AF36EE9F31361C1DCB2EE563719A ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:35:26.0110 4372  hwdatacard - ok
22:35:26.0220 4372  [ E90DA42B87D684DEBFB73B38A718A006 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
22:35:26.0360 4372  HWDeviceService64.exe - ok
22:35:26.0407 4372  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:35:26.0422 4372  hwpolicy - ok
22:35:26.0454 4372  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:35:26.0485 4372  i8042prt - ok
22:35:26.0578 4372  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:35:26.0641 4372  iaStorV - ok
22:35:26.0719 4372  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:35:26.0797 4372  idsvc - ok
22:35:26.0812 4372  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:35:26.0828 4372  iirsp - ok
22:35:26.0875 4372  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:35:26.0968 4372  IKEEXT - ok
22:35:26.0984 4372  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:35:27.0000 4372  intelide - ok
22:35:27.0046 4372  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:35:27.0078 4372  intelppm - ok
22:35:27.0140 4372  [ 837B6D439C16DB39C30FB8EEBC806A57 ] Internet Manager. RunOuc C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe
22:35:27.0202 4372  Internet Manager. RunOuc - ok
22:35:27.0249 4372  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:35:27.0327 4372  IPBusEnum - ok
22:35:27.0343 4372  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:35:27.0390 4372  IpFilterDriver - ok
22:35:27.0436 4372  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:35:27.0499 4372  iphlpsvc - ok
22:35:27.0530 4372  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:35:27.0561 4372  IPMIDRV - ok
22:35:27.0577 4372  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:35:27.0655 4372  IPNAT - ok
22:35:27.0686 4372  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:35:27.0717 4372  IRENUM - ok
22:35:27.0733 4372  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:35:27.0764 4372  isapnp - ok
22:35:27.0780 4372  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:35:27.0811 4372  iScsiPrt - ok
22:35:27.0826 4372  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:35:27.0842 4372  kbdclass - ok
22:35:27.0858 4372  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:35:27.0889 4372  kbdhid - ok
22:35:27.0904 4372  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:35:27.0920 4372  KeyIso - ok
22:35:27.0951 4372  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:35:27.0967 4372  KSecDD - ok
22:35:27.0982 4372  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:35:28.0014 4372  KSecPkg - ok
22:35:28.0029 4372  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:35:28.0092 4372  ksthunk - ok
22:35:28.0123 4372  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:35:28.0201 4372  KtmRm - ok
22:35:28.0248 4372  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:35:28.0326 4372  LanmanServer - ok
22:35:28.0357 4372  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:35:28.0419 4372  LanmanWorkstation - ok
22:35:28.0450 4372  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:35:28.0528 4372  lltdio - ok
22:35:28.0560 4372  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:35:28.0638 4372  lltdsvc - ok
22:35:28.0653 4372  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:35:28.0700 4372  lmhosts - ok
22:35:28.0731 4372  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:35:28.0747 4372  LSI_FC - ok
22:35:28.0747 4372  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:35:28.0762 4372  LSI_SAS - ok
22:35:28.0778 4372  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:35:28.0794 4372  LSI_SAS2 - ok
22:35:28.0809 4372  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:35:28.0809 4372  LSI_SCSI - ok
22:35:28.0840 4372  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:35:28.0934 4372  luafv - ok
22:35:28.0996 4372  [ B8EAC4507EB4655377B1E094FCE7F12E ] Macromedia Licensing Service C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
22:35:29.0012 4372  Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:35:29.0012 4372  Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:35:29.0043 4372  [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter      C:\Windows\system32\drivers\massfilter.sys
22:35:29.0074 4372  massfilter - ok
22:35:29.0106 4372  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:35:29.0137 4372  Mcx2Svc - ok
22:35:29.0137 4372  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:35:29.0152 4372  megasas - ok
22:35:29.0199 4372  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:35:29.0230 4372  MegaSR - ok
22:35:29.0262 4372  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:35:29.0324 4372  MMCSS - ok
22:35:29.0340 4372  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:35:29.0386 4372  Modem - ok
22:35:29.0402 4372  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:35:29.0433 4372  monitor - ok
22:35:29.0449 4372  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:35:29.0449 4372  mouclass - ok
22:35:29.0480 4372  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:35:29.0496 4372  mouhid - ok
22:35:29.0511 4372  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:35:29.0527 4372  mountmgr - ok
22:35:29.0558 4372  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
22:35:29.0574 4372  MpFilter - ok
22:35:29.0605 4372  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:35:29.0620 4372  mpio - ok
