Delta Search entfernen

zero007 · 26.03.2013, 20:09

Ich habe seit ein paar Tagen das Problem, dass jedes Mal wenn ich einen neuen Tab öffne im Firefox, dass Delta Search erscheint, ebenfalls sind einige Wörter auf verschiedensten Seiten unterstrichen und stellen einen Link zu einer Gewinnspielseite bzw. Infos zu Iphones dar.

Ich habe einen VirenScan laufen lassen, das Programm Malwarebytes Anti-Malware durchlaufen lassen, die 2 Schritte, die im Forum zu diesem Thema empfohlen werden ausgeführt - sprich adwcleaner und OTL ausgeführt. In dieser Reihenfolge verlief die Reinigung

Was muss ich jetzt noch machen, dass mein PC komplett frei von Schädlingen ist? Oder ist er dies bereits?

Anbei die Logdateien der verschiedenen Programme - ich hoffe auf Hilfe.

MALWAREBYTES LOGDATEI

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.26.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Aik :: AIK-PC [Administrator]

Schutz: Aktiviert

26.03.2013 17:45:49
MBAM-log-2013-03-26 (19-26-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 422512
Laufzeit: 1 Stunde(n), 40 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

Infizierte Dateien: 2
C:\Program Files (x86)\Uninstall Information\ib_uninst_358\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.

(Ende)

ADWCLEANER LOGDATEIAdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.115 - Datei am 26/03/2013 um 19:44:04 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Aik - AIK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Aik\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : BrowserProtect

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Aik\AppData\Roaming\Mozilla\Firefox\Profiles\8p6se4wh.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Aik\AppData\Roaming\Mozilla\Firefox\Profiles\8p6se4wh.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Aik\AppData\Roaming\Mozilla\Firefox\Profiles\8p6se4wh.default\searchplugins\delta.xml
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\hdvidcodec.com
Ordner Gelöscht : C:\Program Files (x86)\Movie2KDownloader.com
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Aik\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Aik\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Aik\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Aik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\Aik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
Ordner Gelöscht : C:\Users\Aik\AppData\Roaming\Mozilla\Firefox\Profiles\8p6se4wh.default\extensions\ffxtlbr@delta.com
Ordner Gelöscht : C:\Users\Aik\AppData\Roaming\Mozilla\Firefox\Profiles\8p6se4wh.default\jetpack
Ordner Gelöscht : C:\Users\Aik\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Aik\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Aik\AppData\Roaming\PerformerSoft

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\58edb8cb234ea43
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\58edb8cb234ea43
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=385E0024D61598D9 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=385E0024D61598D9 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Aik\AppData\Roaming\Mozilla\Firefox\Profiles\8p6se4wh.default\prefs.js

C:\Users\Aik\AppData\Roaming\Mozilla\Firefox\Profiles\8p6se4wh.default\user.js ... Gelöscht !

Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntr[...]
Gelöscht : user_pref("avg.install.userSPSettings", "Delta Search");
Gelöscht : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=385E0[...]
Gelöscht : user_pref("browser.search.order.1", "Delta Search");
Gelöscht : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.bbDpng", "26");
Gelöscht : user_pref("extensions.delta.cntry", "AT");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.hdrMd5", "CE4D9E46A9A9B1EAC02E97DAECFBABF8");
Gelöscht : user_pref("extensions.delta.id", "385e68620000000000000024d61598d9");
Gelöscht : user_pref("extensions.delta.instlDay", "15784");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.10.019:28:29");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.sg", "azb");
Gelöscht : user_pref("extensions.delta.smplGrp", "azb");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.019:28:29");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");

*************************

AdwCleaner[S1].txt - [9828 octets] - [26/03/2013 19:44:04]

########## EOF - C:\AdwCleaner[S1].txt - [9888 octets] ##########

--- --- ---

OLT LOG DateienOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 26.03.2013 19:50:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Aik\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,66% Memory free
7,99 Gb Paging File | 6,17 Gb Available in Paging File | 77,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 45,27 Gb Free Space | 46,40% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 243,44 Gb Free Space | 66,13% Space Free | Partition Type: NTFS
 
Computer Name: AIK-PC | User Name: Aik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A53E98D-EB3E-476E-B9B4-BCE9C6DEF46C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2BAA7748-B3E0-427D-A26B-88BC86005C0E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{327948ED-B0B9-451E-906E-F9DC4C50CDF4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{37FFD3EE-C95C-4FF4-B470-E3924291BE07}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3AFF3FF1-B6AD-480D-837B-C07344C2ADFB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{46BCD3C7-72DA-40FF-9DEB-47E6A85F38D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{52315860-A431-4DF3-BCC8-0AE872CB61FC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5CA19FBF-C287-4C0E-86DE-D5497AF5AE8F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{60CE4D4C-1D83-4773-8481-C793A706D622}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6334A1FB-13FC-4FA3-AA2F-6318E5333F3B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{64D995CF-9FA6-4856-82C1-7152A269B63E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{67560831-6C9A-45A6-B76F-15BF1743B6C1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6C678BFE-015B-438A-B70B-19D06B3DA02B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{76A0A505-A807-451F-8766-ACD79FD87DAC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{87130262-C5E8-42CE-9A38-81C36316F664}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9C1212E9-2889-412C-858A-F5191266CD3C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{9F9B092F-7EC6-408B-B118-61D3DFB9E085}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A17FCED5-40FC-4C58-ADC3-85B932477707}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A4F84749-4E75-44D2-863F-B0F2B2775DB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B174CD6E-7638-41DC-8785-4B73544C999E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B36B05F6-BBAB-42A8-B637-3EF28A7B96ED}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C09F49FD-564F-444F-8F9F-C6E03B1E1D62}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CD92B66E-1665-4C22-B339-05F97AB4DB1C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{CE2D7455-8499-4236-9E9D-D412A21684E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D6372555-7BB8-4341-8D47-C9729078E2CF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DDB7687E-E5DF-45C4-AADA-1A5834918543}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02515A9D-9E24-416D-9E5A-1A59EE22ECF6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{039DC8BE-0F37-490D-AB85-EEB9A73FB4C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{046516AF-380C-4906-8093-8F288F1D4269}" = protocol=6 | dir=out | app=system | 
"{04AC5D6B-71FD-4175-A58C-49FAB32C9AD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{05A0F4AD-03F8-4DF3-9313-99B9B87268E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0666E921-F228-4B57-A046-BFBA72A2BAFC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0A657B33-9323-4535-81F7-4D77528FDBBA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{112F00D4-4F59-4A5C-B73A-9E07F2D18421}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{11AAE9EC-7BBD-431C-A1AC-75B837D97510}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{143E1ABB-8316-4468-962B-7E878CE1ABB2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1BCB4F3A-C791-4D93-AB59-3EAE53B2B64E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{1CAF2F46-37B6-44A3-A890-2E3325B592D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{1D53E3DD-C1F0-4CBF-A3BB-2177808A1F1D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1E37A0D3-C0D4-46A0-A83C-C18CD4C0DBAC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{20CC90CB-6AD0-4093-86E3-88BED90BF64E}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{27C2CA4E-4611-4FC0-BA01-4175DF584399}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{288773EE-0DC3-444E-815C-E9208D325AED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{34788860-3672-42A6-8451-608D9C88EED2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{356DC66D-A9AF-4D47-B06E-5EC61BE5408E}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe | 
"{36A26C52-0AC5-4FA8-B96B-57F634320E02}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{38B7DD9B-BC3E-4E8D-8B15-9FA709687389}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{43FDA0CD-9CC0-4D62-B787-6B031A4A66EE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{45DA2AA2-823E-4E66-B450-C89A598A224D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{583B7B4A-6B85-46CE-92DC-6D80705A9AC4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5841D848-5B6E-4A33-A459-F629E4907729}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{59527962-1573-4251-9E07-6E8CF3C35DB7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{63EFC62A-647D-42C2-B5F8-F3EDB3AC5745}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7ADE9411-0560-4E91-9265-813E3FFDED9C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{7E7FC168-ADFE-4B41-9411-DC9279320547}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{7FB800AD-5443-4F83-B85A-0B5B3958805A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{80E61BE1-FA67-4B89-80E9-7608B8010CAC}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe | 
"{8B7427B9-6927-46ED-9AA1-2EA4254C3CB6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{8CB8310C-FD4B-4102-ABE9-8284B499BBB7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{93FEF2DB-874F-4D98-BBF7-E65CCC08A3E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A137C3E6-E68A-4EA4-BC5B-A11753A9DB6E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{B46E4973-84F5-4FE7-B551-726D88878717}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B69079EC-3341-4C2A-A84C-C5E707662925}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B6C76C67-4E16-415E-92E5-8CE49720CCC1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{C42451FD-2999-41AF-BD91-5AA7E2F76464}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{C651BC11-D38A-4030-BCD7-866EB9435352}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{C67CDC0B-930D-4275-B7DA-53EF87437625}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C83DE1D0-29A6-494E-9756-ABB11B209384}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C9316605-FDB0-496B-9545-0313E7C789D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CA066705-1946-4560-89B1-10210203BFA3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D1A841CE-3F60-46E0-B16D-C05D68001409}" = dir=in | app=e:\setup\hpznui40.exe | 
"{D4CF376B-7B84-4551-9002-D2EB05EE9B42}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{E7A0FF0C-C58C-42D0-A3F4-22F73B524EB6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{EBE6442C-5C5E-4761-8425-17BECDE8BE89}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{F85270F0-F548-415C-B233-CAF9985D371F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F9AA3143-A356-4525-8F70-09743043EFC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F9BA4EF8-B000-4510-87D1-D314161F6874}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FB3B4C93-C08B-4B01-8B75-06DCEFC92787}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FFC3555F-5870-451A-87BB-18A3CE98216D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4f905097-477f-4f75-b410-4c47aa71fe49}" = Nero MediaHome 4 Essentials
"{69FC3B9A-4149-43DB-A557-6ED0C8D8BA44}" = Nero MediaHome 4 Help
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{99EF387E-633E-4CFB-BFA3-AB961B685DDF}" = Nero MediaHome 4
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.03.2013 16:22:46 | Computer Name = Aik-PC | Source = Bonjour Service | ID = 100
Description = 428: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
 
Error - 24.03.2013 16:22:46 | Computer Name = Aik-PC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053 
 
