Firefox öffnet "e.ligatus..." automatisch

Nordeisregen · 12.04.2013, 10:03

Hallo, liebe Community!

Vorneweg, auf den Gebieten des PCs und der Schädlingsbekämpfung würde ich mich nicht gerade als "Pro" bezeichnen. Aber nun zu meinem Problem.

Gestern hat sich ohne jede Vorwarnung ein neuer Tab in Firefox mit folgendem Link geöffnet: "http: //e. ligatus.com/Ligatus Fallback .gif?ids= 34088" (habe ich aus Google kopiert, da mir der genaue Link nicht mehr geläufig ist). Ich habe keine Ahnung, was das ist - habe in Google unter anderem etwas von Virus gefunden, aber auch nichts Konkretes. Während des Surfens habe ich eigentlich immer neben Virenscanner und Windows-Firewall NoScript und Adblock aktiv und meide unseriös klingende Seiten, falls das helfen sollte. Weiterhin habe ich auch schon einen Beitrag dazu im Forum gefunden, aber wollte nicht einfach wild drauflosdoktorn.

Hier die Scans:

OTL:

Code:

ATTFilter

OTL logfile created on: 12.04.2013 10:14:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Meruu\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,33 Gb Available Physical Memory | 79,53% Memory free
15,91 Gb Paging File | 14,39 Gb Available in Paging File | 90,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 72,63 Gb Free Space | 60,91% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 896,27 Gb Free Space | 96,22% Space Free | Partition Type: NTFS
Drive E: | 7,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 100,00 Mb Total Space | 71,86 Mb Free Space | 71,87% Space Free | Partition Type: NTFS
Drive G: | 511,62 Gb Total Space | 384,99 Gb Free Space | 75,25% Space Free | Partition Type: NTFS
Drive H: | 1351,29 Gb Total Space | 1072,07 Gb Free Space | 79,34% Space Free | Partition Type: NTFS
Drive I: | 2,00 Gb Total Space | 0,65 Gb Free Space | 32,59% Space Free | Partition Type: FAT
 
Computer Name: MERUU-PC | User Name: Meruu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.12 10:02:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meruu\Desktop\OTL.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.07.19 19:00:56 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.07.19 19:00:54 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.07.19 19:00:30 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.05.30 14:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.03.27 10:14:28 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.13 21:26:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 04:24:45 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\a9f8b35698a9a28f22861f7b814b79bc\IAStorCommon.ni.dll
MOD - [2013.01.10 04:24:44 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c484ce0997e68573a00dc6cddf16e2ac\IAStorUtil.ni.dll
MOD - [2013.01.10 04:21:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 04:21:27 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 04:21:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 04:21:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 04:21:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 04:21:15 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 04:21:13 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.11.21 08:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.03 00:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.19 19:00:56 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.19 19:00:54 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.07.19 19:00:30 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.06.19 19:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.12.20 10:28:14 | 000,341,800 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.10 17:56:25 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.09 05:01:18 | 000,445,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2012.07.03 17:25:18 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.07.03 00:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.05.30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.04.12 00:30:00 | 000,708,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.03.27 10:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.03.27 10:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.03.27 10:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.02 08:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.07.26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008.07.26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008.07.26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008.07.26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {92F54EEC-695B-4CD8-ACB8-8521188424CD}
IE:64bit: - HKLM\..\SearchScopes\{92F54EEC-695B-4CD8-ACB8-8521188424CD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {92F54EEC-695B-4CD8-ACB8-8521188424CD}
IE - HKLM\..\SearchScopes\{92F54EEC-695B-4CD8-ACB8-8521188424CD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS;
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {92F54EEC-695B-4CD8-ACB8-8521188424CD}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Itunesnew\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: H:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: H:\Firefox\components [2013.03.09 13:14:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: H:\Firefox\plugins
 
[2012.09.01 13:10:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meruu\AppData\Roaming\mozilla\Extensions
[2013.03.29 15:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meruu\AppData\Roaming\mozilla\Firefox\Profiles\voycfkip.default\extensions
[2013.03.29 15:22:32 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\Meruu\AppData\Roaming\mozilla\firefox\profiles\voycfkip.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.14 21:28:18 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Meruu\AppData\Roaming\mozilla\firefox\profiles\voycfkip.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Java\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA5D05F9-DFAE-4D53-8E89-B8AE828EE494}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.25 22:54:19 | 000,013,128 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.04.22 17:13:49 | 000,000,074 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4b290048-f41e-11e1-be35-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4b290048-f41e-11e1-be35-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2011.04.25 22:54:19 | 000,013,128 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.12 10:02:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Meruu\Desktop\OTL.exe
[2013.04.11 23:50:35 | 000,000,000 | ---D | C] -- C:\Users\Meruu\AppData\Roaming\Malwarebytes
[2013.04.11 23:50:05 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.11 23:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.11 23:49:21 | 000,000,000 | ---D | C] -- C:\Users\Meruu\AppData\Local\Programs
[2013.03.30 18:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.03.14 01:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.14 01:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.14 01:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.12 10:02:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meruu\Desktop\OTL.exe
[2013.04.12 09:50:52 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 09:50:52 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 09:48:53 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.12 09:48:53 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.12 09:48:53 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.12 09:48:53 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.12 09:48:53 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.12 09:43:44 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.12 09:43:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.12 09:43:38 | 2111,344,639 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.19 18:04:48 | 000,002,245 | ---- | M] () -- C:\Users\Meruu\Documents\nachforschungsauftrag.rtf
[2013.03.14 20:21:23 | 000,243,954 | ---- | M] () -- C:\Users\Meruu\Documents\lebenslaufneu.rtf
[2013.03.14 20:12:34 | 000,001,692 | ---- | M] () -- C:\Users\Meruu\Documents\bewerbungflorstadt.rtf
[2013.03.14 01:52:32 | 000,002,033 | ---- | M] () -- C:\Users\Meruu\Documents\bewerbungprospekt.rtf
 
========== Files Created - No Company Name ==========
 
[2013.03.19 18:04:48 | 000,002,245 | ---- | C] () -- C:\Users\Meruu\Documents\nachforschungsauftrag.rtf
[2013.03.14 20:07:36 | 000,001,692 | ---- | C] () -- C:\Users\Meruu\Documents\bewerbungflorstadt.rtf
[2013.03.13 22:32:48 | 000,002,033 | ---- | C] () -- C:\Users\Meruu\Documents\bewerbungprospekt.rtf
[2013.01.24 20:03:18 | 001,017,955 | ---- | C] () -- C:\Users\Meruu\Scannen0005.jpg
[2013.01.24 20:03:18 | 000,461,634 | ---- | C] () -- C:\Users\Meruu\Scannen0006.jpg
[2012.09.01 17:05:39 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.19 18:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.04.27 15:21:44 | 000,002,048 | ---- | C] () -- C:\Windows\hidcon.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.10 18:17:57 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\.minecraft
[2012.10.15 11:35:47 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\Downloaded Installations
[2013.04.11 22:08:59 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\ICQ
[2012.11.05 20:47:16 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\Leadertech
[2012.09.09 14:45:24 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\LolClient
[2013.04.11 20:47:41 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\Mumble
[2013.04.04 12:32:10 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\Nitro PDF
[2013.03.22 02:26:49 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\SoftGrid Client
[2012.10.24 21:03:46 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\TP
[2012.09.09 18:57:42 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\ts3overlay
 
========== Purity Check ==========
 
 

< End of report >

OTL Extras:

Code:

ATTFilter

OTL Extras logfile created on: 12.04.2013 10:14:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Meruu\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,33 Gb Available Physical Memory | 79,53% Memory free
15,91 Gb Paging File | 14,39 Gb Available in Paging File | 90,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 72,63 Gb Free Space | 60,91% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 896,27 Gb Free Space | 96,22% Space Free | Partition Type: NTFS
Drive E: | 7,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 100,00 Mb Total Space | 71,86 Mb Free Space | 71,87% Space Free | Partition Type: NTFS
Drive G: | 511,62 Gb Total Space | 384,99 Gb Free Space | 75,25% Space Free | Partition Type: NTFS
Drive H: | 1351,29 Gb Total Space | 1072,07 Gb Free Space | 79,34% Space Free | Partition Type: NTFS
Drive I: | 2,00 Gb Total Space | 0,65 Gb Free Space | 32,59% Space Free | Partition Type: FAT
 