22:35:29.0652 4372  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:35:29.0683 4372  mpsdrv - ok
22:35:29.0745 4372  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:35:29.0854 4372  MpsSvc - ok
22:35:29.0886 4372  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:35:29.0917 4372  MRxDAV - ok
22:35:29.0948 4372  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:35:30.0010 4372  mrxsmb - ok
22:35:30.0026 4372  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:35:30.0042 4372  mrxsmb10 - ok
22:35:30.0057 4372  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:35:30.0088 4372  mrxsmb20 - ok
22:35:30.0104 4372  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:35:30.0120 4372  msahci - ok
22:35:30.0151 4372  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:35:30.0166 4372  msdsm - ok
22:35:30.0198 4372  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:35:30.0229 4372  MSDTC - ok
22:35:30.0260 4372  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:35:30.0338 4372  Msfs - ok
22:35:30.0338 4372  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:35:30.0416 4372  mshidkmdf - ok
22:35:30.0432 4372  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:35:30.0463 4372  msisadrv - ok
22:35:30.0494 4372  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:35:30.0572 4372  MSiSCSI - ok
22:35:30.0572 4372  msiserver - ok
22:35:30.0588 4372  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:35:30.0634 4372  MSKSSRV - ok
22:35:30.0712 4372  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:35:30.0744 4372  MsMpSvc - ok
22:35:30.0775 4372  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:35:30.0837 4372  MSPCLOCK - ok
22:35:30.0853 4372  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:35:30.0900 4372  MSPQM - ok
22:35:30.0915 4372  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:35:30.0931 4372  MsRPC - ok
22:35:30.0946 4372  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:35:30.0946 4372  mssmbios - ok
22:35:30.0978 4372  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:35:31.0009 4372  MSTEE - ok
22:35:31.0024 4372  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:35:31.0040 4372  MTConfig - ok
22:35:31.0056 4372  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:35:31.0056 4372  Mup - ok
22:35:31.0102 4372  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:35:31.0212 4372  napagent - ok
22:35:31.0258 4372  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:35:31.0305 4372  NativeWifiP - ok
22:35:31.0352 4372  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:35:31.0414 4372  NDIS - ok
22:35:31.0430 4372  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:35:31.0508 4372  NdisCap - ok
22:35:31.0539 4372  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:35:31.0570 4372  NdisTapi - ok
22:35:31.0602 4372  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:35:31.0648 4372  Ndisuio - ok
22:35:31.0680 4372  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:35:31.0758 4372  NdisWan - ok
22:35:31.0773 4372  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:35:31.0820 4372  NDProxy - ok
22:35:31.0836 4372  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:35:31.0914 4372  NetBIOS - ok
22:35:31.0929 4372  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:35:31.0976 4372  NetBT - ok
22:35:31.0992 4372  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:35:32.0007 4372  Netlogon - ok
22:35:32.0038 4372  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:35:32.0101 4372  Netman - ok
22:35:32.0132 4372  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:35:32.0241 4372  netprofm - ok
22:35:32.0257 4372  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:35:32.0272 4372  NetTcpPortSharing - ok
22:35:32.0304 4372  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:35:32.0335 4372  nfrd960 - ok
22:35:32.0397 4372  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:35:32.0428 4372  NisDrv - ok
22:35:32.0444 4372  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
22:35:32.0506 4372  NisSrv - ok
22:35:32.0538 4372  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:35:32.0569 4372  NlaSvc - ok
22:35:32.0584 4372  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:35:32.0631 4372  Npfs - ok
22:35:32.0662 4372  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:35:32.0709 4372  nsi - ok
22:35:32.0709 4372  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:35:32.0772 4372  nsiproxy - ok
22:35:32.0834 4372  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:35:32.0928 4372  Ntfs - ok
22:35:32.0959 4372  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:35:33.0021 4372  Null - ok
22:35:33.0052 4372  [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
22:35:33.0084 4372  nusb3hub - ok
22:35:33.0115 4372  [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
22:35:33.0146 4372  nusb3xhc - ok
22:35:33.0177 4372  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:35:33.0208 4372  nvraid - ok
22:35:33.0224 4372  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:35:33.0240 4372  nvstor - ok
22:35:33.0255 4372  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:35:33.0286 4372  nv_agp - ok
22:35:33.0302 4372  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:35:33.0333 4372  ohci1394 - ok
22:35:33.0380 4372  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:35:33.0411 4372  ose - ok
22:35:33.0614 4372  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:35:33.0817 4372  osppsvc - ok