Error - 24.03.2013 16:22:46 | Computer Name = Aik-PC | Source = Bonjour Service | ID = 100
Description = 428: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
 
Error - 24.03.2013 16:22:46 | Computer Name = Aik-PC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053 
 
Error - 24.03.2013 16:22:46 | Computer Name = Aik-PC | Source = Bonjour Service | ID = 100
Description = 428: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
 
Error - 25.03.2013 10:36:03 | Computer Name = Aik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.03.2013 11:34:42 | Computer Name = Aik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.03.2013 11:33:02 | Computer Name = Aik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.03.2013 14:30:37 | Computer Name = Aik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.03.2013 14:47:36 | Computer Name = Aik-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.03.2013 13:08:29 | Computer Name = Aik-PC | Source = bowser | ID = 8003
Description = 
 
Error - 26.03.2013 13:33:09 | Computer Name = Aik-PC | Source = bowser | ID = 8003
Description = 
 
Error - 26.03.2013 14:03:25 | Computer Name = Aik-PC | Source = bowser | ID = 8003
Description = 
 
Error - 26.03.2013 14:15:26 | Computer Name = Aik-PC | Source = bowser | ID = 8003
Description = 
 
Error - 26.03.2013 14:27:26 | Computer Name = Aik-PC | Source = bowser | ID = 8003
Description = 
 
Error - 26.03.2013 14:28:58 | Computer Name = Aik-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 26.03.2013 14:28:58 | Computer Name = Aik-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 26.03.2013 14:33:19 | Computer Name = Aik-PC | Source = bowser | ID = 8003
Description = 
 
Error - 26.03.2013 14:45:48 | Computer Name = Aik-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 26.03.2013 14:45:48 | Computer Name = Aik-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 26.03.2013 19:50:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Aik\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,66% Memory free
7,99 Gb Paging File | 6,17 Gb Available in Paging File | 77,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 45,27 Gb Free Space | 46,40% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 243,44 Gb Free Space | 66,13% Space Free | Partition Type: NTFS
 
Computer Name: AIK-PC | User Name: Aik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.26 17:22:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aik\Desktop\OTL.exe
PRC - [2013.02.19 22:24:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.19 22:22:59 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.19 22:22:59 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.01.28 13:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.12.17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.02.28 17:12:14 | 000,517,416 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
PRC - [2009.07.01 17:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.02.26 01:03:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.03.03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe -- (AESTFilters)
SRV - [2013.03.14 11:49:32 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.11 12:12:03 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.19 22:24:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.19 22:22:59 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.28 17:12:14 | 000,517,416 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.26 01:03:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe -- (STacSV)
SRV - [2009.09.23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.07.01 17:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.12.11 15:46:27 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 15:46:27 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.04 01:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.08.02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.04.15 12:40:10 | 000,301,688 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010.02.26 01:03:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.21 10:42:26 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.21 10:42:26 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.21 10:42:26 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.07.21 10:42:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 22 04 3A 4E 25 CE 01  [binary data]
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1364226288&rver=6.1.6206.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fdub113.mail.live.com%2Fdefault.aspx%3Fn%3D1070017894%26fid%3D1&lc=1031&id=64855&mkt=de-de&cbcxt=mai|https://www.facebook.com/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.14 16:33:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 12:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.11 12:11:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.14 16:33:35 | 000,000,000 | ---D | M]
 
[2011.10.19 15:46:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\Extensions
[2013.03.26 19:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\Firefox\Profiles\8p6se4wh.default\extensions
[2013.03.24 22:13:59 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Aik\AppData\Roaming\mozilla\Firefox\Profiles\8p6se4wh.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012.11.21 20:46:17 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\firefox\profiles\8p6se4wh.default\extensions\DivXWebPlayer@divx.com.xpi
[2013.03.25 16:47:56 | 000,004,366 | ---- | M] () (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\firefox\profiles\8p6se4wh.default\extensions\firefox@mega.co.nz.xpi
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\firefox\profiles\8p6se4wh.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.03.26 16:38:27 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\firefox\profiles\8p6se4wh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.11 12:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.11 12:11:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1125.80\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\AIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8P6SE4WH.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM
[2013.03.11 12:12:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.23 22:06:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.02 20:08:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.23 22:06:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 22:06:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 22:06:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 22:06:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Aik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Aik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 192.168.0.254 213.33.99.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16C78E3C-E336-44E5-8550-AB9CC17128FA}: DhcpNameServer = 192.168.0.254 192.168.0.254 213.33.99.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A9DAD93-FD94-440C-AB7F-D351E9B4ED71}: DhcpNameServer = 213.162.69.169 213.162.69.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5255E45-312D-4944-9305-10EC517E439C}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.26 17:41:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Aik\Desktop\OTL.exe
[2013.03.26 17:39:52 | 000,000,000 | ---D | C] -- C:\Users\Aik\AppData\Roaming\Malwarebytes
[2013.03.26 17:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.26 17:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.26 17:39:10 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.26 17:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.26 17:38:53 | 000,000,000 | ---D | C] -- C:\Users\Aik\AppData\Local\Programs
[2013.03.20 19:35:37 | 000,000,000 | ---D | C] -- C:\Users\Aik\AppData\Roaming\Nero
[2013.03.20 19:35:30 | 000,000,000 | ---D | C] -- C:\Users\Aik\AppData\Local\Nero
[2013.03.20 19:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013.03.20 19:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013.03.20 19:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2013.03.20 19:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2013.03.20 19:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2013.03.20 19:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2013.03.20 19:25:44 | 000,000,000 | ---D | C] -- C:\Users\Aik\AppData\Local\Plex Media Server
[2013.03.20 19:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plex
[2013.03.14 12:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2013.03.14 11:07:00 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.14 11:06:58 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.14 11:06:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.14 11:06:58 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.14 11:06:58 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.14 11:06:58 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.14 11:06:58 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.11 12:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.11 12:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.03.11 12:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.11 12:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.03.11 12:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013.03.11 12:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.27 20:45:28 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.27 20:45:27 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.27 20:45:27 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.27 20:45:26 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.27 20:45:19 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.27 20:45:19 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.27 20:45:17 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.27 20:45:17 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.27 20:45:17 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.27 20:45:17 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.27 20:45:17 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 20:45:17 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 20:45:17 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 20:45:17 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 20:45:17 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 20:45:17 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 20:45:17 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 20:45:17 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 20:45:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 20:45:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 20:45:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 20:45:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 20:45:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 20:45:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 20:45:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 20:45:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 20:45:17 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 20:45:17 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 20:45:16 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.27 20:45:16 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.27 20:45:16 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.27 20:45:16 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.27 20:45:16 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.27 20:45:16 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.27 20:45:16 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.27 20:45:16 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.27 20:45:16 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.27 20:45:15 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.27 20:45:15 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.27 20:45:15 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.27 20:45:15 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.26 19:53:54 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.26 19:53:54 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.26 19:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.26 19:45:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.26 19:45:43 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.26 17:39:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.26 17:22:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aik\Desktop\OTL.exe
[2013.03.26 17:22:22 | 000,609,993 | ---- | M] () -- C:\Users\Aik\Desktop\adwcleaner.exe
[2013.03.20 19:33:41 | 000,002,403 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk
[2013.03.18 22:45:56 | 001,507,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.18 22:45:56 | 000,657,948 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.18 22:45:56 | 000,619,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.18 22:45:56 | 000,131,288 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.18 22:45:56 | 000,107,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.14 11:49:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.14 11:49:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.11 12:18:12 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.28 14:57:18 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.28 14:57:09 | 000,735,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.28 14:57:09 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.28 14:57:07 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.28 14:37:20 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.28 14:37:08 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.28 14:37:03 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
 
========== Files Created - No Company Name ==========
 
[2013.03.26 17:41:06 | 000,609,993 | ---- | C] () -- C:\Users\Aik\Desktop\adwcleaner.exe
[2013.03.26 17:39:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.20 19:33:41 | 000,002,403 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk
[2013.03.20 19:28:45 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.03.11 12:18:12 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.27 13:39:50 | 015,994,773 | ---- | C] () -- C:\Users\Aik\Desktop\WhatsApp 2.8.7.ipa
[2012.07.12 12:42:34 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.05 12:15:06 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.03.05 12:15:06 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.12.27 00:36:30 | 000,003,584 | ---- | C] () -- C:\Users\Aik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.14 16:26:01 | 000,266,091 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011.11.14 16:07:52 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2011.10.19 20:44:24 | 000,142,504 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.10.19 15:35:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---

cosinus · 26.03.2013, 23:27

Hallo und

Zitat:

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Zitat:

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 192.168.0.254 213.33.99.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16C78E3C-E336-44E5-8550-AB9CC17128FA}: DhcpNameServer = 192.168.0.254 192.168.0.254 213.33.99.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A9DAD93-FD94-440C-AB7F-D351E9B4ED71}: DhcpNameServer = 213.162.69.169 213.162.69.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5255E45-312D-4944-9305-10EC517E439C}: DhcpNameServer = 10.0.0.138

Die IP-Adressbereiche in deinem Log sehen stark nach "Nicht-Privat" aus....(ok, 192.168.x.y oder 10.0.x.y Adressen mögen "privat" sein, aber sind im Heimbereich doch sehr selten anzutreffen)

zero007 · 27.03.2013, 11:27

Vielen Dank für deine Antwort.

Ich habe den Laptop so von einem Kolleg bekommen, mit Betriebssystem etc. Daher wusste ich nicht mal, dass ich eine Ultimate-Edition drauf habe (da ich mich sehr schlecht in diesen Bereichen auskenne...) Hat dies irgendwelche Nachteile bzw. irgendwas mit dem Malware-Problem zu tun?

Ebenso die Frage nach den IP-Adressen (wie gesagt ich kenn mich in diesem Bereich gar nicht aus, deshalb schon mal sorry für etwaige doofe Fragen) - welche Auswirkungen hat dies für mich bzw was wolltest du mir damit sagen?

Und meine Frage - ob mein Pc nun komplett bereinigt ist?

Gerade habe ich festgestellt, dass bestimmte Wörter auf den Websites immer noch unterstrichen sind und als Link angeführt werden - zu einem IPad Gewinnspiel bzw. CouponDropDown. Wie behebe ich diesen Fehler?

cosinus · 27.03.2013, 15:50

Von einem Arbeitskollegen bekommen, einfach so und du nutzt den Rechner jetzt nur noch rein privat?