Computer Name: MERUU-PC | User Name: Meruu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- H:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07116827-C965-4514-925D-57FCE0FFBBFA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{10B93ECD-F8B4-4950-9B86-C97730E121E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1921E80D-A64B-4E67-BF79-0F7E0608E353}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3E177F11-4CF1-4611-949B-6FAC489974C0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4AA54BBD-AE4C-449A-A03B-7ADA47871AF1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{51B18C89-5306-4067-BFD5-D2BF85E0EF14}" = rport=138 | protocol=17 | dir=out | app=system | 
"{567BD6B5-5A20-4851-821A-D8B9FBC0277E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{569F60A4-B355-4924-97DC-92368669BC4B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{599AD2D3-5816-4D8D-A55C-1A9FFB27E487}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5C362C6D-10ED-407E-A731-A87A0F84EB09}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5E4921E6-3602-42A1-AD6E-512DEE98211C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{64A0F9C7-70BC-4876-9194-CED239448F2B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{75D65371-344F-4E28-8C39-FB2AE277B9BB}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{96A52E0F-9E9D-405B-B92C-47F6D1452468}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{9D507A2A-BE73-40BC-9113-729A0FFD4F98}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{A3B71B45-9D4C-42CE-BB7E-AC9796BDC52D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ABA89E5B-79BE-4C18-8389-600A5B777D58}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AC24C16F-3556-44F2-9052-0B07C876DDF9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AE973D08-9DC7-498C-81BD-CF21858EC62B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B23EBE35-F4A4-41E0-B57E-84B0AC411836}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BA4AA268-6A07-4119-8B77-0A1D366D935B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BCD7BE9D-3864-45BE-B898-31D27AC9F4C3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C1B738F6-D756-486D-A609-7156A37B9E58}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C751DAC7-2E0B-4A81-A73E-7D6F1B880B60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CADDFD5C-9C4B-4865-B8D2-AD28555432AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CB0F7061-7745-4956-8762-B7CD62D26634}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DB835E92-24E5-47B7-985E-13766C552142}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F2DAAD5D-E747-44C0-A1FA-DD019D177EC2}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{FE5A6EEA-2632-42A2-A953-6FB707E109F2}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{090BBC7B-D907-4F8B-A298-256A77F69B99}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{09631EF2-FB5B-4037-80AF-2CB8EE5E6875}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0A0234D2-899E-4886-8ADC-58037698EE82}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E561CDE-A00E-4EBD-A736-EC8CEBEB32C2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0EF0EA30-A287-4D1F-B71C-F66745B92327}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{10BA3D1A-5A6F-4FF3-9BF5-25851E4A4A3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1716D2BF-63F1-489D-9DDA-2AC8F1D5A908}" = protocol=58 | dir=in | app=system | 
"{197E0C96-EBCA-4AA6-BE8D-5A9538DD101D}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{1AC7F30F-E36F-49FE-B83C-4FBBE199231D}" = protocol=6 | dir=out | app=system | 
"{1C92FE8F-41E4-470F-883D-2BF68547C146}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F492E16-D8CB-493A-9B7F-402B5AF5C9AC}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\ys origin demo\yso_dm_win.exe | 
"{2141A870-F42F-48D8-8AEA-1E66CE656F9D}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam.exe | 
"{25916554-00BE-46C7-B3AE-AC11E9C2C407}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe | 
"{270B6C79-72F3-47F4-9C36-35D303A5F471}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2CBE0309-D7E7-494F-882F-9D3D988B63D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E802FF5-54BC-438F-93F8-435D7B3F7EAF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2F5B3C85-B817-4114-A58B-9A6D87D1C3E6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{311F30CD-B344-451D-BDF0-D546B6BC0B7E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{3C4DD8CC-6B7A-40BD-95F7-BC9CB1A0FDFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4903B354-E82D-4305-91D2-123B51AD2233}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\day of defeat source\hl2.exe | 
"{49D6128B-7F14-4385-80D9-CD3AE3C89569}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\day of defeat source\hl2.exe | 
"{4A52401B-A025-435B-B889-77C92BD0939D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C4E9927-5E24-4A46-9D93-D5CAAD1202E9}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe | 
"{4D24481C-14F8-4020-8316-CCF632F66A7A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4E9E1080-3697-4F1F-AB04-22B173BBCB14}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\day of defeat source\hl2.exe | 
"{558CA7BB-138D-4C4B-9DC9-2F41CE61A5DE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5B61BEC5-B3BE-45E2-A013-958A62608137}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{70CA1907-67B0-47E1-A5DD-329188F08ACB}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\ys origin demo\config_dm.exe | 
"{76388048-0159-482D-9D40-AD4A40E7489A}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe | 
"{7C52E84F-EA52-4BF9-8E69-19D8EC7A3E92}" = protocol=6 | dir=in | app=h:\wolfenstein\wolfenstein - enemy territory\et.exe | 
"{82DA44CA-171A-4F57-BBF5-6172B4DDB7BB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{83DFFFE7-FB6C-4665-AD69-7F2F6170993B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8911C983-9A8B-4A95-8077-3DFEAD9AC7B0}" = dir=in | app=h:\itunesnew\itunes.exe | 
"{8A379AD7-A923-4987-9A9B-D9886E55847F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8F95BC8D-B294-478B-A27E-CAE63874C44F}" = protocol=6 | dir=in | app=h:\hunted\binaries\win32\p4dftre.dll | 
"{8FA1DF2C-D65A-4CFC-99AF-BD6FBE214571}" = protocol=17 | dir=in | app=h:\hunted\binaries\win32\p4dftre.dll | 
"{912DBFEA-123E-47E0-8965-B8B3A0267C2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{95DDAA80-60F1-456A-A4F8-AAB9B559796B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9B7279B7-915C-4130-8BC0-97B4236D363C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9D14BF6E-33C5-4157-8DF3-BD179E63B1D2}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\ys origin demo\yso_dm_win.exe | 
"{9DD13FE0-01C0-48B9-BD5E-DDE0A16D5FAE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A99A1845-95DF-4FDD-B9DA-DB4F92227BDA}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{AC107865-D910-459E-9F3E-EA832F3E3FD6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BD9598D7-DC89-46C1-854E-B7DA56473B00}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam.exe | 
"{BE8C0BAB-A8A5-49E1-B7AC-897A3870453A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C0EBB2C3-786B-4BE0-B3EE-192E2BE7B684}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C388FD61-2D9E-4B1D-97DC-6CE5FF2E27C6}" = protocol=17 | dir=in | app=h:\wolfenstein\wolfenstein - enemy territory\et.exe | 
"{C85965EA-7A9C-483A-8A75-F1724609161D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CAAC8F3A-E9EE-44AF-85FE-1852D5D3E565}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{CC822044-E3BF-4FBA-840A-0418FA6B1AC9}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{CE07601B-1BC0-4BF1-B6DB-C8DC579E5702}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D0477573-7251-4921-ABC2-9A0250D78142}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D508DD3E-C296-4211-A203-E6BCF53C7FC4}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{E55A062D-42D6-434D-BF64-D45839C7E0FD}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{EAE66045-A57C-4C00-9949-0091D9CA1F42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EC30855A-5677-4C22-9E5D-3D96244AA370}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe | 
"{ECF14DFA-AB32-4C16-8794-B0F443EC829C}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\day of defeat source\hl2.exe | 
"{F24E673E-745F-493A-B03A-882E7D687327}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\ys origin demo\config_dm.exe | 
"{FA88E811-95A0-4F24-B7E2-16DE0B5909F2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FE3CEE63-C314-488E-B4F1-ADF9FCC69FF8}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe | 
"TCP Query User{00228CAF-DD6A-4E9E-9539-6DB7D4B728BF}H:\eigene dateien und dokumente\musik2\329893018 noi\age of empires\empiresx.exe" = protocol=6 | dir=in | app=h:\eigene dateien und dokumente\musik2\329893018 noi\age of empires\empiresx.exe | 
"TCP Query User{2CFE6554-4699-49AD-849C-B33BECC3A2CF}H:\wolfenstein\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=h:\wolfenstein\wolfenstein - enemy territory\et.exe | 
"TCP Query User{5028697E-5440-4153-BB5E-8EB2CF669F6E}G:\program files (x86)\icq7.6\icq.exe" = protocol=6 | dir=in | app=g:\program files (x86)\icq7.6\icq.exe | 
"TCP Query User{5134B4D3-EF21-4943-8395-48573674AB2F}H:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=h:\guild wars 2\gw2.exe | 
"TCP Query User{5E1256FB-C772-433F-89B7-81D57A96CE7F}\\kireille-pc\users\public\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=\\kireille-pc\users\public\guild wars 2\gw2.exe | 
"TCP Query User{791AEE5A-210A-4DF0-87FA-430EDAA2D325}G:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=g:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{810D0D22-E804-4C7F-9F39-DD5EEEC5C376}G:\program files (x86)\steam\steamapps\flyuruba\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\counter-strike source\hl2.exe | 
"TCP Query User{82A09523-46A8-49B7-BB2F-134893F99688}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{8AE05F2D-E9EB-4810-BF28-AAC56BF9CE01}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{ACB2FD59-2883-4B13-83C4-C09317408C67}G:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | 
"TCP Query User{B08DE2DE-CDF7-4AEB-AE7B-39199AD5F325}H:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=h:\guild wars 2\gw2.exe | 
"TCP Query User{F1D02CE3-4382-47F4-A981-289434D040E6}G:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=g:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{2C282A50-26BD-49DD-9AAF-44D3CED64A87}G:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | 
"UDP Query User{414500A2-B060-4489-BB87-47CCE544D3DC}G:\program files (x86)\icq7.6\icq.exe" = protocol=17 | dir=in | app=g:\program files (x86)\icq7.6\icq.exe | 
"UDP Query User{515BBFDB-46FB-42C5-99B5-3980457B7E9E}H:\eigene dateien und dokumente\musik2\329893018 noi\age of empires\empiresx.exe" = protocol=17 | dir=in | app=h:\eigene dateien und dokumente\musik2\329893018 noi\age of empires\empiresx.exe | 
"UDP Query User{6ACE9762-1D27-48BC-975A-20EB6841869E}\\kireille-pc\users\public\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=\\kireille-pc\users\public\guild wars 2\gw2.exe | 
"UDP Query User{90B5B4A3-56C0-4C4E-B5FA-23E4A6C1C9D1}G:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=g:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{95E48F59-F362-458E-83DB-0A3866DC0950}G:\program files (x86)\steam\steamapps\flyuruba\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\counter-strike source\hl2.exe | 
"UDP Query User{A6DB34D0-7A63-430C-885D-8879A0F44D33}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{B40A5742-8F4B-4283-ADFD-CE7B00FD171B}G:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=g:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{BB1F5677-0A77-4E9C-BF57-6D2E22099204}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{C6AEF75E-47FF-40F8-8C5F-2FDA743F59B6}H:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=h:\guild wars 2\gw2.exe | 
"UDP Query User{D4292C91-1494-4CAA-9999-0769B601BEDB}H:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=h:\guild wars 2\gw2.exe | 
"UDP Query User{D5DDDEC9-0B0A-4253-B9EE-59B7CCF463B1}H:\wolfenstein\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=h:\wolfenstein\wolfenstein - enemy territory\et.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E206106-BD80-4D56-8F74-FE43AA1C7160}" = Nitro PDF Reader 2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Hunted: The Demon's Forge_is1" = Hunted: The Demon's Forge Version 1.0
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Messenger Plus!" = Messenger Plus! 5
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Steam App 730" = Counter-Strike: Global Offensive
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.04.2013 07:13:29 | Computer Name = Meruu-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.04.2013 10:28:12 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.04.2013 05:04:47 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.04.2013 10:37:35 | Computer Name = Meruu-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.04.2013 03:23:12 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.04.2013 08:50:52 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.04.2013 09:41:45 | Computer Name = Meruu-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.04.2013 16:10:07 | Computer Name = Meruu-PC | Source = System Restore | ID = 8210
Description = 
 
Error - 11.04.2013 16:11:54 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.04.2013 03:45:32 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 05.03.2013 23:23:03 | Computer Name = Meruu-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 05.03.2013 23:23:03 | Computer Name = Meruu-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 05.03.2013 23:23:03 | Computer Name = Meruu-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 05.03.2013 23:23:03 | Computer Name = Meruu-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 06.03.2013 04:38:49 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 06.03.2013 04:38:49 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 06.03.2013 11:58:20 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 06.03.2013 11:58:20 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 07.03.2013 05:53:56 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 07.03.2013 05:53:56 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >

Gmer

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-12 10:35:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ADATA_SP rev.C3G_ 119,24GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Meruu\AppData\Local\Temp\pwloypog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075ad1465 2 bytes [AD, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075ad14bb 2 bytes [AD, 75]
.text  ...                                                                                                                                                    * 2

---- Files - GMER 2.1 ----

File   C:\Windows\System32\wbem\Performance\WmiApRpl_new.h                                                                                                    3444 bytes

---- EOF - GMER 2.1 ----

Vielen Dank für eure Hilfe im Voraus...

cosinus · 12.04.2013, 14:21

Hallo und

Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Nordeisregen · 12.04.2013, 15:17

Hallo und vielen Dank für die Antwort.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.11.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Meruu :: MERUU-PC [Administrator]

11.04.2013 23:57:18
mbam-log-2013-04-11 (23-57-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 718297
Laufzeit: 1 Stunde(n), 18 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Ich hab auch noch einen Microsoft Security Essentials Scan von gestern, aber ich finde partout nicht, wo der seine Logs speichert.

Fündig geworden ist der Virenscanner jedoch nie, seit ich den PC habe (September 2012). Falls doch, müsste mich meine Erinnerung stark trüben bzw ich müsste mal an die Logs geraten.

cosinus · 13.04.2013, 12:38

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Nordeisregen · 13.04.2013, 14:34

Danke für die Antwort.

Gmer

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-13 14:56:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ADATA_SP rev.C3G_ 119,24GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Meruu\AppData\Local\Temp\pwloypog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                     fffff80002df7000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                                     fffff80002df702f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075301465 2 bytes [30, 75]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000753014bb 2 bytes [30, 75]
.text     ...                                                                                                                                                    * 2

---- EOF - GMER 2.1 ----

Danach war ich eigentlich sicher, dass ich GMER geschlossen hatte, beim Downloaden von MBAR hatte ich allerdings einen Bluescreen. Bei Interesse kann ich ihn posten.

MBAR

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.13.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Meruu :: MERUU-PC [administrator]

13.04.2013 15:25:28
mbar-log-2013-04-13 (15-25-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28866
Time elapsed: 1 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Es kam die Meldung: "Congratulations, no cleanup is required! Scan finished: No malware found!

Daher habe ich den letzten Abschnitt bzgl Cleanup, Neustart, noch einmal Scannen usw nicht ausgeführt. Korrekt?
Kann man denn bisher sehen oder sagen, ob sich etwas Dubioses auf meinem Rechner tut?

cosinus · 13.04.2013, 16:12

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Nordeisregen · 13.04.2013, 22:38

Abend noch mal,

Beim aswMBR-Scan ist nichts Auffälliges passiert (also nicht abgestürzt oder Ähnliches).