22:35:33.0864 4372  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:35:33.0926 4372  p2pimsvc - ok
22:35:33.0942 4372  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:35:34.0004 4372  p2psvc - ok
22:35:34.0020 4372  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
22:35:34.0051 4372  Parport - ok
22:35:34.0066 4372  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:35:34.0098 4372  partmgr - ok
22:35:34.0113 4372  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:35:34.0144 4372  PcaSvc - ok
22:35:34.0222 4372  [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
22:35:34.0254 4372  PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok
22:35:34.0269 4372  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:35:34.0285 4372  pci - ok
22:35:34.0300 4372  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:35:34.0332 4372  pciide - ok
22:35:34.0347 4372  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:35:34.0363 4372  pcmcia - ok
22:35:34.0378 4372  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:35:34.0394 4372  pcw - ok
22:35:34.0425 4372  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:35:34.0550 4372  PEAUTH - ok
22:35:34.0644 4372  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:35:34.0675 4372  PerfHost - ok
22:35:34.0737 4372  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:35:34.0893 4372  pla - ok
22:35:34.0940 4372  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:35:35.0018 4372  PlugPlay - ok
22:35:35.0034 4372  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:35:35.0080 4372  PNRPAutoReg - ok
22:35:35.0112 4372  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:35:35.0127 4372  PNRPsvc - ok
22:35:35.0174 4372  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:35:35.0283 4372  PolicyAgent - ok
22:35:35.0299 4372  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:35:35.0377 4372  Power - ok
22:35:35.0408 4372  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:35:35.0486 4372  PptpMiniport - ok
22:35:35.0517 4372  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
22:35:35.0533 4372  Processor - ok
22:35:35.0564 4372  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:35:35.0611 4372  ProfSvc - ok
22:35:35.0626 4372  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:35:35.0642 4372  ProtectedStorage - ok
22:35:35.0673 4372  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:35:35.0736 4372  Psched - ok
22:35:35.0798 4372  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:35:35.0907 4372  ql2300 - ok
22:35:35.0923 4372  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:35:35.0938 4372  ql40xx - ok
22:35:35.0954 4372  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:35:35.0985 4372  QWAVE - ok
22:35:36.0001 4372  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:35:36.0016 4372  QWAVEdrv - ok
22:35:36.0032 4372  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:35:36.0094 4372  RasAcd - ok
22:35:36.0126 4372  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:35:36.0172 4372  RasAgileVpn - ok
22:35:36.0188 4372  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:35:36.0250 4372  RasAuto - ok
22:35:36.0250 4372  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:35:36.0313 4372  Rasl2tp - ok
22:35:36.0344 4372  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:35:36.0406 4372  RasMan - ok
22:35:36.0422 4372  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:35:36.0484 4372  RasPppoe - ok
22:35:36.0500 4372  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:35:36.0562 4372  RasSstp - ok
22:35:36.0594 4372  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:35:36.0640 4372  rdbss - ok
22:35:36.0672 4372  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:35:36.0750 4372  rdpbus - ok
22:35:36.0828 4372  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:35:36.0921 4372  RDPCDD - ok
22:35:36.0952 4372  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:35:37.0015 4372  RDPENCDD - ok
22:35:37.0030 4372  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:35:37.0077 4372  RDPREFMP - ok
22:35:37.0108 4372  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:35:37.0155 4372  RdpVideoMiniport - ok
22:35:37.0218 4372  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:35:37.0264 4372  RDPWD - ok
22:35:37.0296 4372  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:35:37.0311 4372  rdyboost - ok
22:35:37.0342 4372  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:35:37.0420 4372  RemoteAccess - ok
22:35:37.0467 4372  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:35:37.0545 4372  RemoteRegistry - ok
22:35:37.0561 4372  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:35:37.0639 4372  RpcEptMapper - ok
22:35:37.0654 4372  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:35:37.0701 4372  RpcLocator - ok
22:35:37.0717 4372  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:35:37.0795 4372  RpcSs - ok
22:35:37.0810 4372  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:35:37.0888 4372  rspndr - ok
22:35:37.0920 4372  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:35:37.0951 4372  RTL8167 - ok
22:35:37.0966 4372  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:35:37.0982 4372  SamSs - ok
22:35:37.0998 4372  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:35:38.0013 4372  sbp2port - ok
22:35:38.0044 4372  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:35:38.0091 4372  SCardSvr - ok
