Virenalarm Win32:ZAccess-PB [Trj]

katerliebe · 06.05.2013, 15:40

Hallo ihr fleißigen Helfer

ich glaube meine Frage ist fast schon unsinnig, aber da ich die totale Comuter-Laiin bin und Virenalam bei mit Alarm auslöst frage ich mal drauf los:

Vor ein paar Tagen hat mein Virenprogramm mir einen Virus gemeldet, den ich erst in Quatantäne gesteckt habe und als das immer wieder angezeigt wurde habe ich ihn einfach gelöscht.
Seit dem zeigt er mir alle paar Minuten diesen Virenalarm an (immer den gleichen) :

Virus: Win32:ZAccess-PB [Trj] (Engine B)

Es wurde versucht, auf eine infizierte
Datei zuzugreifen.

Datei: 80000064.@
Verzeichnis: C:\$Recycle.Bin\S-1-5-18\$c3700ad339c084f049efb8ac8a0ccc07\U

Als ich den Virus/die Datei noch nicht gelöscht hatte, sondern ihn nur in Quatantäne gesteckt hatte ist beim Abspielen eines Filmes via iTunes der Film immer wieder abgebrochen / angehalten worden.... ob das irgendwas damit zu tun hat weiß ich allerdings nicht!!!

Meine Frage: Kann ich bei dem Viranalarm einfach "Keine weiteren Virenmeldungen anzeigen" ankreuzen und gut ist???

Danke schon mal : )

cosinus · 06.05.2013, 16:07

Hallo und

Leider schlechte Nachrichten!

Zitat:

Virus: Win32:ZAccess-PB [Trj] (Engine B)

Datei: 80000064.@
Verzeichnis: C:\$Recycle.Bin\S-1-5-18\$c3700ad339c084f049efb8ac8a0ccc07\U

Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?

Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.
Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.
Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, da sie sich praktisch "jeder" ansehen konnte.

Teile mir also mit, wie du dich entschieden hast.

katerliebe · 06.05.2013, 16:34

Das ist ja jetzt blöd....

Also wäre eine Bereinigung von meinem PC sicherlich sinnvoll! Können hierbei alle Daten auf dem PC verbleiben oder müssen die gesichert werden??

Zum Glück mache ich kein Onlinebanking oder ähnliches und habe auch keine wahnsinnig sensiblen Daten auf dem PC - auch wenn sie natürlich nciht für "jedermanns" Augen sind...

wie gehts denn jetzt weiter??

cosinus · 06.05.2013, 20:25

Hast du den Lesestoff nicht komplett gelesen?

Ich hab dich darauf hingewiesen, dass du einen gefährlichen Schädling hast und nun warte ich auf deine Entscheidung ob Reinigung oder Neuinstallation.

katerliebe · 06.05.2013, 20:29

Entschuldige,
ich dachte aus der Nachrich hätte sich ergeben, dass ich erst mal eine Reinigung versuchen möchte...

cosinus · 06.05.2013, 21:15

Ok, dann also Reinigung

Zitat:

Können hierbei alle Daten auf dem PC verbleiben oder müssen die gesichert werden??

Machst du nie regelmäßig Backups auf externe Datenträger?
Wenn du mal versehentlich was löschst, die Platte kaputtgeht oder ein Verschlüsselungstrojaner dir alle persönlichen Dateien zerwürfelt ist das Geschrei groß!

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

katerliebe · 06.05.2013, 21:59

ui, danke schon mal für die schnelle Antwort

so, hier die beiden Logfiles:
ein mal "OTL":

Code:

ATTFilter

OTL logfile created on: 5/6/2013 10:24:06 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Neuer Ordner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.80 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 56.12% Memory free
7.60 Gb Paging File | 5.51 Gb Available in Paging File | 72.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463.76 Gb Total Space | 306.63 Gb Free Space | 66.12% Space Free | Partition Type: NTFS
 
Computer Name: VERENAMEHLAU-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Neuer Ordner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
PRC - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
PRC - C:\Program Files (x86)\Join Air\AssistantServices.exe ()
PRC - C:\Program Files (x86)\Join Air\UIExec.exe ()
PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\38202799f64730665455dede7755f384\DeskUpdateNotifier.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\199e1121526944a4d9dc77e5867fc774\log4net.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Join Air\UIExec.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (lxea_device) -- C:\Windows\SysNative\lxeacoms.exe ( )
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\Join Air\AssistantServices.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (GdNetMon) -- C:\Windows\SysNative\drivers\GdNetMon64.sys (G Data Software AG)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (fwlanusb4) -- C:\Windows\SysNative\drivers\fwlanusb4.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C2FD1307-8F50-4E3B-BD89-73470BF6DE42}
IE:64bit: - HKLM\..\SearchScopes\{C2FD1307-8F50-4E3B-BD89-73470BF6DE42}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {C2FD1307-8F50-4E3B-BD89-73470BF6DE42}
IE - HKLM\..\SearchScopes\{C2FD1307-8F50-4E3B-BD89-73470BF6DE42}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3194291295-3981683188-1723279298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
IE - HKU\S-1-5-21-3194291295-3981683188-1723279298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKU\S-1-5-21-3194291295-3981683188-1723279298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-3194291295-3981683188-1723279298-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3194291295-3981683188-1723279298-1000\..\SearchScopes,DefaultScope = {C2FD1307-8F50-4E3B-BD89-73470BF6DE42}
IE - HKU\S-1-5-21-3194291295-3981683188-1723279298-1000\..\SearchScopes\{C4B47E53-8AF1-4AA7-AE30-6DE84E1C5812}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3194291295-3981683188-1723279298-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3194291295-3981683188-1723279298-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.forestle.org/"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 18:43:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/12 18:43:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 18:43:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/12 18:43:28 | 000,000,000 | ---D | M]
 
[2011/12/24 20:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013/03/28 10:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vqjnddj2.default\extensions
[2013/02/08 12:00:28 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vqjnddj2.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012/12/12 09:35:37 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vqjnddj2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/03/28 10:08:12 | 000,001,050 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vqjnddj2.default\searchplugins\11-suche.xml
[2011/12/15 12:25:52 | 000,000,931 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vqjnddj2.default\searchplugins\conduit.xml
[2013/03/28 10:08:12 | 000,002,418 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vqjnddj2.default\searchplugins\englische-ergebnisse.xml
[2013/03/28 10:08:12 | 000,010,701 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vqjnddj2.default\searchplugins\gmx-suche.xml
[2013/03/28 10:08:12 | 000,002,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vqjnddj2.default\searchplugins\lastminute.xml
[2013/03/28 10:08:12 | 000,005,682 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vqjnddj2.default\searchplugins\webde-suche.xml
[2013/04/12 18:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/04/12 18:43:27 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2013/04/12 18:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2013/04/12 18:43:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/12 18:43:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/04/12 18:43:32 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/25 20:06:28 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/02/15 22:52:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/30 16:03:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/15 22:52:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/15 22:52:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/15 22:52:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/15 22:52:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3194291295-3981683188-1723279298-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3194291295-3981683188-1723279298-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3194291295-3981683188-1723279298-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26A2D137-149C-47A9-87B3-85A7AFB5749C}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F541A6D-7E10-4F23-B4FA-409407FEBF64}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE09B4D2-353D-404B-ACA1-FA94F5875F23}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a8400dde-af1d-11e1-8c3b-5c9ad85ab8bd}\Shell - "" = AutoRun
O33 - MountPoints2\{a8400dde-af1d-11e1-8c3b-5c9ad85ab8bd}\Shell\AutoRun\command - "" = D:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/06 15:41:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2013/05/06 14:31:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Neuer Ordner\Desktop\OTL.exe
[2013/04/18 15:59:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9CEB0A3C-8E76-41DA-B16D-5E90FFF80B5D}
[2013/04/12 18:43:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/12 06:33:50 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013/04/10 20:37:46 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/10 20:37:46 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/10 20:37:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/04/10 20:37:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/04/10 20:37:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/04/10 20:37:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/04/10 20:37:44 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/10 20:37:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/04/10 20:37:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/04/10 20:37:44 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/04/10 20:37:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/10 20:37:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/04/10 20:37:42 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/10 20:37:42 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/10 20:37:41 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/10 13:50:37 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/10 13:50:37 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/10 13:50:36 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/04/10 13:50:35 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/04/10 13:50:35 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/04/10 13:50:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/04/10 13:50:29 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 13:50:28 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 13:50:28 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 13:50:28 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 13:50:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 13:50:28 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/04/09 21:01:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F1E26482-29F2-476E-B25D-1EBC4AD98B1F}
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/06 21:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/06 15:48:46 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/06 15:48:46 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/06 15:41:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/06 15:41:00 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/06 14:52:53 | 000,377,856 | ---- | M] () -- C:\Users\***\Neuer Ordner\Desktop\gmer_2.1.19163.exe
[2013/05/06 14:31:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Neuer Ordner\Desktop\OTL.exe
[2013/05/06 14:30:24 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013/05/06 14:27:45 | 000,050,477 | ---- | M] () -- C:\Users\***\Neuer Ordner\Desktop\Defogger.exe
[2013/05/06 12:42:59 | 001,064,505 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013/05/06 12:42:59 | 000,054,689 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013/05/04 23:47:17 | 000,196,608 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/04/28 20:06:42 | 000,111,502 | ---- | M] () -- C:\Users\***\abb_01.jpg
[2013/04/28 19:29:42 | 000,036,339 | ---- | M] () -- C:\Users\***\Examen2.jpg
[2013/04/28 19:29:27 | 000,036,339 | ---- | M] () -- C:\Users\***\Examen.jpg
[2013/04/22 20:08:56 | 000,088,473 | ---- | M] () -- C:\Users\***\Kinder.jpg
[2013/04/22 20:04:10 | 000,017,470 | ---- | M] () -- C:\Users\***\index.jpg
[2013/04/22 16:45:35 | 000,012,261 | ---- | M] () -- C:\Users\***\af34c005-16be-48fb-bd7e-95951e73ad7a width=640.jpg
[2013/04/21 18:24:28 | 000,019,654 | ---- | M] () -- C:\Users\***\12113086cq.gif
[2013/04/21 15:30:25 | 002,497,420 | ---- | M] () -- C:\Users\***\Oberkörper.png
[2013/04/16 19:18:39 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/16 19:18:39 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/04/16 19:18:39 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/16 19:18:39 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/04/16 19:18:39 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/12 22:37:44 | 010,403,482 | ---- | M] () -- C:\Users\***\08 Watch Out For This (Bumaye) [feat.m4a
[2013/04/12 22:37:28 | 000,056,780 | -HS- | M] () -- C:\Users\***\Neuer Ordner\Desktop\Folder.jpg
[2013/04/12 22:37:28 | 000,056,780 | -HS- | M] () -- C:\Users\***\Neuer Ordner\Desktop\AlbumArt_{9311B56B-07EA-44BC-868F-8A03EABC5B28}_Large.jpg
[2013/04/12 22:37:28 | 000,010,523 | -HS- | M] () -- C:\Users\***\Neuer Ordner\Desktop\AlbumArtSmall.jpg
[2013/04/12 22:37:28 | 000,010,523 | -HS- | M] () -- C:\Users\***\Neuer Ordner\Desktop\AlbumArt_{9311B56B-07EA-44BC-868F-8A03EABC5B28}_Small.jpg
[2013/04/12 22:37:24 | 000,033,782 | -HS- | M] () -- C:\Users\***\Neuer Ordner\Desktop\AlbumArt_{62FD1326-4C70-4700-B8FA-F663417AA99F}_Large.jpg
[2013/04/12 22:37:24 | 000,005,775 | -HS- | M] () -- C:\Users\***\Neuer Ordner\Desktop\AlbumArt_{62FD1326-4C70-4700-B8FA-F663417AA99F}_Small.jpg
[2013/04/12 06:33:50 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013/04/11 08:06:25 | 000,369,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/09 17:39:18 | 000,197,627 | ---- | M] () -- C:\Users\***\Neuer Ordner\Desktop\Auswahl_0374.jpg
[2013/04/09 17:34:26 | 000,198,424 | ---- | M] () -- C:\Users\***\Neuer Ordner\Desktop\Auswahl_0368.jpg
 