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-13 19:43:20
-----------------------------
19:43:20.355    OS Version: Windows x64 6.1.7601 Service Pack 1
19:43:20.355    Number of processors: 4 586 0x3A09
19:43:20.355    ComputerName: MERUU-PC  UserName: Meruu
19:43:20.526    Initialize success
20:12:35.131    AVAST engine defs: 13041300
20:14:06.875    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:14:06.875    Disk 0 Vendor: ADATA_SP C3G_ Size: 122104MB BusType: 3
20:14:06.875    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
20:14:06.890    Disk 1 Vendor: ST1000DM CC4B Size: 953869MB BusType: 3
20:14:06.890    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
20:14:06.890    Disk 2 Vendor: Hitachi_ ML6O Size: 1907728MB BusType: 3
20:14:06.906    Disk 0 MBR read successfully
20:14:06.906    Disk 0 MBR scan
20:14:06.906    Disk 0 Windows 7 default MBR code
20:14:06.906    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       122103 MB offset 2048
20:14:06.921    Disk 0 scanning C:\Windows\system32\drivers
20:14:08.996    Service scanning
20:14:14.581    Modules scanning
20:14:15.080    Disk 0 trace - called modules:
20:14:15.080    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
20:14:15.080    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80091ad060]
20:14:15.080    3 CLASSPNP.SYS[fffff88001c8243f] -> nt!IofCallDriver -> [0xfffffa80069e4b10]
20:14:15.080    5 ACPI.sys[fffff880011907a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80069e7050]
20:14:15.268    AVAST engine scan C:\Windows
20:14:15.580    AVAST engine scan C:\Windows\system32
20:14:57.013    AVAST engine scan C:\Windows\system32\drivers
20:14:59.416    AVAST engine scan C:\Users\Meruu
20:15:06.295    AVAST engine scan C:\ProgramData
20:15:09.025    Scan finished successfully
20:15:34.126    Disk 0 MBR has been saved successfully to "C:\Users\Meruu\Desktop\MBR.dat"
20:15:34.141    The log file has been saved successfully to "C:\Users\Meruu\Desktop\aswMBR.txt"

TDSSKiller

Code:

ATTFilter

23:30:36.0102 4868  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:30:36.0305 4868  ============================================================
23:30:36.0305 4868  Current date / time: 2013/04/13 23:30:36.0305
23:30:36.0305 4868  SystemInfo:
23:30:36.0305 4868  
23:30:36.0305 4868  OS Version: 6.1.7601 ServicePack: 1.0
23:30:36.0305 4868  Product type: Workstation
23:30:36.0305 4868  ComputerName: MERUU-PC
23:30:36.0320 4868  UserName: Meruu
23:30:36.0320 4868  Windows directory: C:\Windows
23:30:36.0320 4868  System windows directory: C:\Windows
23:30:36.0320 4868  Running under WOW64
23:30:36.0320 4868  Processor architecture: Intel x64
23:30:36.0320 4868  Number of processors: 4
23:30:36.0320 4868  Page size: 0x1000
23:30:36.0320 4868  Boot type: Normal boot
23:30:36.0320 4868  ============================================================
23:30:49.0424 4868  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:30:49.0440 4868  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:30:49.0440 4868  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C100DE00 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:30:49.0440 4868  Drive \Device\Harddisk3\DR3 - Size: 0x7FDF8000 (2.00 Gb), SectorSize: 0x200, Cylinders: 0x104, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:30:49.0455 4868  ============================================================
23:30:49.0455 4868  \Device\Harddisk0\DR0:
23:30:49.0455 4868  MBR partitions:
23:30:49.0455 4868  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEE7BAB0
23:30:49.0455 4868  \Device\Harddisk1\DR1:
23:30:49.0455 4868  MBR partitions:
23:30:49.0455 4868  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
23:30:49.0455 4868  \Device\Harddisk2\DR2:
23:30:49.0455 4868  MBR partitions:
23:30:49.0455 4868  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:30:49.0455 4868  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3FF3E000
23:30:49.0455 4868  \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0x3FF70800, BlocksNum 0xA8E96800
23:30:49.0455 4868  \Device\Harddisk3\DR3:
23:30:49.0455 4868  MBR partitions:
23:30:49.0455 4868  ============================================================
23:30:49.0455 4868  C: <-> \Device\Harddisk0\DR0\Partition1
23:30:49.0471 4868  D: <-> \Device\Harddisk1\DR1\Partition1
23:30:49.0471 4868  F: <-> \Device\Harddisk2\DR2\Partition1
23:30:49.0502 4868  G: <-> \Device\Harddisk2\DR2\Partition2
23:30:49.0549 4868  H: <-> \Device\Harddisk2\DR2\Partition3
23:30:49.0549 4868  ============================================================
23:30:49.0549 4868  Initialize success
23:30:49.0549 4868  ============================================================
23:31:47.0441 1696  ============================================================
23:31:47.0441 1696  Scan started
23:31:47.0441 1696  Mode: Manual; SigCheck; TDLFS; 
23:31:47.0441 1696  ============================================================
23:31:47.0675 1696  ================ Scan system memory ========================
23:31:47.0675 1696  System memory - ok
23:31:47.0675 1696  ================ Scan services =============================
23:31:47.0706 1696  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:31:47.0737 1696  1394ohci - ok
23:31:47.0737 1696  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:31:47.0737 1696  ACPI - ok
23:31:47.0753 1696  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:31:47.0753 1696  AcpiPmi - ok
23:31:47.0753 1696  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:31:47.0768 1696  adp94xx - ok
23:31:47.0768 1696  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:31:47.0784 1696  adpahci - ok
23:31:47.0784 1696  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:31:47.0784 1696  adpu320 - ok
23:31:47.0784 1696  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:31:47.0815 1696  AeLookupSvc - ok
23:31:47.0815 1696  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
23:31:47.0831 1696  AFD - ok
23:31:47.0831 1696  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:31:47.0831 1696  agp440 - ok
23:31:47.0831 1696  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
23:31:47.0846 1696  ALG - ok
23:31:47.0846 1696  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:31:47.0846 1696  aliide - ok
23:31:47.0846 1696  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
23:31:47.0846 1696  amdide - ok
23:31:47.0862 1696  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:31:47.0862 1696  AmdK8 - ok
23:31:47.0862 1696  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23:31:47.0878 1696  AmdPPM - ok
23:31:47.0878 1696  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:31:47.0878 1696  amdsata - ok
23:31:47.0878 1696  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:31:47.0893 1696  amdsbs - ok
23:31:47.0893 1696  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:31:47.0893 1696  amdxata - ok
23:31:47.0893 1696  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
23:31:47.0909 1696  AppID - ok
23:31:47.0909 1696  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:31:47.0940 1696  AppIDSvc - ok
23:31:47.0940 1696  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
23:31:47.0956 1696  Appinfo - ok
23:31:47.0956 1696  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:31:47.0956 1696  Apple Mobile Device - ok
23:31:47.0971 1696  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
23:31:47.0971 1696  arc - ok
23:31:47.0971 1696  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:31:47.0971 1696  arcsas - ok
23:31:47.0987 1696  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:31:48.0002 1696  AsyncMac - ok
23:31:48.0002 1696  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
23:31:48.0002 1696  atapi - ok
23:31:48.0018 1696  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:31:48.0034 1696  AudioEndpointBuilder - ok
23:31:48.0034 1696  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:31:48.0065 1696  AudioSrv - ok
23:31:48.0065 1696  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:31:48.0065 1696  AxInstSV - ok
23:31:48.0080 1696  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
23:31:48.0080 1696  b06bdrv - ok
23:31:48.0096 1696  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:31:48.0096 1696  b57nd60a - ok
23:31:48.0096 1696  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:31:48.0112 1696  BDESVC - ok
23:31:48.0112 1696  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:31:48.0127 1696  Beep - ok
23:31:48.0127 1696  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
23:31:48.0158 1696  BFE - ok
23:31:48.0158 1696  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
23:31:48.0190 1696  BITS - ok
23:31:48.0190 1696  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
23:31:48.0190 1696  blbdrive - ok
23:31:48.0190 1696  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:31:48.0205 1696  Bonjour Service - ok
23:31:48.0205 1696  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:31:48.0205 1696  bowser - ok
23:31:48.0221 1696  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:31:48.0221 1696  BrFiltLo - ok
23:31:48.0221 1696  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:31:48.0236 1696  BrFiltUp - ok
23:31:48.0236 1696  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
23:31:48.0236 1696  Browser - ok
23:31:48.0236 1696  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:31:48.0252 1696  Brserid - ok
23:31:48.0252 1696  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:31:48.0252 1696  BrSerWdm - ok
23:31:48.0268 1696  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:31:48.0268 1696  BrUsbMdm - ok
23:31:48.0268 1696  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:31:48.0268 1696  BrUsbSer - ok
23:31:48.0283 1696  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:31:48.0283 1696  BTHMODEM - ok
23:31:48.0283 1696  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
23:31:48.0299 1696  bthserv - ok
23:31:48.0314 1696  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:31:48.0330 1696  cdfs - ok
23:31:48.0330 1696  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
23:31:48.0330 1696  cdrom - ok
23:31:48.0346 1696  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:31:48.0361 1696  CertPropSvc - ok
23:31:48.0361 1696  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
23:31:48.0361 1696  circlass - ok
23:31:48.0377 1696  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
23:31:48.0377 1696  CLFS - ok
23:31:48.0377 1696  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:31:48.0392 1696  clr_optimization_v2.0.50727_32 - ok
23:31:48.0392 1696  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:31:48.0392 1696  clr_optimization_v2.0.50727_64 - ok
23:31:48.0392 1696  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:31:48.0408 1696  clr_optimization_v4.0.30319_32 - ok
23:31:48.0408 1696  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:31:48.0408 1696  clr_optimization_v4.0.30319_64 - ok
23:31:48.0424 1696  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
23:31:48.0424 1696  CmBatt - ok
23:31:48.0424 1696  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:31:48.0424 1696  cmdide - ok
23:31:48.0439 1696  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
23:31:48.0439 1696  CNG - ok
23:31:48.0455 1696  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:31:48.0455 1696  Compbatt - ok
23:31:48.0455 1696  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:31:48.0455 1696  CompositeBus - ok
23:31:48.0470 1696  COMSysApp - ok
23:31:48.0470 1696  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:31:48.0470 1696  crcdisk - ok
23:31:48.0470 1696  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:31:48.0486 1696  CryptSvc - ok
23:31:48.0486 1696  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:31:48.0502 1696  cvhsvc - ok
23:31:48.0502 1696  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:31:48.0533 1696  DcomLaunch - ok
23:31:48.0533 1696  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
23:31:48.0564 1696  defragsvc - ok
23:31:48.0564 1696  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:31:48.0580 1696  DfsC - ok
23:31:48.0595 1696  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:31:48.0595 1696  Dhcp - ok
23:31:48.0595 1696  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
23:31:48.0626 1696  discache - ok
23:31:48.0626 1696  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
23:31:48.0626 1696  Disk - ok
23:31:48.0626 1696  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:31:48.0642 1696  Dnscache - ok
23:31:48.0642 1696  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:31:48.0658 1696  dot3svc - ok
23:31:48.0658 1696  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
23:31:48.0673 1696  DPS - ok
23:31:48.0689 1696  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:31:48.0689 1696  drmkaud - ok
23:31:48.0704 1696  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:31:48.0704 1696  DXGKrnl - ok
23:31:48.0704 1696  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
23:31:48.0720 1696  E1G60 - ok
23:31:48.0720 1696  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
23:31:48.0736 1696  EapHost - ok
23:31:48.0767 1696  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
23:31:48.0782 1696  ebdrv - ok
23:31:48.0782 1696  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
23:31:48.0798 1696  EFS - ok
23:31:48.0798 1696  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:31:48.0814 1696  ehRecvr - ok
23:31:48.0814 1696  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
23:31:48.0814 1696  ehSched - ok
23:31:48.0829 1696  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:31:48.0829 1696  elxstor - ok
23:31:48.0829 1696  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:31:48.0845 1696  ErrDev - ok
23:31:48.0845 1696  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
23:31:48.0860 1696  EventSystem - ok
23:31:48.0876 1696  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
23:31:48.0892 1696  exfat - ok
23:31:48.0892 1696  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:31:48.0907 1696  fastfat - ok
23:31:48.0923 1696  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
23:31:48.0923 1696  Fax - ok
23:31:48.0923 1696  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
23:31:48.0938 1696  fdc - ok
23:31:48.0938 1696  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:31:48.0954 1696  fdPHost - ok
23:31:48.0954 1696  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:31:48.0970 1696  FDResPub - ok
23:31:48.0970 1696  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:31:48.0985 1696  FileInfo - ok
23:31:48.0985 1696  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:31:49.0001 1696  Filetrace - ok
23:31:49.0001 1696  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:31:49.0016 1696  flpydisk - ok
23:31:49.0016 1696  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:31:49.0016 1696  FltMgr - ok
23:31:49.0032 1696  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
23:31:49.0048 1696  FontCache - ok
23:31:49.0048 1696  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:31:49.0048 1696  FontCache3.0.0.0 - ok
23:31:49.0048 1696  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:31:49.0063 1696  FsDepends - ok
23:31:49.0063 1696  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:31:49.0063 1696  Fs_Rec - ok
23:31:49.0063 1696  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:31:49.0079 1696  fvevol - ok
23:31:49.0079 1696  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:31:49.0079 1696  gagp30kx - ok
23:31:49.0079 1696  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:31:49.0094 1696  GEARAspiWDM - ok
23:31:49.0094 1696  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
23:31:49.0110 1696  gpsvc - ok
23:31:49.0110 1696  [ F8F0851D336C3B88DBD7232B6348E09A ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
23:31:49.0126 1696  hamachi - ok
23:31:49.0126 1696  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:31:49.0126 1696  hcw85cir - ok
23:31:49.0141 1696  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:31:49.0141 1696  HdAudAddService - ok
23:31:49.0141 1696  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:31:49.0157 1696  HDAudBus - ok
23:31:49.0157 1696  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
23:31:49.0157 1696  HidBatt - ok
23:31:49.0157 1696  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:31:49.0172 1696  HidBth - ok
23:31:49.0172 1696  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:31:49.0172 1696  HidIr - ok
23:31:49.0188 1696  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
23:31:49.0204 1696  hidserv - ok
23:31:49.0204 1696  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:31:49.0204 1696  HidUsb - ok
23:31:49.0204 1696  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:31:49.0219 1696  hkmsvc - ok
23:31:49.0235 1696  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:31:49.0235 1696  HomeGroupListener - ok
23:31:49.0235 1696  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:31:49.0250 1696  HomeGroupProvider - ok
23:31:49.0250 1696  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:31:49.0250 1696  HpSAMD - ok
23:31:49.0266 1696  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:31:49.0282 1696  HTTP - ok
23:31:49.0282 1696  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:31:49.0282 1696  hwpolicy - ok
23:31:49.0297 1696  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:31:49.0297 1696  i8042prt - ok
23:31:49.0297 1696  [ CCFA835960E35F30D28A868E0B3B8722 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
23:31:49.0313 1696  iaStor - ok
23:31:49.0313 1696  [ 1F35EFEC56CD1BF62435EAF97EABC3B3 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:31:49.0313 1696  IAStorDataMgrSvc - ok
23:31:49.0328 1696  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:31:49.0328 1696  iaStorV - ok
23:31:49.0344 1696  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:31:49.0344 1696  idsvc - ok
23:31:49.0344 1696  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:31:49.0360 1696  iirsp - ok
23:31:49.0360 1696  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
23:31:49.0391 1696  IKEEXT - ok
23:31:49.0422 1696  [ 5F6A3EA5BD7CA861863A3A06CECC115C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:31:49.0453 1696  IntcAzAudAddService - ok
23:31:49.0453 1696  [ B353F1834FCD36D77BE3F74992C147D4 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
23:31:50.0233 1696  Intel(R) Capability Licensing Service Interface - ok
23:31:50.0233 1696  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
23:31:50.0233 1696  intelide - ok
23:31:50.0233 1696  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
23:31:50.0249 1696  intelppm - ok
23:31:50.0249 1696  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:31:50.0264 1696  IPBusEnum - ok
23:31:50.0264 1696  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:31:50.0280 1696  IpFilterDriver - ok
23:31:50.0296 1696  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:31:50.0296 1696  iphlpsvc - ok
23:31:50.0296 1696  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:31:50.0311 1696  IPMIDRV - ok
23:31:50.0311 1696  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:31:50.0327 1696  IPNAT - ok
23:31:50.0342 1696  [ B474C756C13960793C7583B766F904C4 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:31:50.0342 1696  iPod Service - ok
23:31:50.0342 1696  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:31:50.0358 1696  IRENUM - ok
23:31:50.0358 1696  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:31:50.0358 1696  isapnp - ok
23:31:50.0374 1696  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:31:50.0374 1696  iScsiPrt - ok
23:31:50.0374 1696  [ B2381712638B0B714D0EEAB9A1F7C640 ] iusb3hcs        C:\Windows\system32\drivers\iusb3hcs.sys
23:31:50.0374 1696  iusb3hcs - ok
23:31:50.0389 1696  [ FD2C6457232E95C014DAD21DEBC64867 ] iusb3hub        C:\Windows\system32\drivers\iusb3hub.sys
23:31:50.0389 1696  iusb3hub - ok
23:31:50.0389 1696  [ F6A2B5D030BE7EDF8ADC12C9A40825A8 ] iusb3xhc        C:\Windows\system32\drivers\iusb3xhc.sys
23:31:50.0405 1696  iusb3xhc - ok
23:31:50.0405 1696  [ 5B7DE9D87B9D2713BDD6A53678DC2A49 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
23:31:50.0420 1696  jhi_service - ok
23:31:50.0420 1696  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:31:50.0420 1696  kbdclass - ok
23:31:50.0420 1696  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:31:50.0436 1696  kbdhid - ok
23:31:50.0436 1696  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
23:31:50.0436 1696  KeyIso - ok
23:31:50.0436 1696  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:31:50.0452 1696  KSecDD - ok
23:31:50.0452 1696  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:31:50.0452 1696  KSecPkg - ok
23:31:50.0452 1696  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:31:50.0467 1696  ksthunk - ok
23:31:50.0483 1696  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:31:50.0498 1696  KtmRm - ok
23:31:50.0498 1696  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:31:50.0514 1696  LanmanServer - ok
23:31:50.0530 1696  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:31:50.0545 1696  LanmanWorkstation - ok
23:31:50.0545 1696  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
23:31:50.0561 1696  LBTServ - ok
23:31:50.0561 1696  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:31:50.0561 1696  LHidFilt - ok
23:31:50.0561 1696  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:31:50.0576 1696  lltdio - ok
23:31:50.0592 1696  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:31:50.0608 1696  lltdsvc - ok
23:31:50.0608 1696  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:31:50.0623 1696  lmhosts - ok
23:31:50.0623 1696  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:31:50.0639 1696  LMouFilt - ok
23:31:50.0639 1696  [ E70FD0D2C95F559A17321D831875593D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:31:50.0639 1696  LMS - ok
23:31:50.0639 1696  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:31:50.0654 1696  LSI_FC - ok
23:31:50.0654 1696  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:31:50.0654 1696  LSI_SAS - ok
23:31:50.0654 1696  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:31:50.0670 1696  LSI_SAS2 - ok
23:31:50.0670 1696  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:31:50.0670 1696  LSI_SCSI - ok
23:31:50.0670 1696  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
23:31:50.0701 1696  luafv - ok
23:31:50.0701 1696  [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
23:31:50.0701 1696  LUsbFilt - ok
23:31:50.0701 1696  [ 07389F6925E490D2DB7882110E99921C ] lvpepf64        C:\Windows\system32\DRIVERS\lv302a64.sys
23:31:50.0701 1696  lvpepf64 - ok
23:31:50.0717 1696  [ 7F0BA3A6E8996F15693C6B7D81DA049E ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
23:31:50.0732 1696  LVRS64 - ok
23:31:50.0732 1696  [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64        C:\Windows\system32\drivers\LVUSBS64.sys
23:31:50.0732 1696  LVUSBS64 - ok
23:31:50.0732 1696  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:31:50.0748 1696  Mcx2Svc - ok
23:31:50.0748 1696  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:31:50.0748 1696  megasas - ok
23:31:50.0748 1696  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:31:50.0764 1696  MegaSR - ok
23:31:50.0764 1696  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
23:31:50.0764 1696  MEIx64 - ok
23:31:50.0764 1696  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
23:31:50.0779 1696  MMCSS - ok
23:31:50.0795 1696  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
23:31:50.0810 1696  Modem - ok
23:31:50.0810 1696  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:31:50.0810 1696  monitor - ok
23:31:50.0810 1696  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:31:50.0826 1696  mouclass - ok
23:31:50.0826 1696  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:31:50.0826 1696  mouhid - ok
23:31:50.0826 1696  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:31:50.0842 1696  mountmgr - ok
23:31:50.0842 1696  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
23:31:50.0842 1696  MpFilter - ok
23:31:50.0857 1696  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:31:50.0857 1696  mpio - ok
23:31:50.0857 1696  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:31:50.0873 1696  mpsdrv - ok
23:31:50.0888 1696  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:31:50.0904 1696  MpsSvc - ok
23:31:50.0904 1696  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:31:50.0920 1696  MRxDAV - ok
23:31:50.0920 1696  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:31:50.0920 1696  mrxsmb - ok
23:31:50.0935 1696  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:31:50.0935 1696  mrxsmb10 - ok
23:31:50.0935 1696  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:31:50.0951 1696  mrxsmb20 - ok
23:31:50.0951 1696  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:31:50.0951 1696  msahci - ok
23:31:50.0951 1696  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:31:50.0966 1696  msdsm - ok
23:31:50.0966 1696  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
23:31:50.0966 1696  MSDTC - ok
23:31:50.0982 1696  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:31:50.0998 1696  Msfs - ok
23:31:50.0998 1696  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:31:51.0013 1696  mshidkmdf - ok
23:31:51.0013 1696  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:31:51.0013 1696  msisadrv - ok
23:31:51.0029 1696  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:31:51.0044 1696  MSiSCSI - ok
23:31:51.0044 1696  msiserver - ok
23:31:51.0044 1696  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:31:51.0060 1696  MSKSSRV - ok
23:31:51.0060 1696  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
23:31:51.0076 1696  MsMpSvc - ok
23:31:51.0076 1696  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:31:51.0091 1696  MSPCLOCK - ok
23:31:51.0091 1696  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:31:51.0107 1696  MSPQM - ok
23:31:51.0107 1696  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:31:51.0122 1696  MsRPC - ok
23:31:51.0122 1696  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:31:51.0122 1696  mssmbios - ok
23:31:51.0138 1696  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:31:51.0154 1696  MSTEE - ok
23:31:51.0154 1696  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:31:51.0154 1696  MTConfig - ok
23:31:51.0154 1696  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:31:51.0169 1696  Mup - ok
23:31:51.0169 1696  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
23:31:51.0185 1696  napagent - ok
23:31:51.0200 1696  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:31:51.0200 1696  NativeWifiP - ok
23:31:51.0216 1696  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:31:51.0216 1696  NDIS - ok