22:35:38.0091 4372  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:35:38.0154 4372  scfilter - ok
22:35:38.0185 4372  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:35:38.0310 4372  Schedule - ok
22:35:38.0325 4372  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:35:38.0372 4372  SCPolicySvc - ok
22:35:38.0403 4372  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
22:35:38.0450 4372  sdbus - ok
22:35:38.0466 4372  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:35:38.0512 4372  SDRSVC - ok
22:35:38.0544 4372  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:35:38.0606 4372  secdrv - ok
22:35:38.0622 4372  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:35:38.0668 4372  seclogon - ok
22:35:38.0668 4372  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
22:35:38.0731 4372  SENS - ok
22:35:38.0746 4372  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:35:38.0793 4372  SensrSvc - ok
22:35:38.0793 4372  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:35:38.0824 4372  Serenum - ok
22:35:38.0856 4372  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
22:35:38.0887 4372  Serial - ok
22:35:38.0918 4372  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:35:38.0949 4372  sermouse - ok
22:35:38.0980 4372  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:35:39.0058 4372  SessionEnv - ok
22:35:39.0074 4372  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
22:35:39.0090 4372  sffdisk - ok
22:35:39.0090 4372  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:35:39.0121 4372  sffp_mmc - ok
22:35:39.0121 4372  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
22:35:39.0136 4372  sffp_sd - ok
22:35:39.0152 4372  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:35:39.0168 4372  sfloppy - ok
22:35:39.0214 4372  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:35:39.0261 4372  SharedAccess - ok
22:35:39.0292 4372  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:35:39.0324 4372  ShellHWDetection - ok
22:35:39.0355 4372  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:35:39.0355 4372  SiSRaid2 - ok
22:35:39.0370 4372  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:35:39.0386 4372  SiSRaid4 - ok
22:35:39.0448 4372  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:35:39.0464 4372  SkypeUpdate - ok
22:35:39.0495 4372  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:35:39.0558 4372  Smb - ok
22:35:39.0589 4372  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:35:39.0620 4372  SNMPTRAP - ok
22:35:39.0636 4372  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:35:39.0651 4372  spldr - ok
22:35:39.0698 4372  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:35:39.0760 4372  Spooler - ok
22:35:39.0854 4372  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:35:40.0026 4372  sppsvc - ok
22:35:40.0041 4372  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:35:40.0088 4372  sppuinotify - ok
22:35:40.0135 4372  [ D8B882C520FC83547E22014FF5EC66D7 ] Spyder3         C:\Windows\system32\DRIVERS\Spyder3.sys
22:35:40.0166 4372  Spyder3 - ok
22:35:40.0213 4372  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:35:40.0291 4372  srv - ok
22:35:40.0306 4372  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:35:40.0353 4372  srv2 - ok
22:35:40.0369 4372  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:35:40.0400 4372  srvnet - ok
22:35:40.0447 4372  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
22:35:40.0494 4372  ssadbus - ok
22:35:40.0525 4372  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:35:40.0556 4372  ssadmdfl - ok
22:35:40.0587 4372  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
22:35:40.0618 4372  ssadmdm - ok
22:35:40.0665 4372  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:35:40.0728 4372  SSDPSRV - ok
22:35:40.0743 4372  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:35:40.0790 4372  SstpSvc - ok
22:35:40.0821 4372  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:35:40.0821 4372  stexstor - ok
22:35:40.0868 4372  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:35:40.0946 4372  stisvc - ok
22:35:40.0962 4372  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:35:40.0977 4372  swenum - ok
22:35:41.0071 4372  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:35:41.0133 4372  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
22:35:41.0133 4372  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
22:35:41.0180 4372  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:35:41.0289 4372  swprv - ok
22:35:41.0352 4372  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:35:41.0476 4372  SysMain - ok
22:35:41.0492 4372  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:35:41.0523 4372  TabletInputService - ok
22:35:41.0554 4372  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:35:41.0601 4372  TapiSrv - ok
22:35:41.0648 4372  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:35:41.0710 4372  TBS - ok
22:35:41.0820 4372  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:35:41.0929 4372  Tcpip - ok
22:35:41.0991 4372  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:35:42.0054 4372  TCPIP6 - ok
22:35:42.0085 4372  [ 1A95043750E359F993154EF8559BE518 ] tcpipBM         C:\Windows\system32\drivers\tcpipBM.sys
22:35:42.0100 4372  tcpipBM ( UnsignedFile.Multi.Generic ) - warning
22:35:42.0100 4372  tcpipBM - detected UnsignedFile.Multi.Generic (1)
22:35:42.0116 4372  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:35:42.0147 4372  tcpipreg - ok