========== Files Created - No Company Name ==========
 
[2013/05/06 14:52:52 | 000,377,856 | ---- | C] () -- C:\Users\***\Neuer Ordner\Desktop\gmer_2.1.19163.exe
[2013/05/06 14:30:24 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013/05/06 14:27:44 | 000,050,477 | ---- | C] () -- C:\Users\***\Neuer Ordner\Desktop\Defogger.exe
[2013/04/28 20:06:41 | 000,111,502 | ---- | C] () -- C:\Users\***\abb_01.jpg
[2013/04/28 19:29:41 | 000,036,339 | ---- | C] () -- C:\Users\***\Examen2.jpg
[2013/04/28 19:25:38 | 000,036,339 | ---- | C] () -- C:\Users\***\Examen.jpg
[2013/04/22 20:08:56 | 000,088,473 | ---- | C] () -- C:\Users\***\Kinder.jpg
[2013/04/22 20:04:09 | 000,017,470 | ---- | C] () -- C:\Users\***\index.jpg
[2013/04/22 16:45:34 | 000,012,261 | ---- | C] () -- C:\Users\***\af34c005-16be-48fb-bd7e-95951e73ad7a width=640.jpg
[2013/04/21 18:24:27 | 000,019,654 | ---- | C] () -- C:\Users\***\12113086cq.gif
[2013/04/21 15:29:24 | 002,497,420 | ---- | C] () -- C:\Users\***\Oberkörper.png
[2013/04/12 22:37:28 | 000,056,780 | -HS- | C] () -- C:\Users\***\Neuer Ordner\Desktop\AlbumArt_{9311B56B-07EA-44BC-868F-8A03EABC5B28}_Large.jpg
[2013/04/12 22:37:28 | 000,010,523 | -HS- | C] () -- C:\Users\***\Neuer Ordner\Desktop\AlbumArt_{9311B56B-07EA-44BC-868F-8A03EABC5B28}_Small.jpg
[2013/04/12 22:37:24 | 000,033,782 | -HS- | C] () -- C:\Users\***\Neuer Ordner\Desktop\AlbumArt_{62FD1326-4C70-4700-B8FA-F663417AA99F}_Large.jpg
[2013/04/12 22:37:24 | 000,005,775 | -HS- | C] () -- C:\Users\***\Neuer Ordner\Desktop\AlbumArt_{62FD1326-4C70-4700-B8FA-F663417AA99F}_Small.jpg
[2013/04/12 22:37:06 | 000,056,780 | -HS- | C] () -- C:\Users\***\Neuer Ordner\Desktop\Folder.jpg
[2013/04/12 22:37:06 | 000,010,523 | -HS- | C] () -- C:\Users\***\Neuer Ordner\Desktop\AlbumArtSmall.jpg
[2013/04/12 06:35:33 | 010,403,482 | ---- | C] () -- C:\Users\***\08 Watch Out For This (Bumaye) [feat.m4a
[2013/04/12 06:35:25 | 008,344,918 | ---- | C] () -- C:\Users\***\03 Thrift Shop (feat. Wanz).m4a
[2013/04/09 21:05:39 | 000,198,424 | ---- | C] () -- C:\Users\***\Neuer Ordner\Desktop\Auswahl_0368.jpg
[2013/04/09 21:05:39 | 000,197,627 | ---- | C] () -- C:\Users\***\Neuer Ordner\Desktop\Auswahl_0374.jpg
[2013/03/10 00:29:43 | 000,019,805 | ---- | C] () -- C:\Users\***\47454.jpg
[2013/01/25 08:00:19 | 000,076,495 | ---- | C] () -- C:\Users\***\streichelzoo.jpg
[2012/12/26 10:30:29 | 000,002,064 | ---- | C] () -- C:\Users\***\images.jpg
[2012/12/26 09:59:14 | 000,012,856 | ---- | C] () -- C:\Users\***\index1.jpg
[2012/12/26 09:58:26 | 000,007,616 | ---- | C] () -- C:\Users\***\images2.jpg
[2012/12/16 15:10:16 | 000,031,920 | ---- | C] () -- C:\Users\***\3_advent_gb_bilder.jpg
[2012/12/05 10:08:40 | 000,012,735 | ---- | C] () -- C:\Users\***\myheartaramedic4sm.jpg
[2012/11/30 23:07:18 | 000,945,917 | ---- | C] () -- C:\Users\***\Unbenannt2.png
[2012/11/30 23:04:44 | 000,889,841 | ---- | C] () -- C:\Users\***\Unbenannt.png
[2012/11/28 20:49:21 | 000,091,288 | ---- | C] () -- C:\Users\***\designall2.dll
[2012/11/28 20:45:55 | 000,068,303 | ---- | C] () -- C:\Users\***\designall.dll.jpg
[2012/11/28 20:43:02 | 000,040,371 | ---- | C] () -- C:\Users\***\sanitater_ehefrau_hemd-r3d4f46d8d1b04b90844f414596c15d7b_804gs_512.jpg
[2012/03/21 18:28:03 | 001,770,089 | ---- | C] () -- C:\Users\***\62 Pearl Harbor Soundtrack.mp3
[2011/12/24 20:44:54 | 001,064,505 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2011/11/15 21:48:54 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/11/15 21:48:54 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/11/15 21:48:54 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/11/15 21:48:53 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/11/15 21:48:52 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013/05/06 15:41:51 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013/05/06 15:41:51 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3194291295-3981683188-1723279298-1000\$c3700ad339c084f049efb8ac8a0ccc07\n. -- File not found
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$c3700ad339c084f049efb8ac8a0ccc07\n -- File not found
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2012/12/14 15:36:40 | 000,149,340 | ---- | M] ()(C:\Users\***\my?belongs.jpg) -- C:\Users\***\my♥belongs.jpg
[2012/12/14 15:36:39 | 000,149,340 | ---- | C] ()(C:\Users\***\my?belongs.jpg) -- C:\Users\***\my♥belongs.jpg
[2012/11/28 20:50:16 | 000,091,288 | ---- | M] ()(C:\Users\***\my?.jpg) -- C:\Users\***\my♥.jpg
[2012/11/28 20:50:16 | 000,091,288 | ---- | C] ()(C:\Users\***\my?.jpg) -- C:\Users\***\my♥.jpg

< End of report >

und das ist "Extras":

Code:

ATTFilter

OTL Extras logfile created on: 5/6/2013 10:24:06 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Neuer Ordner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.80 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 56.12% Memory free
7.60 Gb Paging File | 5.51 Gb Available in Paging File | 72.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463.76 Gb Total Space | 306.63 Gb Free Space | 66.12% Space Free | Partition Type: NTFS
 