23:31:51.0232 1696  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:31:51.0247 1696  NdisCap - ok
23:31:51.0247 1696  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:31:51.0263 1696  NdisTapi - ok
23:31:51.0263 1696  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:31:51.0278 1696  Ndisuio - ok
23:31:51.0278 1696  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:31:51.0310 1696  NdisWan - ok
23:31:51.0310 1696  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:31:51.0325 1696  NDProxy - ok
23:31:51.0325 1696  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:31:51.0341 1696  NetBIOS - ok
23:31:51.0341 1696  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:31:51.0356 1696  NetBT - ok
23:31:51.0372 1696  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
23:31:51.0372 1696  Netlogon - ok
23:31:51.0372 1696  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
23:31:51.0388 1696  Netman - ok
23:31:51.0403 1696  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
23:31:51.0419 1696  netprofm - ok
23:31:51.0419 1696  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:31:51.0434 1696  NetTcpPortSharing - ok
23:31:51.0434 1696  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:31:51.0434 1696  nfrd960 - ok
23:31:51.0434 1696  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:31:51.0450 1696  NisDrv - ok
23:31:51.0450 1696  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
23:31:51.0450 1696  NisSrv - ok
23:31:51.0466 1696  [ A695F9FDD23EFED49505BE9076825F65 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
23:31:51.0466 1696  NitroReaderDriverReadSpool2 - ok
23:31:51.0466 1696  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:31:51.0481 1696  NlaSvc - ok
23:31:51.0481 1696  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:31:51.0497 1696  Npfs - ok
23:31:51.0497 1696  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
23:31:51.0512 1696  nsi - ok
23:31:51.0528 1696  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:31:51.0544 1696  nsiproxy - ok
23:31:51.0559 1696  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:31:51.0575 1696  Ntfs - ok
23:31:51.0575 1696  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
23:31:51.0590 1696  Null - ok
23:31:51.0590 1696  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
23:31:51.0606 1696  NVHDA - ok
23:31:51.0700 1696  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:31:51.0809 1696  nvlddmkm - ok
23:31:51.0809 1696  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:31:51.0824 1696  nvraid - ok
23:31:51.0824 1696  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:31:51.0824 1696  nvstor - ok
23:31:51.0824 1696  [ EF802CB897A5802311E46B18EFEB04DD ] NvStUSB         C:\Windows\system32\drivers\nvstusb.sys
23:31:51.0840 1696  NvStUSB - ok
23:31:51.0840 1696  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:31:51.0856 1696  nvsvc - ok
23:31:51.0871 1696  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:31:51.0887 1696  nvUpdatusService - ok
23:31:51.0887 1696  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:31:51.0887 1696  nv_agp - ok
23:31:51.0887 1696  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:31:51.0902 1696  ohci1394 - ok
23:31:51.0902 1696  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:31:51.0902 1696  ose - ok
23:31:51.0949 1696  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:31:51.0996 1696  osppsvc - ok
23:31:51.0996 1696  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:31:51.0996 1696  p2pimsvc - ok
23:31:52.0012 1696  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:31:52.0012 1696  p2psvc - ok
23:31:52.0012 1696  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
23:31:52.0027 1696  Parport - ok
23:31:52.0027 1696  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:31:52.0027 1696  partmgr - ok
23:31:52.0027 1696  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:31:52.0043 1696  PcaSvc - ok
23:31:52.0043 1696  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
23:31:52.0058 1696  pci - ok
23:31:52.0058 1696  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
23:31:52.0058 1696  pciide - ok
23:31:52.0058 1696  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:31:52.0074 1696  pcmcia - ok
23:31:52.0074 1696  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:31:52.0074 1696  pcw - ok
23:31:52.0090 1696  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:31:52.0105 1696  PEAUTH - ok
23:31:52.0121 1696  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:31:52.0121 1696  PerfHost - ok
23:31:52.0152 1696  [ 087A343DFC337F37723DD7912DE6B6CD ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V64.SYS
23:31:52.0168 1696  PID_PEPI - ok
23:31:52.0183 1696  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
23:31:52.0214 1696  pla - ok
23:31:52.0214 1696  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:31:52.0230 1696  PlugPlay - ok
23:31:52.0230 1696  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:31:52.0230 1696  PNRPAutoReg - ok
23:31:52.0230 1696  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:31:52.0246 1696  PNRPsvc - ok
23:31:52.0246 1696  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:31:52.0261 1696  PolicyAgent - ok
23:31:52.0277 1696  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
23:31:52.0292 1696  Power - ok
23:31:52.0292 1696  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:31:52.0308 1696  PptpMiniport - ok
23:31:52.0308 1696  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
23:31:52.0324 1696  Processor - ok
23:31:52.0324 1696  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:31:52.0324 1696  ProfSvc - ok
23:31:52.0324 1696  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:31:52.0339 1696  ProtectedStorage - ok
23:31:52.0339 1696  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:31:52.0355 1696  Psched - ok
23:31:52.0370 1696  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:31:52.0386 1696  ql2300 - ok
23:31:52.0386 1696  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:31:52.0386 1696  ql40xx - ok
23:31:52.0402 1696  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
23:31:52.0402 1696  QWAVE - ok
23:31:52.0402 1696  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:31:52.0417 1696  QWAVEdrv - ok
23:31:52.0417 1696  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
23:31:52.0433 1696  RapiMgr - ok
23:31:52.0433 1696  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:31:52.0448 1696  RasAcd - ok
23:31:52.0448 1696  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:31:52.0464 1696  RasAgileVpn - ok
23:31:52.0464 1696  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
23:31:52.0480 1696  RasAuto - ok
23:31:52.0495 1696  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:31:52.0511 1696  Rasl2tp - ok
23:31:52.0511 1696  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
23:31:52.0526 1696  RasMan - ok
23:31:52.0526 1696  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:31:52.0558 1696  RasPppoe - ok
23:31:52.0558 1696  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:31:52.0573 1696  RasSstp - ok
23:31:52.0573 1696  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:31:52.0589 1696  rdbss - ok
23:31:52.0589 1696  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
23:31:52.0604 1696  rdpbus - ok
23:31:52.0604 1696  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:31:52.0620 1696  RDPCDD - ok
23:31:52.0620 1696  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:31:52.0636 1696  RDPENCDD - ok
23:31:52.0636 1696  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:31:52.0667 1696  RDPREFMP - ok
23:31:52.0667 1696  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:31:52.0667 1696  RdpVideoMiniport - ok
23:31:52.0667 1696  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:31:52.0682 1696  RDPWD - ok
23:31:52.0682 1696  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:31:52.0682 1696  rdyboost - ok
23:31:52.0698 1696  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:31:52.0714 1696  RemoteAccess - ok
23:31:52.0714 1696  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:31:52.0729 1696  RemoteRegistry - ok
23:31:52.0729 1696  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:31:52.0745 1696  RpcEptMapper - ok
23:31:52.0760 1696  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
23:31:52.0760 1696  RpcLocator - ok
23:31:52.0760 1696  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
23:31:52.0792 1696  RpcSs - ok
23:31:52.0792 1696  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:31:52.0807 1696  rspndr - ok
23:31:52.0807 1696  [ BD9BA262CF26EFE9A9867EBE32D12164 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
23:31:52.0823 1696  RTL8167 - ok
23:31:52.0823 1696  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
23:31:52.0823 1696  SamSs - ok
23:31:52.0823 1696  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:31:52.0838 1696  sbp2port - ok
23:31:52.0838 1696  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:31:52.0854 1696  SCardSvr - ok
23:31:52.0854 1696  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:31:52.0870 1696  scfilter - ok
23:31:52.0885 1696  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
23:31:52.0916 1696  Schedule - ok
23:31:52.0916 1696  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:31:52.0932 1696  SCPolicySvc - ok
23:31:52.0932 1696  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:31:52.0932 1696  SDRSVC - ok
23:31:52.0948 1696  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:31:52.0963 1696  secdrv - ok
23:31:52.0963 1696  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
23:31:52.0979 1696  seclogon - ok
23:31:52.0979 1696  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
23:31:52.0994 1696  SENS - ok
23:31:52.0994 1696  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:31:53.0010 1696  SensrSvc - ok
23:31:53.0010 1696  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
23:31:53.0010 1696  Serenum - ok
23:31:53.0010 1696  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
23:31:53.0026 1696  Serial - ok
23:31:53.0026 1696  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:31:53.0026 1696  sermouse - ok
23:31:53.0041 1696  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:31:53.0057 1696  SessionEnv - ok
23:31:53.0057 1696  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:31:53.0057 1696  sffdisk - ok
23:31:53.0057 1696  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:31:53.0072 1696  sffp_mmc - ok
23:31:53.0072 1696  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:31:53.0072 1696  sffp_sd - ok
23:31:53.0088 1696  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:31:53.0088 1696  sfloppy - ok
23:31:53.0088 1696  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
23:31:53.0104 1696  Sftfs - ok
23:31:53.0104 1696  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:31:53.0119 1696  sftlist - ok
23:31:53.0119 1696  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:31:53.0119 1696  Sftplay - ok
23:31:53.0135 1696  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:31:53.0135 1696  Sftredir - ok
23:31:53.0135 1696  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
23:31:53.0135 1696  Sftvol - ok
23:31:53.0135 1696  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:31:53.0150 1696  sftvsa - ok
23:31:53.0150 1696  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:31:53.0166 1696  SharedAccess - ok
23:31:53.0182 1696  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:31:53.0197 1696  ShellHWDetection - ok
23:31:53.0197 1696  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:31:53.0197 1696  SiSRaid2 - ok
23:31:53.0197 1696  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:31:53.0213 1696  SiSRaid4 - ok
23:31:53.0213 1696  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:31:53.0213 1696  SkypeUpdate - ok
23:31:53.0228 1696  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:31:53.0244 1696  Smb - ok
23:31:53.0244 1696  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:31:53.0244 1696  SNMPTRAP - ok
23:31:53.0244 1696  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:31:53.0260 1696  spldr - ok
23:31:53.0260 1696  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
23:31:53.0275 1696  Spooler - ok
23:31:53.0291 1696  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
23:31:53.0338 1696  sppsvc - ok
23:31:53.0338 1696  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:31:53.0353 1696  sppuinotify - ok
23:31:53.0353 1696  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:31:53.0369 1696  srv - ok
23:31:53.0369 1696  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:31:53.0384 1696  srv2 - ok
23:31:53.0384 1696  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:31:53.0384 1696  srvnet - ok
23:31:53.0400 1696  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:31:53.0416 1696  SSDPSRV - ok
23:31:53.0416 1696  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:31:53.0431 1696  SstpSvc - ok
23:31:53.0431 1696  Steam Client Service - ok
23:31:53.0431 1696  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:31:53.0447 1696  Stereo Service - ok
23:31:53.0447 1696  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:31:53.0447 1696  stexstor - ok
23:31:53.0462 1696  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
23:31:53.0478 1696  stisvc - ok
23:31:53.0478 1696  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:31:53.0478 1696  swenum - ok
23:31:53.0478 1696  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
23:31:53.0509 1696  swprv - ok
23:31:53.0525 1696  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
23:31:53.0540 1696  SysMain - ok
23:31:53.0540 1696  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:31:53.0540 1696  TabletInputService - ok
23:31:53.0556 1696  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:31:53.0572 1696  TapiSrv - ok
23:31:53.0572 1696  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
23:31:53.0587 1696  TBS - ok
23:31:53.0603 1696  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:31:53.0634 1696  Tcpip - ok
23:31:53.0634 1696  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:31:53.0665 1696  TCPIP6 - ok
23:31:53.0665 1696  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:31:53.0665 1696  tcpipreg - ok
23:31:53.0665 1696  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:31:53.0681 1696  TDPIPE - ok
23:31:53.0681 1696  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:31:53.0681 1696  TDTCP - ok
23:31:53.0681 1696  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:31:53.0696 1696  tdx - ok
23:31:53.0712 1696  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:31:53.0712 1696  TermDD - ok
23:31:53.0712 1696  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
23:31:53.0743 1696  TermService - ok
23:31:53.0743 1696  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
23:31:53.0743 1696  Themes - ok
23:31:53.0743 1696  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
23:31:53.0774 1696  THREADORDER - ok
23:31:53.0774 1696  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
23:31:53.0790 1696  TrkWks - ok
23:31:53.0790 1696  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:31:53.0806 1696  TrustedInstaller - ok
23:31:53.0821 1696  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:31:53.0837 1696  tssecsrv - ok
23:31:53.0837 1696  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:31:53.0837 1696  TsUsbFlt - ok
23:31:53.0837 1696  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
23:31:53.0852 1696  TsUsbGD - ok
23:31:53.0852 1696  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:31:53.0868 1696  tunnel - ok
23:31:53.0868 1696  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:31:53.0868 1696  uagp35 - ok
23:31:53.0884 1696  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:31:53.0899 1696  udfs - ok
23:31:53.0899 1696  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:31:53.0899 1696  UI0Detect - ok
23:31:53.0915 1696  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:31:53.0915 1696  uliagpkx - ok
23:31:53.0915 1696  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:31:53.0915 1696  umbus - ok
23:31:53.0930 1696  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:31:53.0930 1696  UmPass - ok
23:31:53.0930 1696  [ C485FB802F6C4A306B8F89BA087E5CA2 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:31:53.0946 1696  UNS - ok
23:31:53.0946 1696  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
23:31:53.0962 1696  upnphost - ok
23:31:53.0962 1696  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
23:31:53.0977 1696  USBAAPL64 - ok
23:31:53.0977 1696  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:31:53.0977 1696  usbaudio - ok
23:31:53.0993 1696  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:31:53.0993 1696  usbccgp - ok
23:31:53.0993 1696  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:31:54.0008 1696  usbcir - ok
23:31:54.0008 1696  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:31:54.0008 1696  usbehci - ok
23:31:54.0008 1696  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:31:54.0024 1696  usbhub - ok
23:31:54.0024 1696  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:31:54.0024 1696  usbohci - ok
23:31:54.0024 1696  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
23:31:54.0040 1696  usbprint - ok
23:31:54.0040 1696  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:31:54.0040 1696  USBSTOR - ok
23:31:54.0040 1696  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:31:54.0055 1696  usbuhci - ok
23:31:54.0055 1696  [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
23:31:54.0055 1696  usb_rndisx - ok
23:31:54.0055 1696  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
23:31:54.0086 1696  UxSms - ok
23:31:54.0086 1696  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
23:31:54.0086 1696  VaultSvc - ok
23:31:54.0086 1696  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:31:54.0102 1696  vdrvroot - ok
23:31:54.0102 1696  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
23:31:54.0118 1696  vds - ok
23:31:54.0118 1696  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:31:54.0133 1696  vga - ok
23:31:54.0133 1696  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:31:54.0149 1696  VgaSave - ok
23:31:54.0149 1696  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:31:54.0164 1696  vhdmp - ok
23:31:54.0164 1696  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:31:54.0164 1696  viaide - ok
23:31:54.0164 1696  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:31:54.0180 1696  volmgr - ok
23:31:54.0180 1696  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:31:54.0180 1696  volmgrx - ok
23:31:54.0196 1696  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:31:54.0196 1696  volsnap - ok
23:31:54.0196 1696  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:31:54.0211 1696  vsmraid - ok
23:31:54.0211 1696  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
23:31:54.0242 1696  VSS - ok
23:31:54.0242 1696  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:31:54.0258 1696  vwifibus - ok
23:31:54.0258 1696  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
23:31:54.0274 1696  W32Time - ok
23:31:54.0289 1696  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:31:54.0289 1696  WacomPen - ok
23:31:54.0289 1696  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:31:54.0305 1696  WANARP - ok
23:31:54.0305 1696  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:31:54.0320 1696  Wanarpv6 - ok
23:31:54.0336 1696  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
23:31:54.0352 1696  wbengine - ok
23:31:54.0352 1696  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:31:54.0367 1696  WbioSrvc - ok
23:31:54.0367 1696  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
23:31:54.0383 1696  WcesComm - ok
23:31:54.0383 1696  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:31:54.0398 1696  wcncsvc - ok
23:31:54.0398 1696  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:31:54.0398 1696  WcsPlugInService - ok
23:31:54.0398 1696  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
23:31:54.0414 1696  Wd - ok
23:31:54.0414 1696  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:31:54.0430 1696  Wdf01000 - ok
23:31:54.0430 1696  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:31:54.0445 1696  WdiServiceHost - ok
23:31:54.0445 1696  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:31:54.0445 1696  WdiSystemHost - ok
23:31:54.0461 1696  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
23:31:54.0461 1696  WebClient - ok
23:31:54.0461 1696  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:31:54.0492 1696  Wecsvc - ok
23:31:54.0492 1696  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:31:54.0508 1696  wercplsupport - ok
23:31:54.0508 1696  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:31:54.0523 1696  WerSvc - ok
23:31:54.0539 1696  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:31:54.0554 1696  WfpLwf - ok
23:31:54.0554 1696  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:31:54.0554 1696  WIMMount - ok
23:31:54.0554 1696  WinDefend - ok
23:31:54.0554 1696  WinHttpAutoProxySvc - ok
23:31:54.0570 1696  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:31:54.0586 1696  Winmgmt - ok
23:31:54.0601 1696  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
23:31:54.0632 1696  WinRM - ok
23:31:54.0632 1696  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:31:54.0648 1696  Wlansvc - ok
23:31:54.0648 1696  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:31:54.0664 1696  WmiAcpi - ok
23:31:54.0664 1696  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:31:54.0664 1696  wmiApSrv - ok
23:31:54.0664 1696  WMPNetworkSvc - ok
23:31:54.0679 1696  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:31:54.0679 1696  WPCSvc - ok
23:31:54.0679 1696  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:31:54.0695 1696  WPDBusEnum - ok
23:31:54.0695 1696  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:31:54.0710 1696  ws2ifsl - ok
23:31:54.0710 1696  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
23:31:54.0726 1696  wscsvc - ok
23:31:54.0726 1696  WSearch - ok
23:31:54.0742 1696  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:31:54.0757 1696  wuauserv - ok
23:31:54.0773 1696  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:31:54.0773 1696  WudfPf - ok
23:31:54.0773 1696  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:31:54.0788 1696  WUDFRd - ok
23:31:54.0788 1696  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:31:54.0788 1696  wudfsvc - ok
23:31:54.0788 1696  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:31:54.0804 1696  WwanSvc - ok
23:31:54.0804 1696  ================ Scan global ===============================
23:31:54.0804 1696  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:31:54.0820 1696  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:31:54.0820 1696  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:31:54.0820 1696  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:31:54.0820 1696  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:31:54.0820 1696  [Global] - ok
23:31:54.0820 1696  ================ Scan MBR ==================================
23:31:54.0820 1696  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:31:54.0913 1696  \Device\Harddisk0\DR0 - ok
23:31:54.0913 1696  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
23:31:54.0976 1696  \Device\Harddisk1\DR1 - ok
23:31:55.0007 1696  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
23:31:55.0210 1696  \Device\Harddisk2\DR2 - ok
23:31:55.0210 1696  [ BE0F2861FD3E640EF89C77A47BB2DC27 ] \Device\Harddisk3\DR3
23:31:56.0832 1696  \Device\Harddisk3\DR3 - ok
23:31:56.0832 1696  ================ Scan VBR ==================================
23:31:56.0848 1696  [ CFB51CD4EBD2ED90F593D06080033F7A ] \Device\Harddisk0\DR0\Partition1
23:31:56.0848 1696  \Device\Harddisk0\DR0\Partition1 - ok
23:31:56.0848 1696  [ D8734F727EC94A61ED7D1A7457DFA18F ] \Device\Harddisk1\DR1\Partition1
23:31:56.0848 1696  \Device\Harddisk1\DR1\Partition1 - ok
23:31:56.0848 1696  [ 85FEB251A97FA552DCB1386FDF7832FF ] \Device\Harddisk2\DR2\Partition1
23:31:56.0848 1696  \Device\Harddisk2\DR2\Partition1 - ok
23:31:56.0894 1696  [ 9882329DA7872FA4931E79C64A42EBF3 ] \Device\Harddisk2\DR2\Partition2
23:31:56.0894 1696  \Device\Harddisk2\DR2\Partition2 - ok
23:31:56.0910 1696  [ 862419E3D0995A7142EB3FE2ECF21FDE ] \Device\Harddisk2\DR2\Partition3
23:31:56.0910 1696  \Device\Harddisk2\DR2\Partition3 - ok
23:31:56.0910 1696  ============================================================
23:31:56.0910 1696  Scan finished
23:31:56.0910 1696  ============================================================
23:31:56.0910 7036  Detected object count: 0
23:31:56.0910 7036  Actual detected object count: 0
23:32:22.0322 6904  Deinitialize success