22:35:42.0163 4372  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:35:42.0194 4372  TDPIPE - ok
22:35:42.0225 4372  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:35:42.0241 4372  TDTCP - ok
22:35:42.0272 4372  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:35:42.0350 4372  tdx - ok
22:35:42.0366 4372  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:35:42.0381 4372  TermDD - ok
22:35:42.0428 4372  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:35:42.0522 4372  TermService - ok
22:35:42.0522 4372  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:35:42.0537 4372  Themes - ok
22:35:42.0553 4372  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:35:42.0584 4372  THREADORDER - ok
22:35:42.0600 4372  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:35:42.0646 4372  TrkWks - ok
22:35:42.0693 4372  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:35:42.0756 4372  TrustedInstaller - ok
22:35:42.0771 4372  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:35:42.0834 4372  tssecsrv - ok
22:35:42.0849 4372  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:35:42.0896 4372  TsUsbFlt - ok
22:35:42.0927 4372  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:35:42.0943 4372  TsUsbGD - ok
22:35:42.0990 4372  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:35:43.0068 4372  tunnel - ok
22:35:43.0099 4372  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:35:43.0114 4372  uagp35 - ok
22:35:43.0146 4372  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:35:43.0224 4372  udfs - ok
22:35:43.0286 4372  [ 30B78A6296127B7A793CF42CA61B29B0 ] UI Assistant Service C:\Program Files (x86)\Join Air\AssistantServices.exe
22:35:43.0317 4372  UI Assistant Service - ok
22:35:43.0333 4372  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:35:43.0364 4372  UI0Detect - ok
22:35:43.0395 4372  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:35:43.0411 4372  uliagpkx - ok
22:35:43.0458 4372  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:35:43.0489 4372  umbus - ok
22:35:43.0504 4372  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:35:43.0536 4372  UmPass - ok
22:35:43.0567 4372  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:35:43.0660 4372  upnphost - ok
22:35:43.0692 4372  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:35:43.0707 4372  usbccgp - ok
22:35:43.0723 4372  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:35:43.0754 4372  usbcir - ok
22:35:43.0770 4372  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:35:43.0801 4372  usbehci - ok
22:35:43.0832 4372  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:35:43.0863 4372  usbhub - ok
22:35:43.0879 4372  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:35:43.0910 4372  usbohci - ok
22:35:43.0926 4372  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
22:35:43.0957 4372  usbprint - ok
22:35:43.0988 4372  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:35:44.0035 4372  USBSTOR - ok
22:35:44.0050 4372  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:35:44.0082 4372  usbuhci - ok
22:35:44.0128 4372  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:35:44.0160 4372  usbvideo - ok
22:35:44.0191 4372  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:35:44.0269 4372  UxSms - ok
22:35:44.0284 4372  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:35:44.0300 4372  VaultSvc - ok
22:35:44.0331 4372  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:35:44.0347 4372  vdrvroot - ok
22:35:44.0378 4372  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:35:44.0487 4372  vds - ok
22:35:44.0503 4372  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:35:44.0518 4372  vga - ok
22:35:44.0534 4372  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:35:44.0581 4372  VgaSave - ok
22:35:44.0612 4372  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:35:44.0628 4372  vhdmp - ok
22:35:44.0628 4372  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:35:44.0643 4372  viaide - ok
22:35:44.0674 4372  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:35:44.0690 4372  volmgr - ok
22:35:44.0706 4372  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:35:44.0737 4372  volmgrx - ok
22:35:44.0768 4372  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:35:44.0799 4372  volsnap - ok
22:35:44.0815 4372  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:35:44.0830 4372  vsmraid - ok
22:35:44.0908 4372  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:35:45.0049 4372  VSS - ok
22:35:45.0064 4372  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:35:45.0111 4372  vwifibus - ok
22:35:45.0111 4372  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:35:45.0142 4372  vwififlt - ok
22:35:45.0189 4372  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:35:45.0220 4372  vwifimp - ok
22:35:45.0252 4372  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:35:45.0330 4372  W32Time - ok
22:35:45.0345 4372  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:35:45.0376 4372  WacomPen - ok
22:35:45.0423 4372  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:35:45.0486 4372  WANARP - ok
22:35:45.0486 4372  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:35:45.0517 4372  Wanarpv6 - ok
22:35:45.0610 4372  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:35:45.0704 4372  WatAdminSvc - ok
22:35:45.0798 4372  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:35:45.0891 4372  wbengine - ok
22:35:45.0922 4372  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:35:45.0954 4372  WbioSrvc - ok