Bitte erst das klären, dann beantworte ich deine anderen Fragen

zero007 · 27.03.2013, 22:25

Was ist das Problem? Ich verstehe deinen Unmut nicht....klar benutze ich den Rechner einfach so...wie gesagt, ich kenn mich nicht aus, und habe mir nichts dabei gedacht. Wenn ich dabei falsch liegen sollte, dann kläre mich gerne auf.

cosinus · 28.03.2013, 12:44

Bitte erkläre einfach, warum du offensichtlich einen Firmenrechner von einem Kollegen einfach so bekommst nur im damit alles rein privates Zeug zu machen. Das klingt für mich nämlich so einfach nicht plausibel.

zero007 · 28.03.2013, 17:14

Es ist mein Laptop, das Betriebssystem wurde von einem Kollegen davor drauf gespielt und ich habe daran nichts verändert, als ich ihm abgekauft habe, klärt das deine Frage nun?!

Hast du noch hiflreiche Tipps zu meinem Problem, weil um über mein Betriebssystem zu diskutieren, habe ich dieses Thema nicht eröffnet und vorallem nicht, wenn du nicht mal erklären kannst, wo das Problem dabei ist.

cosinus · 29.03.2013, 00:17

Ich bin immer hellhörig wenn ich teure ultimate Editionen in den Logs sehe, v.a. wenn es angeblich vorher ein "Kollege" gehört und dann mit dieser ultimate edition betankt hat. Kollegen und Nachbarn spielen gerne gecrackte Software drauf, schon oft erlebt wie "Was, Windows oder Office kaufen, der Nachbar hat doch da seine Version"

Ich will dir jetzt keine gecrackte Windows-Installation unterstellen, aber das Problem an Cracks ist nicht nur die Illegalität sondern auch das hohe Risiko durch Malware die in "schwarzen" Versionen steckt, bzw Malware die in den Cracks eingebaut wurde. Dies bitte nur als Hinweis betrachten.

Aber auch: solche Editionen sind teurer, eher für den gewerblichen Betrieb ausgelegt. Deswegen poste ich das mal prophylaktisch v.a. damit du verstehst worauf ich hinaus will:

Zitat:

3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

zero007 · 31.03.2013, 16:01

Okay - verstehe worauf du hinaus wolltest.

Wie gesagt ich benutze diesen Rechner nur mehr privat und habe diesen auch schon länger und das Problem mit der Malware ist erst jetzt aufgetretten, also wird dies wahrscheinlich nicht zusammenhängen.

Kann ich jetzt noch Hilfestellung bekommen oder ist das unter diesen Voraussetzungen nicht möglich?

Danke schon mal im Voraus!

cosinus · 01.04.2013, 15:19

Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

zero007 · 02.04.2013, 07:26

Gesagt getan - nachfolgend die entsprechenden Logs. Ich glaube es sieht ganz gut aus oder?

Code:

ATTFilter

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-04-02 08:06:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0003DEM1 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Aik\AppData\Local\Temp\uwldrpow.sys


---- User code sections - GMER 2.1 ----

.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     0000000075da1465 2 bytes [DA, 75]
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    0000000075da14bb 2 bytes [DA, 75]
.text   ...                                                                                                                                               * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075da1465 2 bytes [DA, 75]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075da14bb 2 bytes [DA, 75]
.text   ...                                                                                                                                               * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\SysWOW64\svchost.exe [1824:4632]                                                                                                       00000000735c17a4
Thread  C:\Windows\System32\svchost.exe [5688:992]                                                                                                        000007fef32a9688

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607690bd26                                                                       
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607690bd26@fca13e8b8a3d                                                          0xF6 0x5A 0x79 0x94 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607690bd26@5c95ae0e5df3                                                          0x25 0x07 0xD2 0xB2 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607690bd26 (not active ControlSet)                                                   
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607690bd26@fca13e8b8a3d                                                              0xF6 0x5A 0x79 0x94 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607690bd26@5c95ae0e5df3                                                              0x25 0x07 0xD2 0xB2 ...

---- EOF - GMER 2.1 ----

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.02.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Aik :: AIK-PC [administrator]

02.04.2013 08:22:17
mbar-log-2013-04-02 (08-22-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30356
Time elapsed: 11 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus · 02.04.2013, 11:37

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

zero007 · 02.04.2013, 15:28

Code:

ATTFilter

 aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-02 15:47:21
-----------------------------
15:47:21.127    OS Version: Windows x64 6.1.7601 Service Pack 1
15:47:21.127    Number of processors: 2 586 0x170A
15:47:21.127    ComputerName: AIK-PC  UserName: Aik
15:47:24.044    Initialize success
15:48:31.119    AVAST engine defs: 13040200
15:48:42.571    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:48:42.587    Disk 0 Vendor: ST9500325AS 0003DEM1 Size: 476940MB BusType: 11
15:48:42.680    Disk 0 MBR read successfully
15:48:42.680    Disk 0 MBR scan
15:48:42.696    Disk 0 Windows 7 default MBR code
15:48:42.711    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:48:42.727    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        99900 MB offset 206848
15:48:42.758    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       376938 MB offset 204802048
15:48:42.821    Disk 0 scanning C:\Windows\system32\drivers
15:49:02.258    Service scanning
15:49:33.898    Modules scanning
15:49:33.898    Disk 0 trace - called modules:
15:49:33.929    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
15:49:33.929    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045a4640]
15:49:33.945    3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004151060]
15:49:35.053    AVAST engine scan C:\Windows
15:49:37.627    AVAST engine scan C:\Windows\system32
15:55:20.359    AVAST engine scan C:\Windows\system32\drivers
15:55:38.066    AVAST engine scan C:\Users\Aik
16:19:07.023    AVAST engine scan C:\ProgramData
16:20:42.891    Scan finished successfully
16:22:09.925    Disk 0 MBR has been saved successfully to "C:\Users\Aik\Desktop\MBR.dat"
16:22:09.925    The log file has been saved successfully to "C:\Users\Aik\Desktop\aswMBR.txt"

Code:

ATTFilter

 16:22:43.0310 4072  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:22:43.0638 4072  ============================================================
16:22:43.0638 4072  Current date / time: 2013/04/02 16:22:43.0638
16:22:43.0638 4072  SystemInfo:
16:22:43.0638 4072  
16:22:43.0638 4072  OS Version: 6.1.7601 ServicePack: 1.0
16:22:43.0638 4072  Product type: Workstation
16:22:43.0638 4072  ComputerName: AIK-PC
16:22:43.0638 4072  UserName: Aik
16:22:43.0638 4072  Windows directory: C:\Windows
16:22:43.0638 4072  System windows directory: C:\Windows
16:22:43.0638 4072  Running under WOW64
16:22:43.0638 4072  Processor architecture: Intel x64
16:22:43.0638 4072  Number of processors: 2
16:22:43.0638 4072  Page size: 0x1000
16:22:43.0638 4072  Boot type: Normal boot
16:22:43.0638 4072  ============================================================
16:22:45.0120 4072  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:22:45.0229 4072  ============================================================
16:22:45.0229 4072  \Device\Harddisk0\DR0:
16:22:45.0229 4072  MBR partitions:
16:22:45.0229 4072  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:22:45.0229 4072  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
16:22:45.0229 4072  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x2E035000
16:22:45.0229 4072  ============================================================
16:22:45.0260 4072  C: <-> \Device\Harddisk0\DR0\Partition2
16:22:45.0291 4072  D: <-> \Device\Harddisk0\DR0\Partition3
16:22:45.0291 4072  ============================================================
16:22:45.0291 4072  Initialize success
16:22:45.0291 4072  ============================================================
16:24:49.0145 4888  ============================================================
16:24:49.0145 4888  Scan started
16:24:49.0145 4888  Mode: Manual; SigCheck; TDLFS; 
16:24:49.0145 4888  ============================================================
16:24:50.0003 4888  ================ Scan system memory ========================
16:24:50.0003 4888  System memory - ok
16:24:50.0003 4888  ================ Scan services =============================
16:24:50.0393 4888  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:24:50.0580 4888  1394ohci - ok
16:24:50.0611 4888  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:24:50.0642 4888  ACPI - ok
16:24:50.0658 4888  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:24:50.0752 4888  AcpiPmi - ok
16:24:50.0861 4888  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:24:50.0876 4888  AdobeARMservice - ok
16:24:51.0032 4888  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:24:51.0064 4888  AdobeFlashPlayerUpdateSvc - ok
16:24:51.0126 4888  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:24:51.0157 4888  adp94xx - ok
16:24:51.0204 4888  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:24:51.0220 4888  adpahci - ok
16:24:51.0235 4888  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:24:51.0251 4888  adpu320 - ok
16:24:51.0298 4888  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:24:51.0422 4888  AeLookupSvc - ok
16:24:51.0532 4888  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
16:24:51.0594 4888  AESTFilters - ok
16:24:51.0656 4888  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:24:51.0719 4888  AFD - ok
16:24:51.0750 4888  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:24:51.0766 4888  agp440 - ok
16:24:51.0812 4888  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:24:51.0906 4888  ALG - ok
16:24:51.0937 4888  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:24:51.0953 4888  aliide - ok
16:24:51.0984 4888  [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:24:52.0062 4888  AMD External Events Utility - ok
16:24:52.0078 4888  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:24:52.0093 4888  amdide - ok
16:24:52.0124 4888  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:24:52.0156 4888  AmdK8 - ok
16:24:52.0171 4888  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
16:24:52.0202 4888  AmdPPM - ok
16:24:52.0234 4888  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:24:52.0249 4888  amdsata - ok
16:24:52.0280 4888  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:24:52.0296 4888  amdsbs - ok
16:24:52.0312 4888  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:24:52.0327 4888  amdxata - ok
16:24:52.0421 4888  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:24:52.0436 4888  AntiVirSchedulerService - ok
16:24:52.0468 4888  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:24:52.0483 4888  AntiVirService - ok
16:24:52.0530 4888  [ 98449A2957778A6F025C418438A380F4 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
16:24:52.0577 4888  ApfiltrService - ok
16:24:52.0624 4888  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:24:52.0811 4888  AppID - ok
16:24:52.0842 4888  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:24:52.0920 4888  AppIDSvc - ok
16:24:52.0936 4888  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:24:52.0998 4888  Appinfo - ok
16:24:53.0045 4888  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:24:53.0107 4888  Apple Mobile Device - ok
16:24:53.0138 4888  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
16:24:53.0201 4888  AppMgmt - ok
16:24:53.0232 4888  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
16:24:53.0248 4888  arc - ok
16:24:53.0263 4888  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:24:53.0279 4888  arcsas - ok
16:24:53.0310 4888  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:24:53.0372 4888  AsyncMac - ok
16:24:53.0404 4888  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:24:53.0404 4888  atapi - ok
16:24:53.0591 4888  [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:24:53.0794 4888  atikmdag - ok
16:24:53.0840 4888  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:24:53.0918 4888  AudioEndpointBuilder - ok
16:24:53.0934 4888  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:24:53.0965 4888  AudioSrv - ok
16:24:54.0012 4888  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:24:54.0028 4888  avgntflt - ok
16:24:54.0074 4888  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:24:54.0090 4888  avipbb - ok
16:24:54.0121 4888  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:24:54.0137 4888  avkmgr - ok
16:24:54.0168 4888  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:24:54.0277 4888  AxInstSV - ok
16:24:54.0324 4888  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:24:54.0386 4888  b06bdrv - ok
16:24:54.0418 4888  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:24:54.0480 4888  b57nd60a - ok
16:24:54.0527 4888  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:24:54.0589 4888  BDESVC - ok
16:24:54.0605 4888  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:24:54.0683 4888  Beep - ok
16:24:54.0839 4888  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:24:54.0932 4888  BFE - ok
16:24:54.0979 4888  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:24:55.0073 4888  BITS - ok
16:24:55.0088 4888  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:24:55.0135 4888  blbdrive - ok
16:24:55.0213 4888  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:24:55.0244 4888  Bonjour Service - ok
16:24:55.0307 4888  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:24:55.0354 4888  bowser - ok
16:24:55.0369 4888  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:24:55.0416 4888  BrFiltLo - ok
16:24:55.0432 4888  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:24:55.0447 4888  BrFiltUp - ok
16:24:55.0494 4888  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:24:55.0541 4888  Browser - ok
16:24:55.0572 4888  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:24:55.0634 4888  Brserid - ok
16:24:55.0650 4888  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:24:55.0681 4888  BrSerWdm - ok
16:24:55.0697 4888  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:24:55.0712 4888  BrUsbMdm - ok
16:24:55.0728 4888  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:24:55.0744 4888  BrUsbSer - ok
16:24:55.0806 4888  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
16:24:55.0853 4888  BthEnum - ok
16:24:55.0868 4888  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:24:55.0915 4888  BTHMODEM - ok
16:24:55.0946 4888  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:24:55.0993 4888  BthPan - ok
16:24:56.0040 4888  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
16:24:56.0087 4888  BTHPORT - ok
16:24:56.0102 4888  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:24:56.0165 4888  bthserv - ok
16:24:56.0180 4888  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
16:24:56.0212 4888  BTHUSB - ok
16:24:56.0243 4888  [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
16:24:56.0258 4888  btwaudio - ok
16:24:56.0293 4888  [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
16:24:56.0308 4888  btwavdt - ok
16:24:56.0402 4888  [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:24:56.0449 4888  btwdins - ok
16:24:56.0480 4888  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
16:24:56.0480 4888  btwl2cap - ok
16:24:56.0495 4888  [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
16:24:56.0495 4888  btwrchid - ok
16:24:56.0542 4888  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:24:56.0605 4888  cdfs - ok
16:24:56.0651 4888  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:24:56.0667 4888  cdrom - ok
16:24:56.0698 4888  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:24:56.0776 4888  CertPropSvc - ok
16:24:56.0823 4888  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
16:24:56.0854 4888  circlass - ok
16:24:56.0948 4888  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:24:56.0979 4888  CLFS - ok
16:24:57.0088 4888  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:24:57.0119 4888  clr_optimization_v2.0.50727_32 - ok
16:24:57.0197 4888  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:24:57.0229 4888  clr_optimization_v2.0.50727_64 - ok
16:24:57.0307 4888  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:24:57.0353 4888  clr_optimization_v4.0.30319_32 - ok
16:24:57.0431 4888  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:24:57.0447 4888  clr_optimization_v4.0.30319_64 - ok
16:24:57.0478 4888  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:24:57.0525 4888  CmBatt - ok
16:24:57.0541 4888  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:24:57.0572 4888  cmdide - ok
16:24:57.0603 4888  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:24:57.0665 4888  CNG - ok
16:24:57.0681 4888  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:24:57.0712 4888  Compbatt - ok
16:24:57.0728 4888  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:24:57.0759 4888  CompositeBus - ok
16:24:57.0759 4888  COMSysApp - ok
16:24:57.0775 4888  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:24:57.0790 4888  crcdisk - ok
16:24:57.0853 4888  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:24:57.0900 4888  CryptSvc - ok
16:24:57.0931 4888  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
16:24:57.0978 4888  CSC - ok
16:24:58.0009 4888  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
16:24:58.0056 4888  CscService - ok
16:24:58.0102 4888  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:24:58.0180 4888  DcomLaunch - ok
16:24:58.0196 4888  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:24:58.0258 4888  defragsvc - ok
16:24:58.0290 4888  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:24:58.0336 4888  DfsC - ok
16:24:58.0352 4888  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:24:58.0414 4888  Dhcp - ok
16:24:58.0430 4888  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:24:58.0477 4888  discache - ok
16:24:58.0508 4888  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
16:24:58.0524 4888  Disk - ok
16:24:58.0555 4888  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
16:24:58.0602 4888  dmvsc - ok
16:24:58.0633 4888  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:24:58.0695 4888  Dnscache - ok
16:24:58.0726 4888  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:24:58.0836 4888  dot3svc - ok
16:24:58.0867 4888  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
16:24:58.0914 4888  Dot4 - ok
16:24:58.0929 4888  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:24:58.0945 4888  Dot4Print - ok
16:24:58.0960 4888  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
16:24:59.0007 4888  dot4usb - ok
16:24:59.0023 4888  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:24:59.0085 4888  DPS - ok
16:24:59.0116 4888  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:24:59.0148 4888  drmkaud - ok
16:24:59.0194 4888  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:24:59.0257 4888  DXGKrnl - ok
16:24:59.0288 4888  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:24:59.0350 4888  EapHost - ok
16:24:59.0428 4888  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:24:59.0553 4888  ebdrv - ok
16:24:59.0600 4888  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:24:59.0616 4888  EFS - ok
16:24:59.0678 4888  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:24:59.0756 4888  ehRecvr - ok
16:24:59.0787 4888  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:24:59.0818 4888  ehSched - ok
16:24:59.0865 4888  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:24:59.0881 4888  elxstor - ok
16:24:59.0896 4888  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:24:59.0928 4888  ErrDev - ok
16:24:59.0974 4888  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:25:00.0052 4888  EventSystem - ok
16:25:00.0084 4888  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:25:00.0130 4888  exfat - ok
16:25:00.0162 4888  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:25:00.0208 4888  fastfat - ok
16:25:00.0255 4888  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:25:00.0318 4888  Fax - ok
16:25:00.0333 4888  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
16:25:00.0380 4888  fdc - ok
16:25:00.0396 4888  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:25:00.0442 4888  fdPHost - ok
16:25:00.0442 4888  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:25:00.0505 4888  FDResPub - ok
16:25:00.0536 4888  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:25:00.0552 4888  FileInfo - ok
16:25:00.0552 4888  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:25:00.0614 4888  Filetrace - ok
16:25:00.0630 4888  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:25:00.0645 4888  flpydisk - ok
16:25:00.0661 4888  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:25:00.0676 4888  FltMgr - ok
16:25:00.0739 4888  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
16:25:00.0817 4888  FontCache - ok
16:25:00.0879 4888  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:25:00.0910 4888  FontCache3.0.0.0 - ok
16:25:00.0926 4888  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:25:00.0942 4888  FsDepends - ok
16:25:00.0973 4888  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:25:00.0988 4888  Fs_Rec - ok
16:25:01.0020 4888  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:25:01.0051 4888  fvevol - ok
16:25:01.0082 4888  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:25:01.0098 4888  gagp30kx - ok
16:25:01.0144 4888  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:25:01.0160 4888  GEARAspiWDM - ok
16:25:01.0191 4888  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:25:01.0269 4888  gpsvc - ok
16:25:01.0285 4888  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:25:01.0332 4888  hcw85cir - ok
16:25:01.0394 4888  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:25:01.0441 4888  HdAudAddService - ok
16:25:01.0472 4888  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:25:01.0519 4888  HDAudBus - ok
16:25:01.0534 4888  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:25:01.0550 4888  HidBatt - ok
16:25:01.0581 4888  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:25:01.0612 4888  HidBth - ok
16:25:01.0628 4888  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:25:01.0644 4888  HidIr - ok
16:25:01.0675 4888  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:25:01.0722 4888  hidserv - ok
16:25:01.0768 4888  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:25:01.0784 4888  HidUsb - ok
16:25:01.0800 4888  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:25:01.0862 4888  hkmsvc - ok
16:25:01.0893 4888  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:25:01.0940 4888  HomeGroupListener - ok
16:25:01.0971 4888  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:25:02.0002 4888  HomeGroupProvider - ok
16:25:02.0127 4888  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:25:02.0143 4888  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
16:25:02.0143 4888  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
16:25:02.0205 4888  [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:25:02.0236 4888  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