Computer Name: VERENAMEHLAU-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3194291295-3981683188-1723279298-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A7096369-9332-466C-8357-08770CDCE277}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{AD09CC9A-6901-4921-B66D-9402FF32EF27}_is1" = PDF-XChange Lite 2012
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F76D4E7F-4AC6-48DC-9ABB-E9769DD24977}" = Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1AD8819A-70E8-4380-92DA-F5B2421DAE35}" = G Data AntiVirus 2012
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVMWLANCLI" = AVM FRITZ!WLAN
"DeskUpdate_is1" = DeskUpdate 4.12
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Rettungswagen Simulator 2012" = Rettungswagen Simulator 2012
"TIPP10_is1" = TIPP10 Version 2.1.0
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/20/2013 2:49:21 PM | Computer Name = VerenaMehlau-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/21/2013 1:56:17 AM | Computer Name = VerenaMehlau-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/21/2013 5:02:00 AM | Computer Name = VerenaMehlau-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/21/2013 1:24:02 PM | Computer Name = VerenaMehlau-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/22/2013 12:52:57 AM | Computer Name = VerenaMehlau-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/22/2013 2:02:27 PM | Computer Name = VerenaMehlau-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/22/2013 11:27:24 PM | Computer Name = VerenaMehlau-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/22/2013 11:27:24 PM | Computer Name = VerenaMehlau-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21616263
 
Error - 3/22/2013 11:27:24 PM | Computer Name = VerenaMehlau-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21616263
 
Error - 3/23/2013 12:23:55 PM | Computer Name = VerenaMehlau-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 4/23/2013 12:58:16 PM | Computer Name = VerenaMehlau-PC | Source = MCUpdate | ID = 0
Description = 18:58:15 - Fehler beim Herstellen der Internetverbindung.  18:58:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 4/23/2013 12:58:26 PM | Computer Name = VerenaMehlau-PC | Source = MCUpdate | ID = 0
Description = 18:58:21 - Fehler beim Herstellen der Internetverbindung.  18:58:21 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 4/23/2013 1:58:31 PM | Computer Name = VerenaMehlau-PC | Source = MCUpdate | ID = 0
Description = 19:58:31 - Fehler beim Herstellen der Internetverbindung.  19:58:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 4/23/2013 1:58:37 PM | Computer Name = VerenaMehlau-PC | Source = MCUpdate | ID = 0
Description = 19:58:36 - Fehler beim Herstellen der Internetverbindung.  19:58:36 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 4/23/2013 2:58:42 PM | Computer Name = VerenaMehlau-PC | Source = MCUpdate | ID = 0
Description = 20:58:42 - Fehler beim Herstellen der Internetverbindung.  20:58:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 4/23/2013 2:58:48 PM | Computer Name = VerenaMehlau-PC | Source = MCUpdate | ID = 0
Description = 20:58:47 - Fehler beim Herstellen der Internetverbindung.  20:58:47 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 5/6/2013 3:28:15 AM | Computer Name = VerenaMehlau-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 5/6/2013 3:28:54 AM | Computer Name = VerenaMehlau-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 5/6/2013 6:37:10 AM | Computer Name = VerenaMehlau-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 5/6/2013 6:37:15 AM | Computer Name = VerenaMehlau-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 5/6/2013 6:37:15 AM | Computer Name = VerenaMehlau-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 5/6/2013 6:37:41 AM | Computer Name = VerenaMehlau-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 5/6/2013 9:41:24 AM | Computer Name = VerenaMehlau-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 5/6/2013 9:41:27 AM | Computer Name = VerenaMehlau-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 5/6/2013 9:41:28 AM | Computer Name = VerenaMehlau-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 5/6/2013 9:42:00 AM | Computer Name = VerenaMehlau-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
 
< End of report >

schönen Abend noch!

cosinus · 07.05.2013, 10:11

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

katerliebe · 07.05.2013, 12:15

Code:

ATTFilter

ComboFix 13-05-07.01 - *** 07.05.2013  12:49:21.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3893.2672 [GMT 2:00]
ausgeführt von:: c:\users\***\Neuer Ordner\Desktop\ComboFix.exe
AV: G Data AntiVirus 2013 *Enabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: G Data AntiVirus 2013 *Enabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$c3700ad339c084f049efb8ac8a0ccc07\@
c:\$recycle.bin\S-1-5-18\$c3700ad339c084f049efb8ac8a0ccc07\n
c:\$recycle.bin\S-1-5-21-3194291295-3981683188-1723279298-1000\$c3700ad339c084f049efb8ac8a0ccc07\n
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-07 bis 2013-05-07  ))))))))))))))))))))))))))))))
.
.
2013-05-01 09:32 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{435E6218-3C92-4FD2-9531-12659D20AAD1}\mpengine.dll
2013-04-25 11:42 . 2013-04-25 11:42	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-04-25 11:42 . 2013-04-25 11:42	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-04-24 04:42 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-12 04:33 . 2013-04-12 04:33	16504	----a-w-	c:\windows\system32\drivers\GdPhyMem.sys
2013-04-10 11:50 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 18:39 . 2011-12-16 08:37	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-04 14:41 . 2013-04-04 14:41	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-04-04 14:41 . 2013-04-04 14:41	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-04-04 14:41 . 2013-04-04 14:41	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-04-02 15:08 . 2011-12-16 15:26	62368	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2013-04-02 15:08 . 2011-12-16 15:26	64416	----a-w-	c:\windows\system32\drivers\HookCentre.sys
2013-04-02 15:07 . 2011-12-16 15:26	54176	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2013-04-02 15:07 . 2011-12-16 15:26	126880	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2013-04-02 15:07 . 2011-12-16 15:26	65008	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2013-03-29 21:36 . 2013-03-29 21:36	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-29 21:36 . 2013-03-29 21:36	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 21:36 . 2013-03-29 21:36	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-29 21:36 . 2013-03-29 21:36	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-29 21:36 . 2013-03-29 21:36	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-29 21:36 . 2013-03-29 21:36	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-29 21:36 . 2013-03-29 21:36	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 21:36 . 2013-03-29 21:36	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 21:36 . 2013-03-29 21:36	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-29 21:36 . 2013-03-29 21:36	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-29 21:36 . 2013-03-29 21:36	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-29 21:36 . 2013-03-29 21:36	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-29 21:36 . 2013-03-29 21:36	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-29 21:36 . 2013-03-29 21:36	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-29 21:36 . 2013-03-29 21:36	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-29 21:36 . 2013-03-29 21:36	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-29 21:36 . 2013-03-29 21:36	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-29 21:36 . 2013-03-29 21:36	441856	----a-w-	c:\windows\system32\html.iec
2013-03-29 21:36 . 2013-03-29 21:36	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-29 21:36 . 2013-03-29 21:36	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-29 21:36 . 2013-03-29 21:36	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-29 21:36 . 2013-03-29 21:36	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-29 21:36 . 2013-03-29 21:36	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-29 21:36 . 2013-03-29 21:36	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-29 21:36 . 2013-03-29 21:36	235008	----a-w-	c:\windows\system32\url.dll
2013-03-29 21:36 . 2013-03-29 21:36	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-29 21:36 . 2013-03-29 21:36	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-29 21:36 . 2013-03-29 21:36	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-29 21:36 . 2013-03-29 21:36	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-29 21:36 . 2013-03-29 21:36	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-29 21:36 . 2013-03-29 21:36	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-29 21:36 . 2013-03-29 21:36	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-29 21:36 . 2013-03-29 21:36	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-29 21:36 . 2013-03-29 21:36	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-29 21:36 . 2013-03-29 21:36	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-29 21:36 . 2013-03-29 21:36	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-29 21:36 . 2013-03-29 21:36	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-29 21:36 . 2013-03-29 21:36	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-29 21:36 . 2013-03-29 21:36	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-29 21:36 . 2013-03-29 21:36	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-29 21:36 . 2013-03-29 21:36	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-29 21:36 . 2013-03-29 21:36	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-29 21:36 . 2013-03-29 21:36	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-29 21:36 . 2013-03-29 21:36	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-29 21:36 . 2013-03-29 21:36	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-29 21:36 . 2013-03-29 21:36	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-29 21:36 . 2013-03-29 21:36	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 21:36 . 2013-03-29 21:36	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 21:36 . 2013-03-29 21:36	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-23 19:28 . 2013-03-23 19:28	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-23 19:28 . 2012-08-03 06:58	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-03-23 19:28 . 2011-12-16 10:29	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-12 18:45 . 2012-04-11 07:41	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 18:45 . 2011-12-16 10:23	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-11 23:10 . 2010-11-21 03:27	282744	------w-	c:\windows\system32\MpSigStub.exe
2013-02-25 18:06 . 2013-03-23 17:14	91200	----a-w-	c:\windows\system32\pxcpm5L.dll
2013-02-12 05:45 . 2013-03-13 13:05	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 13:05	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 13:05	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 13:05	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 13:05	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 13:05	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 20:34	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49	176936	----a-w-	c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-08 36712]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"DeskUpdateNotifier"="c:\fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe" [2011-11-10 100120]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe" [2013-01-09 1035216]
"UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2009-08-31 132608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-03 14120]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 fwlanusb4;FRITZ!WLAN N/G;c:\windows\system32\DRIVERS\fwlanusb4.sys [2010-10-03 1293824]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys [2011-12-16 31608]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2013-04-02 62368]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-22 12800]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2013-04-02 54176]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2013-04-02 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2013-04-02 65008]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-07-18 106648]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2013-04-02 64416]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-11-29 1548312]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\AntiVirus\AVK\AVKService.exe [2012-11-29 469016]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2012-11-29 2012592]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-14 1052328]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe [2009-08-31 241664]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-01 2314240]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 7296]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-11-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 244736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-12 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-12 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-12 410136]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vqjnddj2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://de.forestle.org/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3194291295-3981683188-1723279298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-3194291295-3981683188-1723279298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-3194291295-3981683188-1723279298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3194291295-3981683188-1723279298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\S-1-5-21-3194291295-3981683188-1723279298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-3194291295-3981683188-1723279298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-3194291295-3981683188-1723279298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-3194291295-3981683188-1723279298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-3194291295-3981683188-1723279298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\S-1-5-21-3194291295-3981683188-1723279298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-3194291295-3981683188-1723279298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-3194291295-3981683188-1723279298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3194291295-3981683188-1723279298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-07  13:05:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-07 11:05
.
Vor Suchlauf: 10 Verzeichnis(se), 334.129.299.456 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 335.169.777.664 Bytes frei
.
- - End Of File - - 4DE36784A0AEF6E861138293A8D8BB13

nach dem Neustart habe ich zwar die Fehlermeldung erhalten, aber das Problem hatte sich dann nach dem erneuten Start erledigt!