22:35:45.0954 4372  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:35:46.0000 4372  wcncsvc - ok
22:35:46.0016 4372  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:35:46.0078 4372  WcsPlugInService - ok
22:35:46.0110 4372  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
22:35:46.0125 4372  Wd - ok
22:35:46.0172 4372  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:35:46.0250 4372  Wdf01000 - ok
22:35:46.0266 4372  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:35:46.0359 4372  WdiServiceHost - ok
22:35:46.0359 4372  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:35:46.0406 4372  WdiSystemHost - ok
22:35:46.0422 4372  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:35:46.0468 4372  WebClient - ok
22:35:46.0484 4372  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:35:46.0562 4372  Wecsvc - ok
22:35:46.0578 4372  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:35:46.0624 4372  wercplsupport - ok
22:35:46.0656 4372  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:35:46.0712 4372  WerSvc - ok
22:35:46.0742 4372  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:35:46.0792 4372  WfpLwf - ok
22:35:46.0802 4372  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:35:46.0812 4372  WIMMount - ok
22:35:46.0832 4372  WinDefend - ok
22:35:46.0842 4372  WinHttpAutoProxySvc - ok
22:35:46.0892 4372  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:35:46.0972 4372  Winmgmt - ok
22:35:47.0032 4372  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:35:47.0192 4372  WinRM - ok
22:35:47.0282 4372  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:35:47.0332 4372  WinUsb - ok
22:35:47.0392 4372  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:35:47.0472 4372  Wlansvc - ok
22:35:47.0612 4372  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:35:47.0722 4372  wlidsvc - ok
22:35:47.0732 4372  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:35:47.0752 4372  WmiAcpi - ok
22:35:47.0784 4372  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:35:47.0799 4372  wmiApSrv - ok
22:35:47.0846 4372  WMPNetworkSvc - ok
22:35:47.0862 4372  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:35:47.0893 4372  WPCSvc - ok
22:35:47.0908 4372  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:35:47.0940 4372  WPDBusEnum - ok
22:35:47.0971 4372  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:35:48.0033 4372  ws2ifsl - ok
22:35:48.0033 4372  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
22:35:48.0080 4372  wscsvc - ok
22:35:48.0111 4372  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
22:35:48.0158 4372  WSDPrintDevice - ok
22:35:48.0158 4372  WSearch - ok
22:35:48.0252 4372  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:35:48.0392 4372  wuauserv - ok
22:35:48.0423 4372  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:35:48.0470 4372  WudfPf - ok
22:35:48.0501 4372  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:35:48.0532 4372  WUDFRd - ok
22:35:48.0548 4372  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:35:48.0564 4372  wudfsvc - ok
22:35:48.0595 4372  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:35:48.0626 4372  WwanSvc - ok
22:35:48.0657 4372  [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
22:35:48.0704 4372  ZTEusbmdm6k - ok
22:35:48.0720 4372  [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
22:35:48.0735 4372  ZTEusbnmea - ok
22:35:48.0766 4372  [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
22:35:48.0782 4372  ZTEusbser6k - ok
22:35:48.0798 4372  ================ Scan global ===============================
22:35:48.0829 4372  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:35:48.0876 4372  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:35:48.0891 4372  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:35:48.0922 4372  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:35:48.0938 4372  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:35:48.0938 4372  [Global] - ok
22:35:48.0938 4372  ================ Scan MBR ==================================
22:35:48.0954 4372  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:35:49.0359 4372  \Device\Harddisk0\DR0 - ok
22:35:49.0359 4372  ================ Scan VBR ==================================
22:35:49.0359 4372  [ 5124B971A0BAD621E6A03100EB1ECBF2 ] \Device\Harddisk0\DR0\Partition1
22:35:49.0359 4372  \Device\Harddisk0\DR0\Partition1 - ok
22:35:49.0390 4372  [ A680D11F60E82E5ADDE59DBE16608D9F ] \Device\Harddisk0\DR0\Partition2
22:35:49.0390 4372  \Device\Harddisk0\DR0\Partition2 - ok
22:35:49.0390 4372  ============================================================
22:35:49.0390 4372  Scan finished
22:35:49.0390 4372  ============================================================
22:35:49.0406 4360  Detected object count: 4
22:35:49.0406 4360  Actual detected object count: 4
22:37:07.0203 4360  BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:07.0203 4360  BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:37:07.0203 4360  Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:07.0203 4360  Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:37:07.0203 4360  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:07.0203 4360  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:37:07.0219 4360  tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:07.0219 4360  tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:37:24.0379 3520  Deinitialize success