cosinus · 15.04.2013, 11:07

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Nordeisregen · 15.04.2013, 11:55

Morgen. :>

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Meruu on 15.04.2013 at 12:34:05,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.04.2013 at 12:37:12,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

adwCleaner

Code:

ATTFilter

# AdwCleaner v2.200 - Datei am 15/04/2013 um 12:42:56 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Meruu - MERUU-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Meruu\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Meruu\AppData\Local\Temp\Uninstall.exe

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\Software\OpenCandy NSIS SDK

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\Meruu\AppData\Roaming\Mozilla\Firefox\Profiles\voycfkip.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [873 octets] - [15/04/2013 12:42:56]

########## EOF - C:\AdwCleaner[S1].txt - [932 octets] ##########

OTL

Code:

ATTFilter

OTL logfile created on: 15.04.2013 12:47:35 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Meruu\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 76,52% Memory free
15,91 Gb Paging File | 14,30 Gb Available in Paging File | 89,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 70,54 Gb Free Space | 59,16% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 896,27 Gb Free Space | 96,22% Space Free | Partition Type: NTFS
Drive E: | 7,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 100,00 Mb Total Space | 71,86 Mb Free Space | 71,87% Space Free | Partition Type: NTFS
Drive G: | 511,62 Gb Total Space | 384,99 Gb Free Space | 75,25% Space Free | Partition Type: NTFS
Drive H: | 1351,29 Gb Total Space | 1072,68 Gb Free Space | 79,38% Space Free | Partition Type: NTFS
Drive I: | 2,00 Gb Total Space | 0,65 Gb Free Space | 32,59% Space Free | Partition Type: FAT
 
Computer Name: MERUU-PC | User Name: Meruu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Meruu\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\a9f8b35698a9a28f22861f7b814b79bc\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c484ce0997e68573a00dc6cddf16e2ac\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{92F54EEC-695B-4CD8-ACB8-8521188424CD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{92F54EEC-695B-4CD8-ACB8-8521188424CD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS;
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3104402843-366347764-2233831258-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3104402843-366347764-2233831258-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3104402843-366347764-2233831258-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
IE - HKU\S-1-5-21-3104402843-366347764-2233831258-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com
IE - HKU\S-1-5-21-3104402843-366347764-2233831258-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3104402843-366347764-2233831258-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3104402843-366347764-2233831258-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Itunesnew\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: H:\Firefox\components [2013.04.13 13:12:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: H:\Firefox\plugins
 