16:25:02.0236 4888  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
16:25:02.0268 4888  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:25:02.0283 4888  HpSAMD - ok
16:25:02.0377 4888  [ 2ADF33F93991C4E24E86FFA5F906417B ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
16:25:02.0424 4888  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
16:25:02.0439 4888  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
16:25:02.0470 4888  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:25:02.0564 4888  HTTP - ok
16:25:02.0580 4888  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:25:02.0595 4888  hwpolicy - ok
16:25:02.0626 4888  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:25:02.0642 4888  i8042prt - ok
16:25:02.0985 4888  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:25:03.0016 4888  iaStorV - ok
16:25:03.0126 4888  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:25:03.0204 4888  idsvc - ok
16:25:03.0250 4888  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:25:03.0266 4888  iirsp - ok
16:25:03.0313 4888  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:25:03.0391 4888  IKEEXT - ok
16:25:03.0438 4888  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:25:03.0453 4888  intelide - ok
16:25:03.0484 4888  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:25:03.0500 4888  intelppm - ok
16:25:03.0531 4888  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:25:03.0578 4888  IPBusEnum - ok
16:25:03.0594 4888  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:25:03.0625 4888  IpFilterDriver - ok
16:25:03.0672 4888  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:25:03.0718 4888  iphlpsvc - ok
16:25:03.0734 4888  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:25:03.0750 4888  IPMIDRV - ok
16:25:03.0765 4888  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:25:03.0812 4888  IPNAT - ok
16:25:03.0906 4888  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:25:03.0952 4888  iPod Service - ok
16:25:03.0984 4888  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:25:04.0015 4888  IRENUM - ok
16:25:04.0030 4888  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:25:04.0046 4888  isapnp - ok
16:25:04.0062 4888  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:25:04.0093 4888  iScsiPrt - ok
16:25:04.0108 4888  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:25:04.0124 4888  kbdclass - ok
16:25:04.0155 4888  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:25:04.0186 4888  kbdhid - ok
16:25:04.0186 4888  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:25:04.0202 4888  KeyIso - ok
16:25:04.0233 4888  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:25:04.0249 4888  KSecDD - ok
16:25:04.0280 4888  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:25:04.0296 4888  KSecPkg - ok
16:25:04.0296 4888  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:25:04.0358 4888  ksthunk - ok
16:25:04.0391 4888  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:25:04.0469 4888  KtmRm - ok
16:25:04.0516 4888  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:25:04.0563 4888  LanmanServer - ok
16:25:04.0610 4888  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:25:04.0656 4888  LanmanWorkstation - ok
16:25:04.0703 4888  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:25:04.0750 4888  lltdio - ok
16:25:04.0766 4888  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:25:04.0828 4888  lltdsvc - ok
16:25:04.0844 4888  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:25:04.0890 4888  lmhosts - ok
16:25:04.0922 4888  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:25:04.0937 4888  LSI_FC - ok
16:25:04.0953 4888  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:25:04.0968 4888  LSI_SAS - ok
16:25:05.0000 4888  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:25:05.0015 4888  LSI_SAS2 - ok
16:25:05.0031 4888  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:25:05.0046 4888  LSI_SCSI - ok
16:25:05.0062 4888  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:25:05.0124 4888  luafv - ok
16:25:05.0171 4888  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:25:05.0187 4888  MBAMProtector - ok
16:25:05.0249 4888  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:25:05.0280 4888  MBAMScheduler - ok
16:25:05.0312 4888  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:25:05.0327 4888  MBAMService - ok
16:25:05.0374 4888  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:25:05.0405 4888  Mcx2Svc - ok
16:25:05.0436 4888  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:25:05.0452 4888  megasas - ok
16:25:05.0468 4888  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:25:05.0483 4888  MegaSR - ok
16:25:05.0546 4888  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:25:05.0577 4888  Microsoft Office Groove Audit Service - ok
16:25:05.0624 4888  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:25:05.0686 4888  MMCSS - ok
16:25:05.0702 4888  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:25:05.0748 4888  Modem - ok
16:25:05.0795 4888  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:25:05.0842 4888  monitor - ok
16:25:05.0858 4888  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:25:05.0889 4888  mouclass - ok
16:25:05.0920 4888  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:25:05.0936 4888  mouhid - ok
16:25:05.0967 4888  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:25:05.0982 4888  mountmgr - ok
16:25:06.0045 4888  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:25:06.0076 4888  MozillaMaintenance - ok
16:25:06.0107 4888  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:25:06.0138 4888  mpio - ok
16:25:06.0154 4888  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:25:06.0185 4888  mpsdrv - ok
16:25:06.0216 4888  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:25:06.0279 4888  MpsSvc - ok
16:25:06.0294 4888  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:25:06.0341 4888  MRxDAV - ok
16:25:06.0357 4888  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:25:06.0404 4888  mrxsmb - ok
16:25:06.0450 4888  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:25:06.0482 4888  mrxsmb10 - ok
16:25:06.0497 4888  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:25:06.0513 4888  mrxsmb20 - ok
16:25:06.0528 4888  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:25:06.0544 4888  msahci - ok
16:25:06.0560 4888  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:25:06.0591 4888  msdsm - ok
16:25:06.0622 4888  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:25:06.0653 4888  MSDTC - ok
16:25:06.0684 4888  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:25:06.0731 4888  Msfs - ok
16:25:06.0747 4888  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:25:06.0794 4888  mshidkmdf - ok
16:25:06.0809 4888  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:25:06.0825 4888  msisadrv - ok
16:25:06.0856 4888  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:25:06.0903 4888  MSiSCSI - ok
16:25:06.0918 4888  msiserver - ok
16:25:06.0950 4888  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:25:06.0996 4888  MSKSSRV - ok
16:25:07.0028 4888  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:25:07.0074 4888  MSPCLOCK - ok
16:25:07.0090 4888  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:25:07.0137 4888  MSPQM - ok
16:25:07.0168 4888  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:25:07.0184 4888  MsRPC - ok
16:25:07.0199 4888  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:25:07.0215 4888  mssmbios - ok
16:25:07.0230 4888  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:25:07.0277 4888  MSTEE - ok
16:25:07.0277 4888  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:25:07.0308 4888  MTConfig - ok
16:25:07.0324 4888  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:25:07.0340 4888  Mup - ok
16:25:07.0371 4888  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:25:07.0449 4888  napagent - ok
16:25:07.0496 4888  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:25:07.0542 4888  NativeWifiP - ok
16:25:07.0605 4888  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:25:07.0667 4888  NDIS - ok
16:25:07.0714 4888  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:25:07.0761 4888  NdisCap - ok
16:25:07.0792 4888  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:25:07.0823 4888  NdisTapi - ok
16:25:07.0854 4888  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:25:07.0901 4888  Ndisuio - ok
16:25:07.0917 4888  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:25:07.0979 4888  NdisWan - ok
16:25:07.0995 4888  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:25:08.0026 4888  NDProxy - ok
16:25:08.0120 4888  [ 87C61A17E908AEF1C63FBAF915C0B452 ] NeroMediaHomeService.4 C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
16:25:08.0151 4888  NeroMediaHomeService.4 - ok
16:25:08.0182 4888  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:25:08.0213 4888  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:25:08.0213 4888  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:25:08.0260 4888  [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
16:25:08.0307 4888  Netaapl - ok
16:25:08.0338 4888  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:25:08.0400 4888  NetBIOS - ok
16:25:08.0432 4888  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:25:08.0478 4888  NetBT - ok
16:25:08.0510 4888  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:25:08.0525 4888  Netlogon - ok
16:25:08.0556 4888  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:25:08.0619 4888  Netman - ok
16:25:08.0650 4888  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:25:08.0728 4888  netprofm - ok
16:25:08.0759 4888  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:25:08.0775 4888  NetTcpPortSharing - ok
16:25:08.0946 4888  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
16:25:09.0118 4888  netw5v64 - ok
16:25:09.0352 4888  [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
16:25:09.0617 4888  NETwNs64 - ok
16:25:09.0664 4888  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:25:09.0680 4888  nfrd960 - ok
16:25:09.0726 4888  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:25:09.0773 4888  NlaSvc - ok
16:25:09.0773 4888  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:25:09.0820 4888  Npfs - ok
16:25:09.0836 4888  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:25:09.0914 4888  nsi - ok
16:25:09.0929 4888  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:25:10.0007 4888  nsiproxy - ok
16:25:10.0070 4888  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:25:10.0148 4888  Ntfs - ok
16:25:10.0179 4888  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:25:10.0226 4888  Null - ok
16:25:10.0257 4888  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:25:10.0272 4888  nvraid - ok
16:25:10.0288 4888  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:25:10.0304 4888  nvstor - ok
16:25:10.0335 4888  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:25:10.0366 4888  nv_agp - ok
16:25:10.0413 4888  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:25:10.0475 4888  odserv - ok
16:25:10.0491 4888  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:25:10.0522 4888  ohci1394 - ok
16:25:10.0553 4888  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:25:10.0584 4888  ose - ok
16:25:10.0631 4888  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:25:10.0678 4888  p2pimsvc - ok
16:25:10.0725 4888  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:25:10.0756 4888  p2psvc - ok
16:25:10.0787 4888  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
16:25:10.0818 4888  Parport - ok
16:25:10.0850 4888  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:25:10.0881 4888  partmgr - ok
16:25:10.0896 4888  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:25:10.0943 4888  PcaSvc - ok
16:25:10.0959 4888  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:25:10.0974 4888  pci - ok
16:25:10.0990 4888  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:25:11.0006 4888  pciide - ok
16:25:11.0052 4888  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:25:11.0068 4888  pcmcia - ok
16:25:11.0084 4888  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:25:11.0099 4888  pcw - ok
16:25:11.0130 4888  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:25:11.0193 4888  PEAUTH - ok
16:25:11.0240 4888  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
16:25:11.0333 4888  PeerDistSvc - ok
16:25:11.0411 4888  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:25:11.0442 4888  PerfHost - ok
16:25:11.0520 4888  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:25:11.0614 4888  pla - ok
16:25:11.0661 4888  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:25:11.0708 4888  PlugPlay - ok
16:25:11.0739 4888  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:25:11.0754 4888  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:25:11.0754 4888  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:25:11.0770 4888  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:25:11.0801 4888  PNRPAutoReg - ok
16:25:11.0832 4888  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:25:11.0848 4888  PNRPsvc - ok
16:25:11.0879 4888  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:25:11.0942 4888  PolicyAgent - ok
16:25:11.0973 4888  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:25:12.0020 4888  Power - ok
16:25:12.0051 4888  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:25:12.0098 4888  PptpMiniport - ok
16:25:12.0113 4888  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
16:25:12.0129 4888  Processor - ok
16:25:12.0160 4888  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:25:12.0222 4888  ProfSvc - ok
16:25:12.0238 4888  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:25:12.0254 4888  ProtectedStorage - ok
16:25:12.0285 4888  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:25:12.0347 4888  Psched - ok
16:25:12.0378 4888  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:25:12.0441 4888  ql2300 - ok
16:25:12.0472 4888  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:25:12.0488 4888  ql40xx - ok
16:25:12.0534 4888  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:25:12.0566 4888  QWAVE - ok
16:25:12.0581 4888  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:25:12.0612 4888  QWAVEdrv - ok
16:25:12.0628 4888  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:25:12.0690 4888  RasAcd - ok
16:25:12.0706 4888  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:25:12.0753 4888  RasAgileVpn - ok
16:25:12.0768 4888  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:25:12.0831 4888  RasAuto - ok
16:25:12.0846 4888  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:25:12.0893 4888  Rasl2tp - ok
16:25:12.0924 4888  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:25:12.0971 4888  RasMan - ok
16:25:12.0971 4888  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:25:13.0018 4888  RasPppoe - ok
16:25:13.0049 4888  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:25:13.0096 4888  RasSstp - ok
16:25:13.0127 4888  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:25:13.0205 4888  rdbss - ok
16:25:13.0221 4888  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:25:13.0252 4888  rdpbus - ok
16:25:13.0268 4888  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:25:13.0314 4888  RDPCDD - ok
16:25:13.0346 4888  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:25:13.0377 4888  RDPDR - ok
16:25:13.0392 4888  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:25:13.0439 4888  RDPENCDD - ok
16:25:13.0486 4888  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:25:13.0548 4888  RDPREFMP - ok
16:25:13.0595 4888  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:25:13.0626 4888  RdpVideoMiniport - ok
16:25:13.0673 4888  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:25:13.0736 4888  RDPWD - ok
16:25:13.0767 4888  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:25:13.0782 4888  rdyboost - ok
16:25:13.0814 4888  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:25:13.0860 4888  RemoteAccess - ok
16:25:13.0892 4888  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:25:13.0954 4888  RemoteRegistry - ok
16:25:13.0985 4888  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:25:14.0001 4888  RFCOMM - ok
16:25:14.0016 4888  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:25:14.0079 4888  RpcEptMapper - ok
16:25:14.0094 4888  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:25:14.0141 4888  RpcLocator - ok
16:25:14.0172 4888  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:25:14.0204 4888  RpcSs - ok
16:25:14.0235 4888  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:25:14.0266 4888  rspndr - ok
16:25:14.0297 4888  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
16:25:14.0328 4888  s3cap - ok
16:25:14.0344 4888  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:25:14.0360 4888  SamSs - ok