cosinus · 07.05.2013, 13:23

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

katerliebe · 07.05.2013, 14:42

so hier nun einmal die Logfile von Scam mit Gmer

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-07 14:58:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GS00 465,76GB
Running: lgdqvcfc.exe; Driver: C:\Users\***~1\AppData\Local\Temp\kgtyyuob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 896                                                                             fffff80002fa2150 88 bytes [2A, 8A, CC, 03, 3F, 2A, 1D, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076fc1465 2 bytes [FC, 76]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076fc14bb 2 bytes [FC, 76]
.text     ...                                                                                                                                            * 2

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca9459158f                                                                    
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca9459158f@0021abc9aaf6                                                       0x05 0xD1 0x43 0xCB ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca9459158f@88c663f38343                                                       0x72 0xD8 0x8C 0x38 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca9459158f@cc051b889af6                                                       0xFE 0x85 0x08 0xB7 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca9459158f (not active ControlSet)                                                
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca9459158f@0021abc9aaf6                                                           0x05 0xD1 0x43 0xCB ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca9459158f@88c663f38343                                                           0x72 0xD8 0x8C 0x38 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca9459158f@cc051b889af6                                                           0xFE 0x85 0x08 0xB7 ...

---- EOF - GMER 2.1 ----

und hier die beiden vom MBAR

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.03.22.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
*** :: ***-PC [administrator]

07.05.2013 15:17:09
mbar-log-2013-05-07 (15-17-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30219
Time elapsed: 10 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\windows\assembly\gac_32\desktop.ini (Rootkit.0access) -> Delete on reboot.
c:\windows\assembly\gac_64\desktop.ini (Rootkit.0access) -> Delete on reboot.

(end)

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.03.22.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Verena Mehlau :: VERENAMEHLAU-PC [administrator]

07.05.2013 15:34:06
mbar-log-2013-05-07 (15-34-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30183
Time elapsed: 9 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus · 07.05.2013, 15:19

Zitat:

Database version: v2013.03.22.01

Warum wurde MBAR nicht aktualisiert vor dem Scan? Steht das nicht in der Anleitung?

katerliebe · 07.05.2013, 15:42

da hab ich hier doch glatt noch eine Logfile gefunden ;-) hier bleibt ja nix unerkannt^^

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.07.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
*** :: ***-PC [administrator]

07.05.2013 16:38:18
mbar-log-2013-05-07 (16-38-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30243
Time elapsed: 8 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus · 07.05.2013, 15:51

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

katerliebe · 07.05.2013, 16:18

Beim Ausführen von AVAST bekomme ich mitten im Scan eine Meldung, dass es auf Grund eines Problems nicht richtig ausgeführt werden kann...

das ist ide Logfile mit der Einstellung (none) bei AV Scan

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-07 17:18:59
-----------------------------
17:18:59.477    OS Version: Windows x64 6.1.7601 Service Pack 1
17:18:59.477    Number of processors: 2 586 0x2505
17:18:59.478    ComputerName: ***-PC  UserName: ***
17:19:00.795    Initialize success
17:19:14.983    AVAST engine defs: 13050700
17:19:20.414    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:19:20.418    Disk 0 Vendor: TOSHIBA_ GS00 Size: 476940MB BusType: 3
17:19:20.590    Disk 0 MBR read successfully
17:19:20.594    Disk 0 MBR scan
17:19:20.602    Disk 0 Windows 7 default MBR code
17:19:20.615    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         2049 MB offset 2048
17:19:20.633    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       474889 MB offset 4198400
17:19:20.859    Disk 0 scanning C:\Windows\system32\drivers
17:19:35.548    Service scanning
17:20:13.953    Modules scanning
17:20:13.961    Disk 0 trace - called modules:
17:20:14.013    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
17:20:14.018    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004afe700]
17:20:14.025    3 CLASSPNP.SYS[fffff88000e0143f] -> nt!IofCallDriver -> [0xfffffa800499be40]
17:20:14.031    5 ACPI.sys[fffff880011887a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049a0050]
17:20:14.037    Scan finished successfully
17:21:44.064    Disk 0 MBR has been saved successfully to "C:\Users\***\Neuer Ordner\Desktop\MBR.dat"
17:21:44.076    The log file has been saved successfully to "C:\Users\***\Neuer Ordner\Desktop\aswMBR.txt"

hier die Logfile vom TDSS-Killer

Code:

ATTFilter

17:26:15.0161 4424  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:26:16.0558 4424  ============================================================
17:26:16.0558 4424  Current date / time: 2013/05/07 17:26:16.0558
17:26:16.0558 4424  SystemInfo:
17:26:16.0559 4424  
17:26:16.0559 4424  OS Version: 6.1.7601 ServicePack: 1.0
17:26:16.0559 4424  Product type: Workstation
17:26:16.0559 4424  ComputerName: ***PC
17:26:16.0559 4424  UserName: ***
17:26:16.0559 4424  Windows directory: C:\Windows
17:26:16.0559 4424  System windows directory: C:\Windows
17:26:16.0559 4424  Running under WOW64
17:26:16.0559 4424  Processor architecture: Intel x64
17:26:16.0559 4424  Number of processors: 2
17:26:16.0559 4424  Page size: 0x1000
17:26:16.0559 4424  Boot type: Normal boot
17:26:16.0559 4424  ============================================================
17:26:17.0157 4424  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:26:17.0162 4424  ============================================================
17:26:17.0162 4424  \Device\Harddisk0\DR0:
17:26:17.0162 4424  MBR partitions:
17:26:17.0162 4424  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x401000, BlocksNum 0x39F84830
17:26:17.0162 4424  ============================================================
17:26:17.0192 4424  C: <-> \Device\Harddisk0\DR0\Partition1
17:26:17.0192 4424  ============================================================
17:26:17.0192 4424  Initialize success
17:26:17.0192 4424  ============================================================
17:27:10.0380 4488  ============================================================
17:27:10.0380 4488  Scan started
17:27:10.0380 4488  Mode: Manual; SigCheck; TDLFS; 
17:27:10.0380 4488  ============================================================
17:27:10.0646 4488  ================ Scan system memory ========================
17:27:10.0646 4488  System memory - ok
17:27:10.0646 4488  ================ Scan services =============================
17:27:10.0848 4488  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:27:10.0973 4488  1394ohci - ok
17:27:11.0036 4488  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:27:11.0067 4488  ACPI - ok
17:27:11.0082 4488  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:27:11.0129 4488  AcpiPmi - ok
17:27:11.0238 4488  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:27:11.0254 4488  AdobeARMservice - ok
17:27:11.0441 4488  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:27:11.0457 4488  AdobeFlashPlayerUpdateSvc - ok
17:27:11.0535 4488  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:27:11.0566 4488  adp94xx - ok
17:27:11.0613 4488  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:27:11.0644 4488  adpahci - ok
17:27:11.0660 4488  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:27:11.0675 4488  adpu320 - ok
17:27:11.0706 4488  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:27:11.0800 4488  AeLookupSvc - ok
17:27:11.0847 4488  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:27:11.0909 4488  AFD - ok
17:27:11.0940 4488  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:27:11.0956 4488  agp440 - ok
17:27:11.0987 4488  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:27:12.0034 4488  ALG - ok
17:27:12.0065 4488  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:27:12.0081 4488  aliide - ok
17:27:12.0112 4488  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:27:12.0128 4488  amdide - ok
17:27:12.0159 4488  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:27:12.0190 4488  AmdK8 - ok
17:27:12.0206 4488  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:27:12.0252 4488  AmdPPM - ok
17:27:12.0284 4488  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:27:12.0299 4488  amdsata - ok
17:27:12.0330 4488  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:27:12.0362 4488  amdsbs - ok
17:27:12.0362 4488  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:27:12.0393 4488  amdxata - ok
17:27:12.0424 4488  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:27:12.0533 4488  AppID - ok
17:27:12.0564 4488  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:27:12.0627 4488  AppIDSvc - ok
17:27:12.0674 4488  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:27:12.0752 4488  Appinfo - ok
17:27:12.0830 4488  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:27:12.0845 4488  Apple Mobile Device - ok
17:27:12.0923 4488  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
17:27:12.0954 4488  arc - ok
17:27:12.0986 4488  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:27:13.0001 4488  arcsas - ok
17:27:13.0095 4488  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:27:13.0126 4488  aspnet_state - ok
17:27:13.0157 4488  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:27:13.0235 4488  AsyncMac - ok
17:27:13.0266 4488  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:27:13.0282 4488  atapi - ok
17:27:13.0360 4488  [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
17:27:13.0422 4488  athr - ok
17:27:13.0454 4488  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:27:13.0533 4488  AudioEndpointBuilder - ok
17:27:13.0548 4488  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:27:13.0595 4488  AudioSrv - ok
17:27:13.0704 4488  [ A1ADE0E06E057E3E7C3C931413AD9665 ] AVKProxy        C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
17:27:13.0751 4488  AVKProxy - ok
17:27:13.0829 4488  [ 68F93849B4197243E8454E704B063F9B ] AVKService      C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
17:27:13.0860 4488  AVKService - ok
17:27:13.0907 4488  [ B278D782732166A55AB270406E89F7A0 ] AVKWCtl         C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
17:27:13.0969 4488  AVKWCtl - ok
17:27:14.0032 4488  [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
17:27:14.0079 4488  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
17:27:14.0079 4488  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
17:27:14.0094 4488  [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject        C:\Windows\system32\drivers\avmeject.sys
17:27:14.0125 4488  avmeject - ok
17:27:14.0172 4488  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:27:14.0203 4488  AxInstSV - ok
17:27:14.0235 4488  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:27:14.0266 4488  b06bdrv - ok
17:27:14.0313 4488  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:27:14.0375 4488  b57nd60a - ok
17:27:14.0469 4488  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
17:27:14.0515 4488  BBSvc - ok
17:27:14.0562 4488  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
17:27:14.0593 4488  BBUpdate - ok
17:27:14.0625 4488  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:27:14.0656 4488  BDESVC - ok
17:27:14.0687 4488  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:27:14.0749 4488  Beep - ok
17:27:14.0796 4488  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:27:14.0874 4488  BFE - ok
17:27:14.0937 4488  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:27:15.0030 4488  BITS - ok
17:27:15.0061 4488  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:27:15.0124 4488  blbdrive - ok
17:27:15.0186 4488  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:27:15.0233 4488  Bonjour Service - ok
17:27:15.0264 4488  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:27:15.0295 4488  bowser - ok
17:27:15.0327 4488  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:27:15.0373 4488  BrFiltLo - ok
17:27:15.0389 4488  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:27:15.0420 4488  BrFiltUp - ok
17:27:15.0451 4488  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
17:27:15.0529 4488  BridgeMP - ok
17:27:15.0576 4488  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:27:15.0623 4488  Browser - ok
17:27:15.0654 4488  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:27:15.0701 4488  Brserid - ok
17:27:15.0732 4488  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:27:15.0748 4488  BrSerWdm - ok
17:27:15.0779 4488  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:27:15.0810 4488  BrUsbMdm - ok
17:27:15.0826 4488  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:27:15.0841 4488  BrUsbSer - ok
17:27:15.0888 4488  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
17:27:15.0935 4488  BthEnum - ok
17:27:15.0982 4488  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:27:15.0997 4488  BTHMODEM - ok
17:27:16.0029 4488  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:27:16.0075 4488  BthPan - ok
17:27:16.0122 4488  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
17:27:16.0185 4488  BTHPORT - ok
17:27:16.0216 4488  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:27:16.0263 4488  bthserv - ok
17:27:16.0278 4488  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
17:27:16.0309 4488  BTHUSB - ok
17:27:16.0341 4488  catchme - ok
17:27:16.0372 4488  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:27:16.0434 4488  cdfs - ok
17:27:16.0465 4488  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:27:16.0497 4488  cdrom - ok
17:27:16.0528 4488  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:27:16.0606 4488  CertPropSvc - ok
17:27:16.0637 4488  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
17:27:16.0684 4488  circlass - ok
17:27:16.0715 4488  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:27:16.0746 4488  CLFS - ok
17:27:16.0809 4488  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:27:16.0824 4488  clr_optimization_v2.0.50727_32 - ok
17:27:16.0871 4488  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:27:16.0887 4488  clr_optimization_v2.0.50727_64 - ok
17:27:16.0949 4488  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:27:16.0980 4488  clr_optimization_v4.0.30319_32 - ok
17:27:16.0996 4488  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:27:17.0011 4488  clr_optimization_v4.0.30319_64 - ok
17:27:17.0043 4488  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:27:17.0089 4488  CmBatt - ok
17:27:17.0105 4488  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:27:17.0121 4488  cmdide - ok
17:27:17.0167 4488  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:27:17.0214 4488  CNG - ok
17:27:17.0261 4488  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:27:17.0277 4488  Compbatt - ok
17:27:17.0308 4488  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:27:17.0355 4488  CompositeBus - ok
17:27:17.0370 4488  COMSysApp - ok
17:27:17.0386 4488  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:27:17.0401 4488  crcdisk - ok
17:27:17.0448 4488  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:27:17.0479 4488  CryptSvc - ok
17:27:17.0511 4488  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:27:17.0604 4488  DcomLaunch - ok
17:27:17.0635 4488  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:27:17.0682 4488  defragsvc - ok
17:27:17.0729 4488  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:27:17.0807 4488  DfsC - ok
17:27:17.0854 4488  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:27:17.0901 4488  Dhcp - ok
17:27:17.0932 4488  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:27:18.0025 4488  discache - ok
17:27:18.0041 4488  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
17:27:18.0057 4488  Disk - ok
17:27:18.0103 4488  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:27:18.0150 4488  Dnscache - ok
17:27:18.0181 4488  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:27:18.0228 4488  dot3svc - ok
17:27:18.0244 4488  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:27:18.0306 4488  DPS - ok
17:27:18.0337 4488  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:27:18.0400 4488  drmkaud - ok
17:27:18.0431 4488  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:27:18.0478 4488  DXGKrnl - ok
17:27:18.0509 4488  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:27:18.0603 4488  EapHost - ok
17:27:18.0696 4488  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:27:18.0774 4488  ebdrv - ok
17:27:18.0805 4488  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:27:18.0821 4488  EFS - ok
17:27:18.0899 4488  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:27:18.0946 4488  ehRecvr - ok
17:27:18.0961 4488  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:27:19.0008 4488  ehSched - ok
17:27:19.0039 4488  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:27:19.0071 4488  elxstor - ok
17:27:19.0102 4488  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:27:19.0117 4488  ErrDev - ok
17:27:19.0164 4488  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:27:19.0258 4488  EventSystem - ok
17:27:19.0289 4488  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:27:19.0336 4488  exfat - ok
17:27:19.0367 4488  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:27:19.0414 4488  fastfat - ok