06.03.2013, 23:42	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	PWS:win32/zbot Hallo, warum bitte führst du combofix aus, sind die Hinweise zu diesem Tool hier nicht deutlich genug? Combofix soll nur ausgeführt werden wenn dir ein qualifizierter Helfer dazu geraten hat! __________________ __________________

10.03.2013, 22:10	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	PWS:win32/zbot Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. __________________ Logfiles bitte immer in CODE-Tags posten

10.03.2013, 22:31	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	PWS:win32/zbot Ja sicher, das Log vom TDSS brauch ich auch __________________ Logfiles bitte immer in CODE-Tags posten

PWS:win32/zbot

Plagegeister aller Art und deren Bekämpfung: PWS:win32/zbot

PWS:win32/zbot

PWS:win32/zbot

PWS:win32/zbot

PWS:win32/zbot

PWS:win32/zbot

PWS:win32/zbot

PWS:win32/zbot

PWS:win32/zbot

PWS:win32/zbot

PWS:win32/zbot

PWS:win32/zbot

PWS:win32/zbot

PWS:win32/zbot

PWS:win32/zbot

PWS:win32/zbot

Ähnliche Themen: PWS:win32/zbot

07.03.2013, 07:48	#3
miciba	PWS:win32/zbot Hallo cosinus, weil das auf exakt die gleiche Fragestellung in der ersten Email die ersten drei Aufgaben waren, die auch Lenzmacher durchführen sollte. Da stand: 1. ADW-Cleaner 2. Junkware Removal Tool 3. Combofix. War das falsch? Gruß miciba __________________

10.03.2013, 21:39	#11
miciba	PWS:win32/zbot Der aswMBR-Scan bricht wiederholt beim scannen von C:\Windows\assembly\GAS_MSIL\Microsofe.VisualStudio.Tool.Aplications (den Rest kann ich nicht mehr erkennen) ab. Ich kann dann das bisher erstellte Logfile leider nicht mehr kopieren. Soll ich den TDSS-Killer jetzt trotzdem im Anschluß laufen lassen? Gruß M.