16:25:14.0375 4888  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:25:14.0391 4888  sbp2port - ok
16:25:14.0422 4888  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:25:14.0469 4888  SCardSvr - ok
16:25:14.0484 4888  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:25:14.0531 4888  scfilter - ok
16:25:14.0578 4888  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:25:14.0703 4888  Schedule - ok
16:25:14.0718 4888  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:25:14.0765 4888  SCPolicySvc - ok
16:25:14.0781 4888  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:25:14.0828 4888  SDRSVC - ok
16:25:14.0859 4888  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:25:14.0906 4888  secdrv - ok
16:25:14.0937 4888  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:25:14.0968 4888  seclogon - ok
16:25:14.0984 4888  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:25:15.0046 4888  SENS - ok
16:25:15.0046 4888  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:25:15.0108 4888  SensrSvc - ok
16:25:15.0124 4888  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:25:15.0155 4888  Serenum - ok
16:25:15.0171 4888  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
16:25:15.0202 4888  Serial - ok
16:25:15.0218 4888  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:25:15.0249 4888  sermouse - ok
16:25:15.0280 4888  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:25:15.0311 4888  SessionEnv - ok
16:25:15.0342 4888  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:25:15.0358 4888  sffdisk - ok
16:25:15.0374 4888  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:25:15.0389 4888  sffp_mmc - ok
16:25:15.0405 4888  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:25:15.0436 4888  sffp_sd - ok
16:25:15.0452 4888  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:25:15.0483 4888  sfloppy - ok
16:25:15.0530 4888  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:25:15.0576 4888  SharedAccess - ok
16:25:15.0608 4888  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:25:15.0670 4888  ShellHWDetection - ok
16:25:15.0686 4888  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:25:15.0701 4888  SiSRaid2 - ok
16:25:15.0732 4888  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:25:15.0764 4888  SiSRaid4 - ok
16:25:15.0951 4888  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:25:16.0076 4888  Skype C2C Service - ok
16:25:16.0107 4888  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:25:16.0169 4888  SkypeUpdate - ok
16:25:16.0200 4888  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:25:16.0247 4888  Smb - ok
16:25:16.0294 4888  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:25:16.0325 4888  SNMPTRAP - ok
16:25:16.0372 4888  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:25:16.0372 4888  spldr - ok
16:25:16.0434 4888  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:25:16.0466 4888  Spooler - ok
16:25:16.0575 4888  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:25:16.0746 4888  sppsvc - ok
16:25:16.0762 4888  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:25:16.0793 4888  sppuinotify - ok
16:25:16.0840 4888  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:25:16.0871 4888  srv - ok
16:25:16.0902 4888  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:25:16.0980 4888  srv2 - ok
16:25:17.0012 4888  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:25:17.0027 4888  srvnet - ok
16:25:17.0058 4888  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:25:17.0121 4888  SSDPSRV - ok
16:25:17.0136 4888  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:25:17.0168 4888  SstpSvc - ok
16:25:17.0292 4888  [ 5697FB5DCF36ADA09C153378E88AE6AD ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
16:25:17.0324 4888  STacSV - ok
16:25:17.0355 4888  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:25:17.0386 4888  stexstor - ok
16:25:17.0417 4888  [ F3F6C17F70EBA268CDBE4F9704E3EAC5 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
16:25:17.0464 4888  STHDA - ok
16:25:17.0495 4888  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
16:25:17.0526 4888  StillCam - ok
16:25:17.0589 4888  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:25:17.0667 4888  stisvc - ok
16:25:17.0698 4888  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
16:25:17.0714 4888  storflt - ok
16:25:17.0729 4888  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:25:17.0745 4888  storvsc - ok
16:25:17.0776 4888  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:25:17.0776 4888  swenum - ok
16:25:17.0823 4888  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:25:17.0870 4888  swprv - ok
16:25:17.0885 4888  [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
16:25:17.0901 4888  Synth3dVsc - ok
16:25:17.0963 4888  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:25:18.0041 4888  SysMain - ok
16:25:18.0088 4888  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:25:18.0166 4888  TabletInputService - ok
16:25:18.0197 4888  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:25:18.0275 4888  TapiSrv - ok
16:25:18.0291 4888  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:25:18.0322 4888  TBS - ok
16:25:18.0400 4888  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:25:18.0494 4888  Tcpip - ok
16:25:18.0556 4888  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:25:18.0618 4888  TCPIP6 - ok
16:25:18.0650 4888  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:25:18.0665 4888  tcpipreg - ok
16:25:18.0696 4888  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:25:18.0728 4888  TDPIPE - ok
16:25:18.0743 4888  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:25:18.0774 4888  TDTCP - ok
16:25:18.0790 4888  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:25:18.0837 4888  tdx - ok
16:25:18.0837 4888  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:25:18.0852 4888  TermDD - ok
16:25:18.0884 4888  [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
16:25:18.0930 4888  terminpt - ok
16:25:18.0977 4888  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:25:19.0040 4888  TermService - ok
16:25:19.0071 4888  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:25:19.0086 4888  Themes - ok
16:25:19.0164 4888  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:25:19.0227 4888  THREADORDER - ok
16:25:19.0242 4888  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:25:19.0305 4888  TrkWks - ok
16:25:19.0352 4888  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:25:19.0430 4888  TrustedInstaller - ok
16:25:19.0445 4888  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:25:19.0492 4888  tssecsrv - ok
16:25:19.0508 4888  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:25:19.0539 4888  TsUsbFlt - ok
16:25:19.0570 4888  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:25:19.0601 4888  TsUsbGD - ok
16:25:19.0632 4888  [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
16:25:19.0664 4888  tsusbhub - ok
16:25:19.0695 4888  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:25:19.0742 4888  tunnel - ok
16:25:19.0757 4888  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:25:19.0773 4888  uagp35 - ok
16:25:19.0788 4888  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:25:19.0851 4888  udfs - ok
16:25:19.0882 4888  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:25:19.0913 4888  UI0Detect - ok
16:25:19.0960 4888  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:25:19.0976 4888  uliagpkx - ok
16:25:20.0007 4888  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:25:20.0038 4888  umbus - ok
16:25:20.0054 4888  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:25:20.0069 4888  UmPass - ok
16:25:20.0100 4888  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
16:25:20.0132 4888  UmRdpService - ok
16:25:20.0178 4888  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:25:20.0241 4888  upnphost - ok
16:25:20.0272 4888  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:25:20.0319 4888  USBAAPL64 - ok
16:25:20.0334 4888  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:25:20.0366 4888  usbccgp - ok
16:25:20.0412 4888  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:25:20.0428 4888  usbcir - ok
16:25:20.0444 4888  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:25:20.0475 4888  usbehci - ok
16:25:20.0506 4888  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:25:20.0537 4888  usbhub - ok
16:25:20.0553 4888  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:25:20.0584 4888  usbohci - ok
16:25:20.0615 4888  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:25:20.0631 4888  usbprint - ok
16:25:20.0678 4888  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:25:20.0693 4888  usbscan - ok
16:25:20.0724 4888  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:25:20.0771 4888  USBSTOR - ok
16:25:20.0802 4888  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:25:20.0818 4888  usbuhci - ok
16:25:20.0865 4888  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
16:25:20.0912 4888  usbvideo - ok
16:25:20.0943 4888  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:25:21.0005 4888  UxSms - ok
16:25:21.0036 4888  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:25:21.0036 4888  VaultSvc - ok
16:25:21.0068 4888  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:25:21.0099 4888  vdrvroot - ok
16:25:21.0130 4888  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:25:21.0192 4888  vds - ok
16:25:21.0224 4888  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:25:21.0239 4888  vga - ok
16:25:21.0255 4888  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:25:21.0317 4888  VgaSave - ok
16:25:21.0317 4888  VGPU - ok
16:25:21.0348 4888  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:25:21.0364 4888  vhdmp - ok
16:25:21.0380 4888  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:25:21.0395 4888  viaide - ok
16:25:21.0426 4888  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:25:21.0442 4888  vmbus - ok
16:25:21.0458 4888  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
16:25:21.0473 4888  VMBusHID - ok
16:25:21.0489 4888  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:25:21.0504 4888  volmgr - ok
16:25:21.0520 4888  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:25:21.0551 4888  volmgrx - ok
16:25:21.0582 4888  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:25:21.0629 4888  volsnap - ok
16:25:21.0660 4888  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:25:21.0676 4888  vsmraid - ok
16:25:21.0738 4888  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:25:21.0816 4888  VSS - ok
16:25:21.0848 4888  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:25:21.0879 4888  vwifibus - ok
16:25:21.0910 4888  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:25:21.0941 4888  vwififlt - ok
16:25:21.0972 4888  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:25:22.0035 4888  vwifimp - ok
16:25:22.0066 4888  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:25:22.0113 4888  W32Time - ok
16:25:22.0128 4888  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:25:22.0160 4888  WacomPen - ok
16:25:22.0206 4888  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:25:22.0269 4888  WANARP - ok
16:25:22.0284 4888  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:25:22.0316 4888  Wanarpv6 - ok
16:25:22.0394 4888  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:25:22.0487 4888  WatAdminSvc - ok
16:25:22.0550 4888  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:25:22.0659 4888  wbengine - ok
16:25:22.0674 4888  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:25:22.0706 4888  WbioSrvc - ok
16:25:22.0721 4888  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:25:22.0752 4888  wcncsvc - ok
16:25:22.0768 4888  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:25:22.0815 4888  WcsPlugInService - ok
16:25:22.0846 4888  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
16:25:22.0862 4888  Wd - ok
16:25:22.0893 4888  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:25:22.0940 4888  Wdf01000 - ok
16:25:22.0955 4888  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:25:23.0080 4888  WdiServiceHost - ok
16:25:23.0096 4888  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:25:23.0111 4888  WdiSystemHost - ok
16:25:23.0142 4888  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:25:23.0189 4888  WebClient - ok
16:25:23.0220 4888  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:25:23.0283 4888  Wecsvc - ok
16:25:23.0298 4888  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:25:23.0345 4888  wercplsupport - ok
16:25:23.0361 4888  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:25:23.0408 4888  WerSvc - ok
16:25:23.0423 4888  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:25:23.0470 4888  WfpLwf - ok
16:25:23.0501 4888  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:25:23.0517 4888  WIMMount - ok
16:25:23.0532 4888  WinDefend - ok
16:25:23.0532 4888  WinHttpAutoProxySvc - ok
16:25:23.0595 4888  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:25:23.0657 4888  Winmgmt - ok
16:25:23.0720 4888  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:25:23.0829 4888  WinRM - ok
16:25:23.0876 4888  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:25:23.0891 4888  WinUsb - ok
16:25:23.0938 4888  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:25:23.0985 4888  Wlansvc - ok
16:25:24.0000 4888  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:25:24.0016 4888  WmiAcpi - ok
16:25:24.0047 4888  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:25:24.0094 4888  wmiApSrv - ok
16:25:24.0141 4888  WMPNetworkSvc - ok
16:25:24.0156 4888  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:25:24.0188 4888  WPCSvc - ok
16:25:24.0203 4888  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:25:24.0219 4888  WPDBusEnum - ok
16:25:24.0250 4888  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:25:24.0281 4888  ws2ifsl - ok
16:25:24.0297 4888  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:25:24.0328 4888  wscsvc - ok
16:25:24.0344 4888  WSearch - ok
16:25:24.0422 4888  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:25:24.0531 4888  wuauserv - ok
16:25:24.0562 4888  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:25:24.0609 4888  WudfPf - ok
16:25:24.0671 4888  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:25:24.0702 4888  WUDFRd - ok
16:25:24.0734 4888  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:25:24.0765 4888  wudfsvc - ok
16:25:24.0796 4888  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:25:24.0827 4888  WwanSvc - ok
16:25:24.0874 4888  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
16:25:24.0905 4888  yukonw7 - ok
16:25:24.0921 4888  ================ Scan global ===============================
16:25:24.0936 4888  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:25:24.0968 4888  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:25:24.0983 4888  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:25:25.0014 4888  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:25:25.0030 4888  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:25:25.0046 4888  [Global] - ok
16:25:25.0046 4888  ================ Scan MBR ==================================
16:25:25.0046 4888  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:25:25.0467 4888  \Device\Harddisk0\DR0 - ok
16:25:25.0467 4888  ================ Scan VBR ==================================
16:25:25.0482 4888  [ E80020D105E8514B1CE8F39458EAE448 ] \Device\Harddisk0\DR0\Partition1
16:25:25.0482 4888  \Device\Harddisk0\DR0\Partition1 - ok
16:25:25.0514 4888  [ BC0D07C3AA2543A0AC24B04A807A2153 ] \Device\Harddisk0\DR0\Partition2
16:25:25.0529 4888  \Device\Harddisk0\DR0\Partition2 - ok
16:25:25.0545 4888  [ FE3BF08DF740788DB8217D2B91004907 ] \Device\Harddisk0\DR0\Partition3
16:25:25.0545 4888  \Device\Harddisk0\DR0\Partition3 - ok
16:25:25.0545 4888  ============================================================
16:25:25.0545 4888  Scan finished
16:25:25.0545 4888  ============================================================
16:25:25.0560 4728  Detected object count: 5
16:25:25.0560 4728  Actual detected object count: 5
16:26:11.0097 4728  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:26:11.0097 4728  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:26:11.0097 4728  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:26:11.0097 4728  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:26:11.0097 4728  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
16:26:11.0097 4728  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:26:11.0112 4728  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:26:11.0112 4728  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:26:11.0112 4728  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:26:11.0112 4728  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:26:21.0549 4616  Deinitialize success