17:27:19.0476 4488  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:27:19.0523 4488  Fax - ok
17:27:19.0523 4488  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
17:27:19.0570 4488  fdc - ok
17:27:19.0601 4488  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:27:19.0663 4488  fdPHost - ok
17:27:19.0679 4488  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:27:19.0726 4488  FDResPub - ok
17:27:19.0757 4488  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:27:19.0788 4488  FileInfo - ok
17:27:19.0804 4488  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:27:19.0882 4488  Filetrace - ok
17:27:19.0897 4488  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:27:19.0929 4488  flpydisk - ok
17:27:19.0944 4488  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:27:19.0960 4488  FltMgr - ok
17:27:20.0022 4488  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
17:27:20.0085 4488  FontCache - ok
17:27:20.0131 4488  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:27:20.0147 4488  FontCache3.0.0.0 - ok
17:27:20.0194 4488  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:27:20.0209 4488  FsDepends - ok
17:27:20.0241 4488  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:27:20.0241 4488  Fs_Rec - ok
17:27:20.0272 4488  [ BA0C1FFDA496D8BCBCAC63F8D98D20E3 ] FUJ02B1         C:\Windows\system32\DRIVERS\FUJ02B1.sys
17:27:20.0303 4488  FUJ02B1 - ok
17:27:20.0319 4488  [ 7135030CBF87D724B6037BB023923730 ] FUJ02E3         C:\Windows\system32\DRIVERS\FUJ02E3.sys
17:27:20.0350 4488  FUJ02E3 - ok
17:27:20.0381 4488  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:27:20.0412 4488  fvevol - ok
17:27:20.0475 4488  [ 4632BB93B668004965246D7911E2DD05 ] fwlanusb4       C:\Windows\system32\DRIVERS\fwlanusb4.sys
17:27:20.0537 4488  fwlanusb4 - ok
17:27:20.0568 4488  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:27:20.0584 4488  gagp30kx - ok
17:27:20.0631 4488  [ DEC2DEB0025548EE434C2DBA68B771BC ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
17:27:20.0646 4488  GDBehave - ok
17:27:20.0662 4488  [ C91D9D7338AD7E6D0CC707828E90203F ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
17:27:20.0677 4488  GDMnIcpt - ok
17:27:20.0709 4488  [ D826B9C59DE0B310C9E560763560D8F9 ] GdNetMon        C:\Windows\system32\drivers\GdNetMon64.sys
17:27:20.0724 4488  GdNetMon - ok
17:27:20.0740 4488  [ B6F4C60CF97E823F2874FF9FEF4CC89B ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
17:27:20.0755 4488  GDPkIcpt - ok
17:27:20.0833 4488  [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan          C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
17:27:20.0865 4488  GDScan - ok
17:27:20.0896 4488  [ 080B1C7B27BD44877DA04F6EC3D16CF3 ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd64.sys
17:27:20.0911 4488  gdwfpcd - ok
17:27:20.0943 4488  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:27:20.0958 4488  GEARAspiWDM - ok
17:27:20.0989 4488  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:27:21.0052 4488  gpsvc - ok
17:27:21.0114 4488  [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD             C:\Windows\system32\drivers\GRD.sys
17:27:21.0130 4488  GRD - ok
17:27:21.0161 4488  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:27:21.0208 4488  hcw85cir - ok
17:27:21.0239 4488  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:27:21.0286 4488  HdAudAddService - ok
17:27:21.0317 4488  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:27:21.0348 4488  HDAudBus - ok
17:27:21.0395 4488  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
17:27:21.0411 4488  HECIx64 - ok
17:27:21.0442 4488  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:27:21.0457 4488  HidBatt - ok
17:27:21.0489 4488  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:27:21.0520 4488  HidBth - ok
17:27:21.0551 4488  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:27:21.0567 4488  HidIr - ok
17:27:21.0582 4488  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
17:27:21.0645 4488  hidserv - ok
17:27:21.0660 4488  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:27:21.0676 4488  HidUsb - ok
17:27:21.0691 4488  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:27:21.0754 4488  hkmsvc - ok
17:27:21.0785 4488  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:27:21.0832 4488  HomeGroupListener - ok
17:27:21.0847 4488  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:27:21.0879 4488  HomeGroupProvider - ok
17:27:21.0894 4488  [ 907C238D9F85BE868817740C0FD8D315 ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
17:27:21.0910 4488  HookCentre - ok
17:27:21.0941 4488  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:27:21.0957 4488  HpSAMD - ok
17:27:21.0972 4488  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:27:22.0050 4488  HTTP - ok
17:27:22.0050 4488  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:27:22.0066 4488  hwpolicy - ok
17:27:22.0128 4488  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:27:22.0144 4488  i8042prt - ok
17:27:22.0191 4488  [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor          C:\Windows\system32\drivers\iaStor.sys
17:27:22.0206 4488  iaStor - ok
17:27:22.0253 4488  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:27:22.0269 4488  iaStorV - ok
17:27:22.0331 4488  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:27:22.0378 4488  idsvc - ok
17:27:22.0581 4488  [ 8E509DE232CFA4F8A5B34F01802F500E ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:27:22.0861 4488  igfx - ok
17:27:22.0893 4488  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:27:22.0908 4488  iirsp - ok
17:27:22.0971 4488  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:27:23.0049 4488  IKEEXT - ok
17:27:23.0080 4488  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
17:27:23.0127 4488  Impcd - ok
17:27:23.0220 4488  [ 42943BB3AB7A405B30EFF7C8283CC129 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:27:23.0283 4488  IntcAzAudAddService - ok
17:27:23.0329 4488  [ D248AAE81C156C0D47A77CD61BC24CD4 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
17:27:23.0361 4488  IntcDAud - ok
17:27:23.0376 4488  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:27:23.0392 4488  intelide - ok
17:27:23.0423 4488  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:27:23.0454 4488  intelppm - ok
17:27:23.0485 4488  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:27:23.0548 4488  IPBusEnum - ok
17:27:23.0579 4488  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:27:23.0626 4488  IpFilterDriver - ok
17:27:23.0673 4488  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:27:23.0719 4488  iphlpsvc - ok
17:27:23.0751 4488  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:27:23.0782 4488  IPMIDRV - ok
17:27:23.0813 4488  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:27:23.0875 4488  IPNAT - ok
17:27:23.0922 4488  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:27:23.0953 4488  iPod Service - ok
17:27:23.0985 4488  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:27:24.0016 4488  IRENUM - ok
17:27:24.0031 4488  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:27:24.0031 4488  isapnp - ok
17:27:24.0063 4488  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:27:24.0078 4488  iScsiPrt - ok
17:27:24.0109 4488  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:27:24.0109 4488  kbdclass - ok
17:27:24.0141 4488  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:27:24.0172 4488  kbdhid - ok
17:27:24.0187 4488  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:27:24.0203 4488  KeyIso - ok
17:27:24.0234 4488  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:27:24.0265 4488  KSecDD - ok
17:27:24.0281 4488  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:27:24.0297 4488  KSecPkg - ok
17:27:24.0328 4488  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:27:24.0421 4488  ksthunk - ok
17:27:24.0468 4488  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:27:24.0531 4488  KtmRm - ok
17:27:24.0577 4488  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
17:27:24.0655 4488  LanmanServer - ok
17:27:24.0671 4488  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:27:24.0733 4488  LanmanWorkstation - ok
17:27:24.0765 4488  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:27:24.0843 4488  lltdio - ok
17:27:24.0889 4488  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:27:24.0983 4488  lltdsvc - ok
17:27:25.0014 4488  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:27:25.0077 4488  lmhosts - ok
17:27:25.0155 4488  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:27:25.0186 4488  LMS ( UnsignedFile.Multi.Generic ) - warning
17:27:25.0186 4488  LMS - detected UnsignedFile.Multi.Generic (1)
17:27:25.0217 4488  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:27:25.0248 4488  LSI_FC - ok
17:27:25.0279 4488  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:27:25.0295 4488  LSI_SAS - ok
17:27:25.0311 4488  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:27:25.0326 4488  LSI_SAS2 - ok
17:27:25.0326 4488  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:27:25.0342 4488  LSI_SCSI - ok
17:27:25.0373 4488  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:27:25.0420 4488  luafv - ok
17:27:25.0435 4488  lxea_device - ok
17:27:25.0467 4488  [ FAA4F845D478F4CEDF95981AFF859712 ] massfilter      C:\Windows\system32\drivers\massfilter.sys
17:27:25.0482 4488  massfilter - ok
17:27:25.0498 4488  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:27:25.0529 4488  Mcx2Svc - ok
17:27:25.0545 4488  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:27:25.0560 4488  megasas - ok
17:27:25.0591 4488  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:27:25.0623 4488  MegaSR - ok
17:27:25.0638 4488  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:27:25.0701 4488  MMCSS - ok
17:27:25.0732 4488  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:27:25.0794 4488  Modem - ok
17:27:25.0810 4488  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:27:25.0841 4488  monitor - ok
17:27:25.0872 4488  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:27:25.0888 4488  mouclass - ok
17:27:25.0903 4488  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:27:25.0935 4488  mouhid - ok
17:27:25.0966 4488  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:27:25.0981 4488  mountmgr - ok
17:27:26.0028 4488  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:27:26.0044 4488  MozillaMaintenance - ok
17:27:26.0075 4488  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:27:26.0091 4488  mpio - ok
17:27:26.0122 4488  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:27:26.0169 4488  mpsdrv - ok
17:27:26.0231 4488  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:27:26.0309 4488  MpsSvc - ok
17:27:26.0340 4488  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:27:26.0371 4488  MRxDAV - ok
17:27:26.0387 4488  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:27:26.0418 4488  mrxsmb - ok
17:27:26.0434 4488  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:27:26.0465 4488  mrxsmb10 - ok
17:27:26.0481 4488  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:27:26.0512 4488  mrxsmb20 - ok
17:27:26.0543 4488  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:27:26.0543 4488  msahci - ok
17:27:26.0574 4488  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:27:26.0590 4488  msdsm - ok
17:27:26.0605 4488  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:27:26.0652 4488  MSDTC - ok
17:27:26.0668 4488  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:27:26.0730 4488  Msfs - ok
17:27:26.0746 4488  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:27:26.0808 4488  mshidkmdf - ok
17:27:26.0824 4488  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:27:26.0839 4488  msisadrv - ok
17:27:26.0871 4488  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:27:26.0917 4488  MSiSCSI - ok
17:27:26.0933 4488  msiserver - ok
17:27:26.0964 4488  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:27:27.0011 4488  MSKSSRV - ok
17:27:27.0027 4488  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:27:27.0058 4488  MSPCLOCK - ok
17:27:27.0089 4488  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:27:27.0136 4488  MSPQM - ok
17:27:27.0151 4488  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:27:27.0183 4488  MsRPC - ok
17:27:27.0198 4488  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:27:27.0198 4488  mssmbios - ok
17:27:27.0245 4488  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:27:27.0307 4488  MSTEE - ok
17:27:27.0307 4488  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:27:27.0354 4488  MTConfig - ok
17:27:27.0370 4488  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:27:27.0385 4488  Mup - ok
17:27:27.0401 4488  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:27:27.0479 4488  napagent - ok