[2012.09.01 13:10:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meruu\AppData\Roaming\mozilla\Extensions
[2013.03.29 15:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meruu\AppData\Roaming\mozilla\Firefox\Profiles\voycfkip.default\extensions
[2013.03.29 15:22:32 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\Meruu\AppData\Roaming\mozilla\firefox\profiles\voycfkip.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.14 21:28:18 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Meruu\AppData\Roaming\mozilla\firefox\profiles\voycfkip.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3104402843-366347764-2233831258-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3104402843-366347764-2233831258-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3104402843-366347764-2233831258-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA5D05F9-DFAE-4D53-8E89-B8AE828EE494}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.25 22:54:19 | 000,013,128 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.04.22 17:13:49 | 000,000,074 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4b290048-f41e-11e1-be35-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4b290048-f41e-11e1-be35-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2011.04.25 22:54:19 | 000,013,128 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.15 12:34:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.15 12:33:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.15 12:28:59 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Meruu\Desktop\JRT.exe
[2013.04.13 23:25:06 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Meruu\Desktop\tdsskiller.exe
[2013.04.13 19:30:09 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Meruu\Desktop\aswMBR.exe
[2013.04.13 15:16:38 | 000,000,000 | ---D | C] -- C:\Users\Meruu\Desktop\mbar
[2013.04.13 15:08:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.12 10:02:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Meruu\Desktop\OTL.exe
[2013.04.12 01:17:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.12 01:17:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.12 01:17:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.12 01:17:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.12 01:17:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.12 01:17:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.12 01:17:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.12 01:17:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.12 01:17:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.12 01:17:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.12 01:17:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.12 01:17:38 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.12 01:17:37 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.12 01:17:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.12 01:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.11 23:50:35 | 000,000,000 | ---D | C] -- C:\Users\Meruu\AppData\Roaming\Malwarebytes
[2013.04.11 23:50:05 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.11 23:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.11 23:49:21 | 000,000,000 | ---D | C] -- C:\Users\Meruu\AppData\Local\Programs
[2013.04.11 15:01:16 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.11 15:01:16 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.11 15:01:16 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.11 15:01:16 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.11 15:01:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.11 15:01:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.03.26 01:54:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013.03.26 01:54:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.15 12:44:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.15 12:44:25 | 2111,344,639 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.15 12:40:53 | 000,613,083 | ---- | M] () -- C:\Users\Meruu\Desktop\adwcleaner.exe
[2013.04.15 12:29:18 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Meruu\Desktop\JRT.exe
[2013.04.15 12:22:54 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.15 12:22:54 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.15 12:11:41 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 12:11:41 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 12:09:24 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.15 12:09:24 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.15 12:09:24 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.15 12:09:24 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.15 12:09:24 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.13 23:25:48 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Meruu\Desktop\tdsskiller.exe
[2013.04.13 20:15:34 | 000,000,512 | ---- | M] () -- C:\Users\Meruu\Desktop\MBR.dat
[2013.04.13 19:31:28 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Meruu\Desktop\aswMBR.exe
[2013.04.13 15:15:04 | 012,917,756 | ---- | M] () -- C:\Users\Meruu\Desktop\mbar-1.05.0.1001.zip
[2013.04.13 15:09:43 | 000,001,462 | ---- | M] () -- C:\Users\Meruu\Desktop\bluescreen.rtf
[2013.04.13 15:08:30 | 704,127,758 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.12 13:43:48 | 000,001,011 | ---- | M] () -- C:\Users\Meruu\Meruu - Verknüpfung.lnk
[2013.04.12 10:23:30 | 000,377,856 | ---- | M] () -- C:\Users\Meruu\Desktop\gmer_2.1.19163.exe
[2013.04.12 10:02:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meruu\Desktop\OTL.exe
[2013.04.12 09:43:44 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.30 18:09:32 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.30 18:09:32 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.19 18:04:48 | 000,002,245 | ---- | M] () -- C:\Users\Meruu\Documents\nachforschungsauftrag.rtf
[2013.03.19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
 
========== Files Created - No Company Name ==========
 
[2013.04.15 12:40:36 | 000,613,083 | ---- | C] () -- C:\Users\Meruu\Desktop\adwcleaner.exe
[2013.04.13 20:15:34 | 000,000,512 | ---- | C] () -- C:\Users\Meruu\Desktop\MBR.dat
[2013.04.13 15:09:43 | 000,001,462 | ---- | C] () -- C:\Users\Meruu\Desktop\bluescreen.rtf
[2013.04.13 15:08:30 | 704,127,758 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.13 15:07:02 | 012,917,756 | ---- | C] () -- C:\Users\Meruu\Desktop\mbar-1.05.0.1001.zip
[2013.04.12 13:43:48 | 000,001,011 | ---- | C] () -- C:\Users\Meruu\Meruu - Verknüpfung.lnk
[2013.04.12 10:28:40 | 000,377,856 | ---- | C] () -- C:\Users\Meruu\Desktop\gmer_2.1.19163.exe
[2013.03.19 18:04:48 | 000,002,245 | ---- | C] () -- C:\Users\Meruu\Documents\nachforschungsauftrag.rtf
[2013.01.24 20:03:18 | 001,017,955 | ---- | C] () -- C:\Users\Meruu\Scannen0005.jpg
[2013.01.24 20:03:18 | 000,461,634 | ---- | C] () -- C:\Users\Meruu\Scannen0006.jpg
[2012.09.01 17:05:39 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.19 18:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.04.27 15:21:44 | 000,002,048 | ---- | C] () -- C:\Windows\hidcon.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

OTL Extras

Code:

ATTFilter

OTL Extras logfile created on: 15.04.2013 12:47:35 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Meruu\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 76,52% Memory free
15,91 Gb Paging File | 14,30 Gb Available in Paging File | 89,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 70,54 Gb Free Space | 59,16% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 896,27 Gb Free Space | 96,22% Space Free | Partition Type: NTFS
Drive E: | 7,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 100,00 Mb Total Space | 71,86 Mb Free Space | 71,87% Space Free | Partition Type: NTFS
Drive G: | 511,62 Gb Total Space | 384,99 Gb Free Space | 75,25% Space Free | Partition Type: NTFS
Drive H: | 1351,29 Gb Total Space | 1072,68 Gb Free Space | 79,38% Space Free | Partition Type: NTFS
Drive I: | 2,00 Gb Total Space | 0,65 Gb Free Space | 32,59% Space Free | Partition Type: FAT
 