cosinus · 02.04.2013, 15:57

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

zero007 · 02.04.2013, 16:44

Code:

ATTFilter

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.9 (04.01.2013:1)
OS: Windows 7 Ultimate x64
Ran by Aik on 02.04.2013 at 17:05:03,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] "C:\Users\Aik\AppData\Roaming\mozilla\firefox\profiles\8p6se4wh.default\extensions\DivXWebPlayer@divx.com.xpi" 
Successfully deleted the following from C:\Users\Aik\AppData\Roaming\mozilla\firefox\profiles\8p6se4wh.default\prefs.js

user_pref("extensions.ffxtlbr@delta.com.install-event-fired", true);
Emptied folder: C:\Users\Aik\AppData\Roaming\mozilla\firefox\profiles\8p6se4wh.default\minidumps [151 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.04.2013 at 17:16:42,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.115 - Datei am 02/04/2013 um 17:20:09 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Aik - AIK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Aik\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Aik\AppData\Roaming\Mozilla\Firefox\Profiles\8p6se4wh.default\jetpack

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Aik\AppData\Roaming\Mozilla\Firefox\Profiles\8p6se4wh.default\prefs.js

Gelöscht : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);

*************************

AdwCleaner[S1].txt - [9953 octets] - [26/03/2013 20:44:04]
AdwCleaner[S2].txt - [929 octets] - [02/04/2013 17:20:09]

########## EOF - C:\AdwCleaner[S2].txt - [988 octets] ##########

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.04.2013 17:28:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Aik\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,46% Memory free
7,99 Gb Paging File | 6,50 Gb Available in Paging File | 81,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 49,62 Gb Free Space | 50,86% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 243,42 Gb Free Space | 66,13% Space Free | Partition Type: NTFS
 
Computer Name: AIK-PC | User Name: Aik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Aik\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NeroMediaHomeService.4) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe (IDT, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 22 04 3A 4E 25 CE 01  [binary data]
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1364226288&rver=6.1.6206.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fdub113.mail.live.com%2Fdefault.aspx%3Fn%3D1070017894%26fid%3D1&lc=1031&id=64855&mkt=de-de&cbcxt=mai|https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.30
FF - prefs.js..extensions.enabledAddons: firefox%40mega.co.nz:1.0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.14 17:33:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 13:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.11 13:11:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.14 17:33:35 | 000,000,000 | ---D | M]
 