17:27:27.0526 4488  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:27:27.0588 4488  NativeWifiP - ok
17:27:27.0651 4488  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:27:27.0682 4488  NDIS - ok
17:27:27.0713 4488  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:27:27.0807 4488  NdisCap - ok
17:27:27.0838 4488  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:27:27.0900 4488  NdisTapi - ok
17:27:27.0916 4488  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:27:27.0963 4488  Ndisuio - ok
17:27:27.0978 4488  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:27:28.0041 4488  NdisWan - ok
17:27:28.0056 4488  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:27:28.0103 4488  NDProxy - ok
17:27:28.0134 4488  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:27:28.0181 4488  NetBIOS - ok
17:27:28.0197 4488  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:27:28.0243 4488  NetBT - ok
17:27:28.0275 4488  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:27:28.0275 4488  Netlogon - ok
17:27:28.0321 4488  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:27:28.0399 4488  Netman - ok
17:27:28.0446 4488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:27:28.0462 4488  NetMsmqActivator - ok
17:27:28.0493 4488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:27:28.0493 4488  NetPipeActivator - ok
17:27:28.0524 4488  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:27:28.0587 4488  netprofm - ok
17:27:28.0649 4488  [ F3A1D8B7317939813568992D1BFDDE37 ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
17:27:28.0696 4488  netr7364 - ok
17:27:28.0711 4488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:27:28.0727 4488  NetTcpActivator - ok
17:27:28.0727 4488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:27:28.0743 4488  NetTcpPortSharing - ok
17:27:28.0774 4488  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:27:28.0789 4488  nfrd960 - ok
17:27:28.0821 4488  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:27:28.0836 4488  NlaSvc - ok
17:27:28.0867 4488  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:27:28.0899 4488  Npfs - ok
17:27:28.0945 4488  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:27:28.0977 4488  nsi - ok
17:27:28.0992 4488  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:27:29.0039 4488  nsiproxy - ok
17:27:29.0101 4488  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:27:29.0164 4488  Ntfs - ok
17:27:29.0195 4488  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:27:29.0242 4488  Null - ok
17:27:29.0273 4488  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:27:29.0289 4488  nvraid - ok
17:27:29.0304 4488  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:27:29.0320 4488  nvstor - ok
17:27:29.0351 4488  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:27:29.0367 4488  nv_agp - ok
17:27:29.0382 4488  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:27:29.0413 4488  ohci1394 - ok
17:27:29.0491 4488  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:27:29.0507 4488  ose - ok
17:27:29.0679 4488  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:27:29.0819 4488  osppsvc - ok
17:27:29.0850 4488  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:27:29.0881 4488  p2pimsvc - ok
17:27:29.0913 4488  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:27:29.0944 4488  p2psvc - ok
17:27:29.0959 4488  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
17:27:30.0006 4488  Parport - ok
17:27:30.0053 4488  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:27:30.0053 4488  partmgr - ok
17:27:30.0084 4488  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:27:30.0115 4488  PcaSvc - ok
17:27:30.0147 4488  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:27:30.0178 4488  pci - ok
17:27:30.0178 4488  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:27:30.0193 4488  pciide - ok
17:27:30.0225 4488  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:27:30.0240 4488  pcmcia - ok
17:27:30.0256 4488  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:27:30.0271 4488  pcw - ok
17:27:30.0287 4488  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:27:30.0365 4488  PEAUTH - ok
17:27:30.0427 4488  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:27:30.0474 4488  PerfHost - ok
17:27:30.0552 4488  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:27:30.0630 4488  pla - ok
17:27:30.0677 4488  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:27:30.0724 4488  PlugPlay - ok
17:27:30.0755 4488  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:27:30.0786 4488  PNRPAutoReg - ok
17:27:30.0802 4488  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:27:30.0817 4488  PNRPsvc - ok
17:27:30.0849 4488  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:27:30.0911 4488  PolicyAgent - ok
17:27:30.0942 4488  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:27:31.0036 4488  Power - ok
17:27:31.0067 4488  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:27:31.0114 4488  PptpMiniport - ok
17:27:31.0145 4488  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
17:27:31.0161 4488  Processor - ok
17:27:31.0192 4488  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:27:31.0223 4488  ProfSvc - ok
17:27:31.0239 4488  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:27:31.0254 4488  ProtectedStorage - ok
17:27:31.0270 4488  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:27:31.0317 4488  Psched - ok
17:27:31.0395 4488  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:27:31.0441 4488  ql2300 - ok
17:27:31.0457 4488  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:27:31.0473 4488  ql40xx - ok
17:27:31.0519 4488  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:27:31.0535 4488  QWAVE - ok
17:27:31.0566 4488  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:27:31.0582 4488  QWAVEdrv - ok
17:27:31.0613 4488  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:27:31.0644 4488  RasAcd - ok
17:27:31.0675 4488  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:27:31.0738 4488  RasAgileVpn - ok
17:27:31.0753 4488  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:27:31.0800 4488  RasAuto - ok
17:27:31.0816 4488  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:27:31.0863 4488  Rasl2tp - ok
17:27:31.0909 4488  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:27:31.0972 4488  RasMan - ok
17:27:31.0987 4488  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:27:32.0034 4488  RasPppoe - ok
17:27:32.0081 4488  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:27:32.0159 4488  RasSstp - ok
17:27:32.0175 4488  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:27:32.0237 4488  rdbss - ok
17:27:32.0253 4488  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
17:27:32.0299 4488  rdpbus - ok
17:27:32.0331 4488  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:27:32.0409 4488  RDPCDD - ok
17:27:32.0440 4488  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:27:32.0487 4488  RDPENCDD - ok
17:27:32.0518 4488  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:27:32.0565 4488  RDPREFMP - ok
17:27:32.0596 4488  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:27:32.0643 4488  RDPWD - ok
17:27:32.0658 4488  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:27:32.0674 4488  rdyboost - ok
17:27:32.0705 4488  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:27:32.0767 4488  RemoteAccess - ok
17:27:32.0783 4488  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:27:32.0845 4488  RemoteRegistry - ok
17:27:32.0892 4488  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:27:32.0939 4488  RFCOMM - ok
17:27:32.0986 4488  [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:27:33.0017 4488  RichVideo ( UnsignedFile.Multi.Generic ) - warning
17:27:33.0017 4488  RichVideo - detected UnsignedFile.Multi.Generic (1)
17:27:33.0048 4488  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:27:33.0111 4488  RpcEptMapper - ok
17:27:33.0142 4488  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:27:33.0189 4488  RpcLocator - ok
17:27:33.0220 4488  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:27:33.0267 4488  RpcSs - ok
17:27:33.0298 4488  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:27:33.0345 4488  rspndr - ok
17:27:33.0391 4488  [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
17:27:33.0438 4488  RSUSBSTOR - ok
17:27:33.0469 4488  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:27:33.0485 4488  RTL8167 - ok
17:27:33.0501 4488  RtsUIR - ok
17:27:33.0516 4488  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:27:33.0532 4488  SamSs - ok
17:27:33.0547 4488  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:27:33.0563 4488  sbp2port - ok
17:27:33.0594 4488  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:27:33.0672 4488  SCardSvr - ok
17:27:33.0688 4488  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:27:33.0735 4488  scfilter - ok
17:27:33.0766 4488  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:27:33.0844 4488  Schedule - ok
17:27:33.0859 4488  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:27:33.0906 4488  SCPolicySvc - ok
17:27:33.0922 4488  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:27:33.0937 4488  SDRSVC - ok
17:27:33.0969 4488  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:27:34.0047 4488  secdrv - ok
17:27:34.0062 4488  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:27:34.0109 4488  seclogon - ok
17:27:34.0140 4488  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
17:27:34.0187 4488  SENS - ok
17:27:34.0218 4488  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:27:34.0249 4488  SensrSvc - ok
17:27:34.0281 4488  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:27:34.0312 4488  Serenum - ok
17:27:34.0343 4488  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
17:27:34.0374 4488  Serial - ok
17:27:34.0405 4488  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:27:34.0437 4488  sermouse - ok
17:27:34.0452 4488  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:27:34.0515 4488  SessionEnv - ok
17:27:34.0530 4488  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:27:34.0546 4488  sffdisk - ok
17:27:34.0577 4488  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:27:34.0593 4488  sffp_mmc - ok
17:27:34.0608 4488  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:27:34.0624 4488  sffp_sd - ok
17:27:34.0655 4488  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:27:34.0671 4488  sfloppy - ok
17:27:34.0733 4488  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:27:34.0827 4488  SharedAccess - ok
17:27:34.0858 4488  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:27:34.0920 4488  ShellHWDetection - ok
17:27:34.0951 4488  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:27:34.0967 4488  SiSRaid2 - ok
17:27:34.0983 4488  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:27:34.0998 4488  SiSRaid4 - ok
17:27:35.0045 4488  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:27:35.0139 4488  Smb - ok
17:27:35.0185 4488  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:27:35.0201 4488  SNMPTRAP - ok
17:27:35.0232 4488  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:27:35.0248 4488  spldr - ok
17:27:35.0279 4488  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:27:35.0310 4488  Spooler - ok
17:27:35.0435 4488  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:27:35.0529 4488  sppsvc - ok
17:27:35.0544 4488  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:27:35.0591 4488  sppuinotify - ok
17:27:35.0622 4488  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:27:35.0653 4488  srv - ok
17:27:35.0669 4488  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:27:35.0700 4488  srv2 - ok
17:27:35.0716 4488  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:27:35.0747 4488  srvnet - ok
17:27:35.0794 4488  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:27:35.0872 4488  SSDPSRV - ok
17:27:35.0887 4488  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:27:35.0934 4488  SstpSvc - ok
17:27:35.0950 4488  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:27:35.0965 4488  stexstor - ok
17:27:35.0997 4488  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:27:36.0028 4488  stisvc - ok
17:27:36.0043 4488  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:27:36.0059 4488  swenum - ok
17:27:36.0090 4488  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:27:36.0153 4488  swprv - ok
17:27:36.0168 4488  [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:27:36.0184 4488  SynTP - ok
17:27:36.0262 4488  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:27:36.0324 4488  SysMain - ok
17:27:36.0355 4488  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:27:36.0371 4488  TabletInputService - ok
17:27:36.0387 4488  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:27:36.0449 4488  TapiSrv - ok