Computer Name: MERUU-PC | User Name: Meruu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3104402843-366347764-2233831258-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- H:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07116827-C965-4514-925D-57FCE0FFBBFA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{10B93ECD-F8B4-4950-9B86-C97730E121E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1921E80D-A64B-4E67-BF79-0F7E0608E353}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3E177F11-4CF1-4611-949B-6FAC489974C0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4AA54BBD-AE4C-449A-A03B-7ADA47871AF1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{51B18C89-5306-4067-BFD5-D2BF85E0EF14}" = rport=138 | protocol=17 | dir=out | app=system | 
"{567BD6B5-5A20-4851-821A-D8B9FBC0277E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{569F60A4-B355-4924-97DC-92368669BC4B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{599AD2D3-5816-4D8D-A55C-1A9FFB27E487}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5C362C6D-10ED-407E-A731-A87A0F84EB09}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5E4921E6-3602-42A1-AD6E-512DEE98211C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{64A0F9C7-70BC-4876-9194-CED239448F2B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{75D65371-344F-4E28-8C39-FB2AE277B9BB}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{96A52E0F-9E9D-405B-B92C-47F6D1452468}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{9D507A2A-BE73-40BC-9113-729A0FFD4F98}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{A3B71B45-9D4C-42CE-BB7E-AC9796BDC52D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ABA89E5B-79BE-4C18-8389-600A5B777D58}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AC24C16F-3556-44F2-9052-0B07C876DDF9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AE973D08-9DC7-498C-81BD-CF21858EC62B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B23EBE35-F4A4-41E0-B57E-84B0AC411836}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BA4AA268-6A07-4119-8B77-0A1D366D935B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BCD7BE9D-3864-45BE-B898-31D27AC9F4C3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C1B738F6-D756-486D-A609-7156A37B9E58}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C751DAC7-2E0B-4A81-A73E-7D6F1B880B60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CADDFD5C-9C4B-4865-B8D2-AD28555432AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CB0F7061-7745-4956-8762-B7CD62D26634}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DB835E92-24E5-47B7-985E-13766C552142}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F2DAAD5D-E747-44C0-A1FA-DD019D177EC2}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{FE5A6EEA-2632-42A2-A953-6FB707E109F2}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{090BBC7B-D907-4F8B-A298-256A77F69B99}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{09631EF2-FB5B-4037-80AF-2CB8EE5E6875}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0A0234D2-899E-4886-8ADC-58037698EE82}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E561CDE-A00E-4EBD-A736-EC8CEBEB32C2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0EF0EA30-A287-4D1F-B71C-F66745B92327}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{10BA3D1A-5A6F-4FF3-9BF5-25851E4A4A3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1716D2BF-63F1-489D-9DDA-2AC8F1D5A908}" = protocol=58 | dir=in | app=system | 
"{197E0C96-EBCA-4AA6-BE8D-5A9538DD101D}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{1AC7F30F-E36F-49FE-B83C-4FBBE199231D}" = protocol=6 | dir=out | app=system | 
"{1C92FE8F-41E4-470F-883D-2BF68547C146}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F492E16-D8CB-493A-9B7F-402B5AF5C9AC}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\ys origin demo\yso_dm_win.exe | 
"{2141A870-F42F-48D8-8AEA-1E66CE656F9D}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam.exe | 
"{25916554-00BE-46C7-B3AE-AC11E9C2C407}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe | 
"{270B6C79-72F3-47F4-9C36-35D303A5F471}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2CBE0309-D7E7-494F-882F-9D3D988B63D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E802FF5-54BC-438F-93F8-435D7B3F7EAF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2F5B3C85-B817-4114-A58B-9A6D87D1C3E6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{311F30CD-B344-451D-BDF0-D546B6BC0B7E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{3C4DD8CC-6B7A-40BD-95F7-BC9CB1A0FDFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4903B354-E82D-4305-91D2-123B51AD2233}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\day of defeat source\hl2.exe | 
"{49D6128B-7F14-4385-80D9-CD3AE3C89569}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\day of defeat source\hl2.exe | 
"{4A52401B-A025-435B-B889-77C92BD0939D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C4E9927-5E24-4A46-9D93-D5CAAD1202E9}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe | 
"{4D24481C-14F8-4020-8316-CCF632F66A7A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4E9E1080-3697-4F1F-AB04-22B173BBCB14}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\day of defeat source\hl2.exe | 
"{558CA7BB-138D-4C4B-9DC9-2F41CE61A5DE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5B61BEC5-B3BE-45E2-A013-958A62608137}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{70CA1907-67B0-47E1-A5DD-329188F08ACB}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\ys origin demo\config_dm.exe | 
"{76388048-0159-482D-9D40-AD4A40E7489A}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe | 
"{7C52E84F-EA52-4BF9-8E69-19D8EC7A3E92}" = protocol=6 | dir=in | app=h:\wolfenstein\wolfenstein - enemy territory\et.exe | 
"{82DA44CA-171A-4F57-BBF5-6172B4DDB7BB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{83DFFFE7-FB6C-4665-AD69-7F2F6170993B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8911C983-9A8B-4A95-8077-3DFEAD9AC7B0}" = dir=in | app=h:\itunesnew\itunes.exe | 
"{8A379AD7-A923-4987-9A9B-D9886E55847F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8F95BC8D-B294-478B-A27E-CAE63874C44F}" = protocol=6 | dir=in | app=h:\hunted\binaries\win32\p4dftre.dll | 
"{8FA1DF2C-D65A-4CFC-99AF-BD6FBE214571}" = protocol=17 | dir=in | app=h:\hunted\binaries\win32\p4dftre.dll | 
"{912DBFEA-123E-47E0-8965-B8B3A0267C2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{95DDAA80-60F1-456A-A4F8-AAB9B559796B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9B7279B7-915C-4130-8BC0-97B4236D363C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9D14BF6E-33C5-4157-8DF3-BD179E63B1D2}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\ys origin demo\yso_dm_win.exe | 
"{9DD13FE0-01C0-48B9-BD5E-DDE0A16D5FAE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A99A1845-95DF-4FDD-B9DA-DB4F92227BDA}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{AC107865-D910-459E-9F3E-EA832F3E3FD6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BD9598D7-DC89-46C1-854E-B7DA56473B00}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam.exe | 
"{BE8C0BAB-A8A5-49E1-B7AC-897A3870453A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C0EBB2C3-786B-4BE0-B3EE-192E2BE7B684}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C388FD61-2D9E-4B1D-97DC-6CE5FF2E27C6}" = protocol=17 | dir=in | app=h:\wolfenstein\wolfenstein - enemy territory\et.exe | 
"{C85965EA-7A9C-483A-8A75-F1724609161D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CAAC8F3A-E9EE-44AF-85FE-1852D5D3E565}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{CC822044-E3BF-4FBA-840A-0418FA6B1AC9}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{CE07601B-1BC0-4BF1-B6DB-C8DC579E5702}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D0477573-7251-4921-ABC2-9A0250D78142}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D508DD3E-C296-4211-A203-E6BCF53C7FC4}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{E55A062D-42D6-434D-BF64-D45839C7E0FD}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{EAE66045-A57C-4C00-9949-0091D9CA1F42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EC30855A-5677-4C22-9E5D-3D96244AA370}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe | 
"{ECF14DFA-AB32-4C16-8794-B0F443EC829C}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\day of defeat source\hl2.exe | 
"{F24E673E-745F-493A-B03A-882E7D687327}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\ys origin demo\config_dm.exe | 
"{FA88E811-95A0-4F24-B7E2-16DE0B5909F2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FE3CEE63-C314-488E-B4F1-ADF9FCC69FF8}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe | 
"TCP Query User{00228CAF-DD6A-4E9E-9539-6DB7D4B728BF}H:\eigene dateien und dokumente\musik2\329893018 noi\age of empires\empiresx.exe" = protocol=6 | dir=in | app=h:\eigene dateien und dokumente\musik2\329893018 noi\age of empires\empiresx.exe | 
"TCP Query User{2CFE6554-4699-49AD-849C-B33BECC3A2CF}H:\wolfenstein\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=h:\wolfenstein\wolfenstein - enemy territory\et.exe | 
"TCP Query User{5028697E-5440-4153-BB5E-8EB2CF669F6E}G:\program files (x86)\icq7.6\icq.exe" = protocol=6 | dir=in | app=g:\program files (x86)\icq7.6\icq.exe | 
"TCP Query User{5134B4D3-EF21-4943-8395-48573674AB2F}H:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=h:\guild wars 2\gw2.exe | 
"TCP Query User{5E1256FB-C772-433F-89B7-81D57A96CE7F}\\kireille-pc\users\public\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=\\kireille-pc\users\public\guild wars 2\gw2.exe | 
"TCP Query User{791AEE5A-210A-4DF0-87FA-430EDAA2D325}G:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=g:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{810D0D22-E804-4C7F-9F39-DD5EEEC5C376}G:\program files (x86)\steam\steamapps\flyuruba\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\counter-strike source\hl2.exe | 
"TCP Query User{82A09523-46A8-49B7-BB2F-134893F99688}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{8AE05F2D-E9EB-4810-BF28-AAC56BF9CE01}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{ACB2FD59-2883-4B13-83C4-C09317408C67}G:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | 
"TCP Query User{B08DE2DE-CDF7-4AEB-AE7B-39199AD5F325}H:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=h:\guild wars 2\gw2.exe | 
"TCP Query User{F1D02CE3-4382-47F4-A981-289434D040E6}G:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=g:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{2C282A50-26BD-49DD-9AAF-44D3CED64A87}G:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | 
"UDP Query User{414500A2-B060-4489-BB87-47CCE544D3DC}G:\program files (x86)\icq7.6\icq.exe" = protocol=17 | dir=in | app=g:\program files (x86)\icq7.6\icq.exe | 
"UDP Query User{515BBFDB-46FB-42C5-99B5-3980457B7E9E}H:\eigene dateien und dokumente\musik2\329893018 noi\age of empires\empiresx.exe" = protocol=17 | dir=in | app=h:\eigene dateien und dokumente\musik2\329893018 noi\age of empires\empiresx.exe | 
"UDP Query User{6ACE9762-1D27-48BC-975A-20EB6841869E}\\kireille-pc\users\public\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=\\kireille-pc\users\public\guild wars 2\gw2.exe | 
"UDP Query User{90B5B4A3-56C0-4C4E-B5FA-23E4A6C1C9D1}G:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=g:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{95E48F59-F362-458E-83DB-0A3866DC0950}G:\program files (x86)\steam\steamapps\flyuruba\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\counter-strike source\hl2.exe | 
"UDP Query User{A6DB34D0-7A63-430C-885D-8879A0F44D33}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{B40A5742-8F4B-4283-ADFD-CE7B00FD171B}G:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=g:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{BB1F5677-0A77-4E9C-BF57-6D2E22099204}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{C6AEF75E-47FF-40F8-8C5F-2FDA743F59B6}H:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=h:\guild wars 2\gw2.exe | 
"UDP Query User{D4292C91-1494-4CAA-9999-0769B601BEDB}H:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=h:\guild wars 2\gw2.exe | 
"UDP Query User{D5DDDEC9-0B0A-4253-B9EE-59B7CCF463B1}H:\wolfenstein\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=h:\wolfenstein\wolfenstein - enemy territory\et.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E206106-BD80-4D56-8F74-FE43AA1C7160}" = Nitro PDF Reader 2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Hunted: The Demon's Forge_is1" = Hunted: The Demon's Forge Version 1.0
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Messenger Plus!" = Messenger Plus! 5
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Steam App 730" = Counter-Strike: Global Offensive
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3104402843-366347764-2233831258-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3104402843-366347764-2233831258-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.04.2013 06:46:19 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10
Description = 
 
 
< End of report >

cosinus · 15.04.2013, 12:25

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Nordeisregen · 15.04.2013, 13:53

Ich habe den Scan gestartet. Logfiles von Malware Bytes poste ich in meinem nächsten Beitrag. Wie gesagt wurde, habe ich außerdem meine Externe Festplatte angeschlossen, die mir allerdings - zurecht - im Voraus nicht geheuer war und nicht mehr verwende, da ich sie - trotz abgesicherten Modus - bei einem Kumpel mal anschließen musste. Natürliche hatte ich die automatische Wiedergabe deaktiviert (sowohl bei ihm als auch bei mir) (Win7). Im Voraus habe ich nämlich eine Partition gescannt, wobei 2 Bedrohungen gefunden wurden (u.a. Win32/Obfuscator.xz ). Nun habe ich Angst (!), dass diese auf mein eigentliches System gelangen können / gelangt sind? Zudem kann es sein, dass diese Externe aus früherer Zeit noch illegale Software von meinem Cousin enthält, der ich ja, wie man an meinem aktuellen und eigentlichen System sieht, den Rücken gekehrt habe bzw teilweise auch nie verwendet habe. Aber ich traue mich nicht, sie zu entfernen, weil sie ja dann im Papierkorb meines jetzigen Rechners landen würde?! Bis später... :/

Mbam

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.15.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Meruu :: MERUU-PC [Administrator]

15.04.2013 13:38:29
mbam-log-2013-04-15 (13-38-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227831
Laufzeit: 1 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Eset Online Scanner

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e27c198170b8cc4eaafbd2dcbb6f08c3
# engine=13621
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-15 03:57:48
# local_time=2013-04-15 05:57:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 17793123 117671318 0 0
# scanned=692630
# found=3
# cleaned=0
# scan_time=10804
sh=04B479DF5327F7E6E26E72651A1802F4A1B740E8 ft=1 fh=7f14f3cf6ac2c65c vn="a variant of Win32/Adware.CiDHelp application" ac=I fn="K:\MsgPlusLive-450.exe"
sh=87ED9C564E93E926617DB47C5682A5A917C93494 ft=1 fh=890a948163f0c46f vn="probably a variant of Win32/Agent.EIFOW trojan" ac=I fn="K:\diffpatcher\crc32.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Virut.NBP virus" ac=I fn="K:\Games 2\Fallout 3\fallout3d.iso"

In MSE wurde auch noch ein Adware:Win32/WhenU und der oben genannte Obfuscator auf K gefunden.

Wie ich vermutet habe, ist die Externe verseucht. Was ich bei Fallout 3 z.B. gar nicht verstehen kann, weil ich die Originale GOTY Edition hier zu Hause habe! Könnte man mir vllt eine Anleitung geben bzw mir helfen, die Externe komplett zu formatieren oder die Daten zu löschen? Ich hab keine Ahnung, wie das geht und außerdem möchte ich auch nicht meinen Rechner gefährden! Sind diese Viecher irgendwie auf meinen Rechner gelangt? --_-- Hab die Platte seit ich den Rechner habe nicht benutzt.

cosinus · 15.04.2013, 20:05

Zitat:

"K:\MsgPlusLive-450.exe"

Was genau soll das sein, Quelle?

Zitat:

"K:\diffpatcher\crc32.exe"
"K:\Games 2\Fallout 3\fallout3d.iso"

Original sieht das nicht gerade aus...

Nordeisregen · 15.04.2013, 20:19

Öhm, das Erste "müsste" eigentlich MSN Plus sein, das war damals so eine Zusatzsoftware für msn bzw Windows Live... Herausgeber war glaube ich YunaSoftware oder so(?). Ansonsten sagt mir das auch nichts.

Der diffpatcher diente einst dazu, die Hexcodes von Clients von Privatservern von Ragnarok Online zu verändern, z.B. statt einen limitierten Zoom unlimited Zoom einzuschalten.

Ich weiß nur, dass mir mein Cousin mal solche Programme vor Jahren auf die Platte gezogen hatte, aber angerührt habe ich davon auch seit eben dieser Zeit nichts mehr bzw diese .exe-Sachen gelöscht, da ich mich darüber informiert hatte und mein Scanner die Dateien damals schon meldete. Kann sein, dass damals auch etwas von F3 dabei war - habe in meinem Installationsordner nachgesehen, eine solche Datei ist da nicht dabei. Ist ja auch der Grund, warum ich die Platte gerne bereinigen würde, weil ich sie in dem Zustand eh nicht verwenden möchte.

cosinus · 15.04.2013, 20:34

Dann lösch am besten diese gefundenen EXE-Dateien und auch die ISO-Datei von Fallout.

Nordeisregen · 15.04.2013, 20:39

Kann ich das einfach so bedenkenlos löschen, also in meinen Papierkorb verschieben bzw ist es dann sozusagen "weg?"

15.04.2013, 20:34	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Firefox öffnet "e.ligatus..." automatisch Dann lösch am besten diese gefundenen EXE-Dateien und auch die ISO-Datei von Fallout. __________________ Logfiles bitte immer in CODE-Tags posten

Firefox öffnet "e.ligatus..." automatisch

Plagegeister aller Art und deren Bekämpfung: Firefox öffnet "e.ligatus..." automatisch