[2011.10.19 16:46:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\Extensions
[2013.04.02 17:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\Firefox\Profiles\8p6se4wh.default\extensions
[2013.03.24 23:13:59 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Aik\AppData\Roaming\mozilla\Firefox\Profiles\8p6se4wh.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013.03.25 17:47:56 | 000,004,366 | ---- | M] () (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\firefox\profiles\8p6se4wh.default\extensions\firefox@mega.co.nz.xpi
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\firefox\profiles\8p6se4wh.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.03.26 17:38:27 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\firefox\profiles\8p6se4wh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.11 13:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.11 13:11:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.11 13:12:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.23 23:06:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.02 21:08:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.23 23:06:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 23:06:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 23:06:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 23:06:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Aik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Aik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16C78E3C-E336-44E5-8550-AB9CC17128FA}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A9DAD93-FD94-440C-AB7F-D351E9B4ED71}: DhcpNameServer = 213.162.69.169 213.162.69.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5255E45-312D-4944-9305-10EC517E439C}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.02 17:05:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.02 17:04:46 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.02 17:04:00 | 000,550,909 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Aik\Desktop\JRT.exe
[2013.04.02 15:47:03 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Aik\Desktop\tdsskiller.exe
[2013.04.02 15:47:01 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Aik\Desktop\aswMBR.exe
[2013.04.02 08:08:41 | 000,000,000 | ---D | C] -- C:\Users\Aik\Desktop\mbar-1.01.0.1022
[2013.03.27 12:24:17 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.27 12:24:17 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.27 12:24:17 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.26 18:41:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Aik\Desktop\OTL.exe
[2013.03.26 18:39:52 | 000,000,000 | ---D | C] -- C:\Users\Aik\AppData\Roaming\Malwarebytes
[2013.03.26 18:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.26 18:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.26 18:39:10 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.26 18:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.26 18:38:53 | 000,000,000 | ---D | C] -- C:\Users\Aik\AppData\Local\Programs
[2013.03.26 17:39:25 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.20 20:35:37 | 000,000,000 | ---D | C] -- C:\Users\Aik\AppData\Roaming\Nero
[2013.03.20 20:35:30 | 000,000,000 | ---D | C] -- C:\Users\Aik\AppData\Local\Nero
[2013.03.20 20:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013.03.20 20:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013.03.20 20:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2013.03.20 20:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2013.03.20 20:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2013.03.20 20:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2013.03.20 20:25:44 | 000,000,000 | ---D | C] -- C:\Users\Aik\AppData\Local\Plex Media Server
[2013.03.20 20:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plex
[2013.03.14 13:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2013.03.14 12:07:00 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.14 12:06:58 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.14 12:06:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.14 12:06:58 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.14 12:06:58 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.14 12:06:58 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.14 12:06:58 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.11 13:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.11 13:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.03.11 13:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.11 13:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.03.11 13:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013.03.11 13:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.02 17:29:16 | 001,507,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.02 17:29:16 | 000,657,948 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.02 17:29:16 | 000,619,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.02 17:29:16 | 000,131,288 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.02 17:29:16 | 000,107,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.02 17:29:12 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.02 17:29:12 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.02 17:21:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.02 17:21:30 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.02 17:03:55 | 000,550,909 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Aik\Desktop\JRT.exe
[2013.04.02 16:22:09 | 000,000,512 | ---- | M] () -- C:\Users\Aik\Desktop\MBR.dat
[2013.04.02 15:49:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.02 15:41:41 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Aik\Desktop\aswMBR.exe
[2013.04.02 15:40:49 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Aik\Desktop\tdsskiller.exe
[2013.04.02 08:08:33 | 012,894,739 | ---- | M] () -- C:\Users\Aik\Desktop\mbar-1.01.0.1022.zip
[2013.04.02 07:48:01 | 000,377,856 | ---- | M] () -- C:\Users\Aik\Desktop\gmer_2.1.19155.exe
[2013.03.27 12:23:56 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.27 12:23:56 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.27 12:23:56 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.26 18:39:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.26 18:22:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aik\Desktop\OTL.exe
[2013.03.26 18:22:22 | 000,609,993 | ---- | M] () -- C:\Users\Aik\Desktop\adwcleaner.exe
[2013.03.20 20:33:41 | 000,002,403 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk
[2013.03.14 12:49:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.14 12:49:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.11 13:18:12 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.02 16:22:09 | 000,000,512 | ---- | C] () -- C:\Users\Aik\Desktop\MBR.dat
[2013.04.02 08:08:36 | 012,894,739 | ---- | C] () -- C:\Users\Aik\Desktop\mbar-1.01.0.1022.zip
[2013.04.02 07:49:00 | 000,377,856 | ---- | C] () -- C:\Users\Aik\Desktop\gmer_2.1.19155.exe
[2013.03.26 18:41:06 | 000,609,993 | ---- | C] () -- C:\Users\Aik\Desktop\adwcleaner.exe
[2013.03.26 18:39:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.20 20:33:41 | 000,002,403 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk
[2013.03.20 20:28:45 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.03.11 13:18:12 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.12 13:42:34 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.05 13:15:06 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.03.05 13:15:06 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.12.27 01:36:30 | 000,003,584 | ---- | C] () -- C:\Users\Aik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.14 17:26:01 | 000,266,091 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011.11.14 17:07:52 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2011.10.19 21:44:24 | 000,142,504 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.10.19 16:35:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 02.04.2013 17:28:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Aik\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,46% Memory free
7,99 Gb Paging File | 6,50 Gb Available in Paging File | 81,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 49,62 Gb Free Space | 50,86% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 243,42 Gb Free Space | 66,13% Space Free | Partition Type: NTFS
 
Computer Name: AIK-PC | User Name: Aik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A53E98D-EB3E-476E-B9B4-BCE9C6DEF46C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2BAA7748-B3E0-427D-A26B-88BC86005C0E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{327948ED-B0B9-451E-906E-F9DC4C50CDF4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{37FFD3EE-C95C-4FF4-B470-E3924291BE07}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3AFF3FF1-B6AD-480D-837B-C07344C2ADFB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{46BCD3C7-72DA-40FF-9DEB-47E6A85F38D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{52315860-A431-4DF3-BCC8-0AE872CB61FC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5CA19FBF-C287-4C0E-86DE-D5497AF5AE8F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{60CE4D4C-1D83-4773-8481-C793A706D622}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6334A1FB-13FC-4FA3-AA2F-6318E5333F3B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{64D995CF-9FA6-4856-82C1-7152A269B63E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{67560831-6C9A-45A6-B76F-15BF1743B6C1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6C678BFE-015B-438A-B70B-19D06B3DA02B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{76A0A505-A807-451F-8766-ACD79FD87DAC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{87130262-C5E8-42CE-9A38-81C36316F664}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9C1212E9-2889-412C-858A-F5191266CD3C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{9F9B092F-7EC6-408B-B118-61D3DFB9E085}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A17FCED5-40FC-4C58-ADC3-85B932477707}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A4F84749-4E75-44D2-863F-B0F2B2775DB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B174CD6E-7638-41DC-8785-4B73544C999E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B36B05F6-BBAB-42A8-B637-3EF28A7B96ED}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C09F49FD-564F-444F-8F9F-C6E03B1E1D62}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CD92B66E-1665-4C22-B339-05F97AB4DB1C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{CE2D7455-8499-4236-9E9D-D412A21684E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D6372555-7BB8-4341-8D47-C9729078E2CF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DDB7687E-E5DF-45C4-AADA-1A5834918543}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02515A9D-9E24-416D-9E5A-1A59EE22ECF6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{039DC8BE-0F37-490D-AB85-EEB9A73FB4C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{046516AF-380C-4906-8093-8F288F1D4269}" = protocol=6 | dir=out | app=system | 
"{04AC5D6B-71FD-4175-A58C-49FAB32C9AD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{05A0F4AD-03F8-4DF3-9313-99B9B87268E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0666E921-F228-4B57-A046-BFBA72A2BAFC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0A657B33-9323-4535-81F7-4D77528FDBBA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{112F00D4-4F59-4A5C-B73A-9E07F2D18421}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{11AAE9EC-7BBD-431C-A1AC-75B837D97510}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{143E1ABB-8316-4468-962B-7E878CE1ABB2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1BCB4F3A-C791-4D93-AB59-3EAE53B2B64E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{1CAF2F46-37B6-44A3-A890-2E3325B592D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{1D53E3DD-C1F0-4CBF-A3BB-2177808A1F1D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1E37A0D3-C0D4-46A0-A83C-C18CD4C0DBAC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{20CC90CB-6AD0-4093-86E3-88BED90BF64E}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{27C2CA4E-4611-4FC0-BA01-4175DF584399}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{288773EE-0DC3-444E-815C-E9208D325AED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{34788860-3672-42A6-8451-608D9C88EED2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{356DC66D-A9AF-4D47-B06E-5EC61BE5408E}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe | 
"{36A26C52-0AC5-4FA8-B96B-57F634320E02}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{38B7DD9B-BC3E-4E8D-8B15-9FA709687389}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{43FDA0CD-9CC0-4D62-B787-6B031A4A66EE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{45DA2AA2-823E-4E66-B450-C89A598A224D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{583B7B4A-6B85-46CE-92DC-6D80705A9AC4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5841D848-5B6E-4A33-A459-F629E4907729}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{59527962-1573-4251-9E07-6E8CF3C35DB7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{63EFC62A-647D-42C2-B5F8-F3EDB3AC5745}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7ADE9411-0560-4E91-9265-813E3FFDED9C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{7E7FC168-ADFE-4B41-9411-DC9279320547}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{7FB800AD-5443-4F83-B85A-0B5B3958805A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{80E61BE1-FA67-4B89-80E9-7608B8010CAC}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe | 
"{8B7427B9-6927-46ED-9AA1-2EA4254C3CB6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{8CB8310C-FD4B-4102-ABE9-8284B499BBB7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{93FEF2DB-874F-4D98-BBF7-E65CCC08A3E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A137C3E6-E68A-4EA4-BC5B-A11753A9DB6E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{B46E4973-84F5-4FE7-B551-726D88878717}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B69079EC-3341-4C2A-A84C-C5E707662925}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B6C76C67-4E16-415E-92E5-8CE49720CCC1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{C42451FD-2999-41AF-BD91-5AA7E2F76464}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{C651BC11-D38A-4030-BCD7-866EB9435352}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{C67CDC0B-930D-4275-B7DA-53EF87437625}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C83DE1D0-29A6-494E-9756-ABB11B209384}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C9316605-FDB0-496B-9545-0313E7C789D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CA066705-1946-4560-89B1-10210203BFA3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D1A841CE-3F60-46E0-B16D-C05D68001409}" = dir=in | app=e:\setup\hpznui40.exe | 
"{D4CF376B-7B84-4551-9002-D2EB05EE9B42}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{E7A0FF0C-C58C-42D0-A3F4-22F73B524EB6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{EBE6442C-5C5E-4761-8425-17BECDE8BE89}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{F85270F0-F548-415C-B233-CAF9985D371F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F9AA3143-A356-4525-8F70-09743043EFC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F9BA4EF8-B000-4510-87D1-D314161F6874}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FB3B4C93-C08B-4B01-8B75-06DCEFC92787}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FFC3555F-5870-451A-87BB-18A3CE98216D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4f905097-477f-4f75-b410-4c47aa71fe49}" = Nero MediaHome 4 Essentials
"{69FC3B9A-4149-43DB-A557-6ED0C8D8BA44}" = Nero MediaHome 4 Help
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{99EF387E-633E-4CFB-BFA3-AB961B685DDF}" = Nero MediaHome 4
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.04.2013 11:22:26 | Computer Name = Aik-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 02.04.2013 11:21:37 | Computer Name = Aik-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 02.04.2013 11:21:37 | Computer Name = Aik-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >

--- --- ---

27.03.2013, 15:50	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Delta Search entfernen Von einem Arbeitskollegen bekommen, einfach so und du nutzt den Rechner jetzt nur noch rein privat? Bitte erst das klären, dann beantworte ich deine anderen Fragen __________________ Logfiles bitte immer in CODE-Tags posten

28.03.2013, 12:44	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Delta Search entfernen Bitte erkläre einfach, warum du offensichtlich einen Firmenrechner von einem Kollegen einfach so bekommst nur im damit alles rein privates Zeug zu machen. Das klingt für mich nämlich so einfach nicht plausibel. __________________ --> Delta Search entfernen

Delta Search entfernen

Plagegeister aller Art und deren Bekämpfung: Delta Search entfernen