17:27:36.0465 4488  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:27:36.0511 4488  TBS - ok
17:27:36.0558 4488  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:27:36.0605 4488  Tcpip - ok
17:27:36.0636 4488  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:27:36.0683 4488  TCPIP6 - ok
17:27:36.0714 4488  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:27:36.0745 4488  tcpipreg - ok
17:27:36.0761 4488  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:27:36.0808 4488  TDPIPE - ok
17:27:36.0839 4488  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:27:36.0886 4488  TDTCP - ok
17:27:36.0917 4488  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:27:36.0964 4488  tdx - ok
17:27:36.0995 4488  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:27:37.0011 4488  TermDD - ok
17:27:37.0042 4488  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:27:37.0104 4488  TermService - ok
17:27:37.0120 4488  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:27:37.0167 4488  Themes - ok
17:27:37.0198 4488  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:27:37.0245 4488  THREADORDER - ok
17:27:37.0276 4488  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
17:27:37.0307 4488  TPM - ok
17:27:37.0338 4488  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:27:37.0401 4488  TrkWks - ok
17:27:37.0447 4488  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:27:37.0541 4488  TrustedInstaller - ok
17:27:37.0557 4488  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:27:37.0619 4488  tssecsrv - ok
17:27:37.0635 4488  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:27:37.0650 4488  TsUsbFlt - ok
17:27:37.0666 4488  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:27:37.0681 4488  TsUsbGD - ok
17:27:37.0697 4488  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:27:37.0759 4488  tunnel - ok
17:27:37.0775 4488  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:27:37.0775 4488  uagp35 - ok
17:27:37.0806 4488  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:27:37.0884 4488  udfs - ok
17:27:37.0931 4488  [ A447361E6156AFEF47A42AE9E89B2BB3 ] UI Assistant Service C:\Program Files (x86)\Join Air\AssistantServices.exe
17:27:37.0962 4488  UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning
17:27:37.0962 4488  UI Assistant Service - detected UnsignedFile.Multi.Generic (1)
17:27:37.0993 4488  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:27:38.0025 4488  UI0Detect - ok
17:27:38.0056 4488  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:27:38.0056 4488  uliagpkx - ok
17:27:38.0087 4488  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:27:38.0118 4488  umbus - ok
17:27:38.0118 4488  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:27:38.0149 4488  UmPass - ok
17:27:38.0259 4488  [ 41118D920B2B268C0ADC36421248CDCF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:27:38.0337 4488  UNS ( UnsignedFile.Multi.Generic ) - warning
17:27:38.0337 4488  UNS - detected UnsignedFile.Multi.Generic (1)
17:27:38.0368 4488  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:27:38.0430 4488  upnphost - ok
17:27:38.0446 4488  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
17:27:38.0461 4488  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
17:27:38.0461 4488  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
17:27:38.0493 4488  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:27:38.0524 4488  usbccgp - ok
17:27:38.0524 4488  USBCCID - ok
17:27:38.0555 4488  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:27:38.0586 4488  usbcir - ok
17:27:38.0586 4488  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:27:38.0633 4488  usbehci - ok
17:27:38.0680 4488  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:27:38.0711 4488  usbhub - ok
17:27:38.0711 4488  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:27:38.0727 4488  usbohci - ok
17:27:38.0758 4488  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:27:38.0789 4488  usbprint - ok
17:27:38.0805 4488  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:27:38.0836 4488  usbscan - ok
17:27:38.0867 4488  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:27:38.0898 4488  USBSTOR - ok
17:27:38.0914 4488  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:27:38.0945 4488  usbuhci - ok
17:27:38.0992 4488  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:27:39.0023 4488  usbvideo - ok
17:27:39.0039 4488  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:27:39.0101 4488  UxSms - ok
17:27:39.0117 4488  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:27:39.0117 4488  VaultSvc - ok
17:27:39.0163 4488  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:27:39.0163 4488  vdrvroot - ok
17:27:39.0195 4488  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:27:39.0241 4488  vds - ok
17:27:39.0273 4488  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:27:39.0288 4488  vga - ok
17:27:39.0304 4488  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:27:39.0366 4488  VgaSave - ok
17:27:39.0397 4488  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:27:39.0429 4488  vhdmp - ok
17:27:39.0444 4488  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:27:39.0460 4488  viaide - ok
17:27:39.0475 4488  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:27:39.0475 4488  volmgr - ok
17:27:39.0507 4488  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:27:39.0522 4488  volmgrx - ok
17:27:39.0538 4488  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:27:39.0553 4488  volsnap - ok
17:27:39.0585 4488  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:27:39.0600 4488  vsmraid - ok
17:27:39.0647 4488  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:27:39.0725 4488  VSS - ok
17:27:39.0741 4488  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:27:39.0772 4488  vwifibus - ok
17:27:39.0787 4488  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:27:39.0819 4488  vwififlt - ok
17:27:39.0850 4488  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:27:39.0865 4488  vwifimp - ok
17:27:39.0897 4488  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:27:39.0975 4488  W32Time - ok
17:27:40.0006 4488  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:27:40.0037 4488  WacomPen - ok
17:27:40.0068 4488  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:27:40.0115 4488  WANARP - ok
17:27:40.0115 4488  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:27:40.0162 4488  Wanarpv6 - ok
17:27:40.0209 4488  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:27:40.0271 4488  wbengine - ok
17:27:40.0287 4488  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:27:40.0302 4488  WbioSrvc - ok
17:27:40.0333 4488  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:27:40.0365 4488  wcncsvc - ok
17:27:40.0411 4488  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:27:40.0443 4488  WcsPlugInService - ok
17:27:40.0474 4488  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
17:27:40.0505 4488  Wd - ok
17:27:40.0536 4488  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:27:40.0583 4488  Wdf01000 - ok
17:27:40.0614 4488  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:27:40.0677 4488  WdiServiceHost - ok
17:27:40.0677 4488  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:27:40.0692 4488  WdiSystemHost - ok
17:27:40.0723 4488  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:27:40.0739 4488  WebClient - ok
17:27:40.0755 4488  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:27:40.0817 4488  Wecsvc - ok
17:27:40.0848 4488  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:27:40.0911 4488  wercplsupport - ok
17:27:40.0926 4488  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:27:40.0989 4488  WerSvc - ok
17:27:41.0004 4488  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:27:41.0051 4488  WfpLwf - ok
17:27:41.0067 4488  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:27:41.0082 4488  WIMMount - ok
17:27:41.0129 4488  WinDefend - ok
17:27:41.0145 4488  WinHttpAutoProxySvc - ok
17:27:41.0191 4488  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:27:41.0285 4488  Winmgmt - ok
17:27:41.0332 4488  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:27:41.0410 4488  WinRM - ok
17:27:41.0472 4488  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:27:41.0488 4488  WinUsb - ok
17:27:41.0535 4488  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:27:41.0566 4488  Wlansvc - ok
17:27:41.0628 4488  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:27:41.0659 4488  wlcrasvc - ok
17:27:41.0737 4488  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:27:41.0815 4488  wlidsvc - ok
17:27:41.0831 4488  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:27:41.0847 4488  WmiAcpi - ok
17:27:41.0878 4488  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:27:41.0909 4488  wmiApSrv - ok
17:27:41.0925 4488  WMPNetworkSvc - ok
17:27:41.0940 4488  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:27:41.0971 4488  WPCSvc - ok
17:27:41.0971 4488  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:27:42.0003 4488  WPDBusEnum - ok
17:27:42.0018 4488  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:27:42.0081 4488  ws2ifsl - ok
17:27:42.0112 4488  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:27:42.0143 4488  wscsvc - ok
17:27:42.0143 4488  WSearch - ok
17:27:42.0237 4488  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:27:42.0315 4488  wuauserv - ok
17:27:42.0346 4488  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:27:42.0393 4488  WudfPf - ok
17:27:42.0424 4488  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:27:42.0455 4488  WUDFRd - ok
17:27:42.0486 4488  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:27:42.0517 4488  wudfsvc - ok
17:27:42.0533 4488  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:27:42.0580 4488  WwanSvc - ok
17:27:42.0627 4488  [ 31DB70A61814E4F33181D48190D46845 ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
17:27:42.0658 4488  ZTEusbmdm6k - ok
17:27:42.0705 4488  [ C9ADA887BF326D8413E81FE80B1BE7EB ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
17:27:42.0751 4488  ZTEusbnmea - ok
17:27:42.0783 4488  [ 31DB70A61814E4F33181D48190D46845 ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
17:27:42.0798 4488  ZTEusbser6k - ok
17:27:42.0845 4488  ================ Scan global ===============================
17:27:42.0876 4488  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:27:42.0907 4488  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:27:42.0907 4488  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:27:42.0939 4488  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:27:42.0970 4488  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:27:42.0970 4488  [Global] - ok
17:27:42.0970 4488  ================ Scan MBR ==================================
17:27:42.0985 4488  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:27:44.0031 4488  \Device\Harddisk0\DR0 - ok
17:27:44.0031 4488  ================ Scan VBR ==================================
17:27:44.0062 4488  [ E7F895AB43B0F6F01930006396FF9612 ] \Device\Harddisk0\DR0\Partition1
17:27:44.0062 4488  \Device\Harddisk0\DR0\Partition1 - ok
17:27:44.0062 4488  ============================================================
17:27:44.0062 4488  Scan finished
17:27:44.0062 4488  ============================================================
17:27:44.0077 4644  Detected object count: 6
17:27:44.0077 4644  Actual detected object count: 6
17:27:57.0197 4644  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:57.0197 4644  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:27:57.0197 4644  LMS ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:57.0197 4644  LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:27:57.0197 4644  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:57.0197 4644  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:27:57.0197 4644  UI Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:57.0197 4644  UI Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:27:57.0197 4644  UNS ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:57.0197 4644  UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:27:57.0213 4644  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:57.0213 4644  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

06.05.2013, 20:25	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virenalarm Win32:ZAccess-PB [Trj] Hast du den Lesestoff nicht komplett gelesen? Ich hab dich darauf hingewiesen, dass du einen gefährlichen Schädling hast und nun warte ich auf deine Entscheidung ob Reinigung oder Neuinstallation. __________________ Logfiles bitte immer in CODE-Tags posten

Virenalarm Win32:ZAccess-PB [Trj]

Plagegeister aller Art und deren Bekämpfung: Virenalarm Win32:ZAccess-PB [Trj]