Facebook.vbs auf USB-Stick

Shakka · 23.05.2013, 22:01

Erstmal vielen Dank für deine weitere Hilfe.

Hier die asMBR.txt:

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-23 22:37:35
-----------------------------
22:37:35.638    OS Version: Windows x64 6.1.7601 Service Pack 1
22:37:35.638    Number of processors: 4 586 0x2A07
22:37:35.641    ComputerName: CYBERPORT-PC  UserName: ****
22:37:36.566    Initialize success
22:39:58.254    AVAST engine defs: 13052301
22:41:11.729    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:41:11.732    Disk 0 Vendor: SAMSUNG_ AXM1 Size: 745936MB BusType: 3
22:41:11.735    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
22:41:11.738    Disk 1 Vendor: TOSHIBA_ GT00 Size: 745936MB BusType: 3
22:41:11.743    Disk 0 MBR read successfully
22:41:11.746    Disk 0 MBR scan
22:41:11.753    Disk 0 Windows 7 default MBR code
22:41:11.757    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
22:41:11.776    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       700733 MB offset 411648
22:41:11.797    Disk 0 Partition 3 00     07    HPFS/NTFS             30000 MB offset 1435514288
22:41:11.800    Disk 0 Partition 4 00     12  Compaq diag             15000 MB offset 1496954288
22:41:11.803    Disk 0 scanning C:\Windows\system32\drivers
22:41:11.806    Service scanning
22:41:35.783    Modules scanning
22:41:35.808    Disk 0 trace - called modules:
22:41:35.819    
22:41:36.730    AVAST engine scan C:\Windows
22:41:36.741    AVAST engine scan C:\Windows\system32
22:41:36.750    AVAST engine scan C:\Windows\system32\drivers
22:41:36.755    AVAST engine scan C:\Users\****
22:41:36.759    AVAST engine scan C:\ProgramData
22:41:36.762    Scan finished successfully
22:42:50.302    Disk 0 MBR has been saved successfully to "C:\Users\****\Desktop\MBR.dat"
22:42:50.307    The log file has been saved successfully to "C:\Users\****\Desktop\aswMBR.txt"

Und das TDSSKiller Log:

Code:

ATTFilter

22:56:34.0439 1692  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:56:34.0651 1692  ============================================================
22:56:34.0651 1692  Current date / time: 2013/05/23 22:56:34.0651
22:56:34.0651 1692  SystemInfo:
22:56:34.0651 1692  
22:56:34.0651 1692  OS Version: 6.1.7601 ServicePack: 1.0
22:56:34.0651 1692  Product type: Workstation
22:56:34.0651 1692  ComputerName: CYBERPORT-PC
22:56:34.0652 1692  UserName: ****
22:56:34.0653 1692  Windows directory: C:\Windows
22:56:34.0653 1692  System windows directory: C:\Windows
22:56:34.0653 1692  Running under WOW64
22:56:34.0653 1692  Processor architecture: Intel x64
22:56:34.0653 1692  Number of processors: 4
22:56:34.0653 1692  Page size: 0x1000
22:56:34.0653 1692  Boot type: Normal boot
22:56:34.0653 1692  ============================================================
22:56:35.0068 1692  Drive \Device\Harddisk0\DR0 - Size: 0x7745D6000 (29.82 Gb), SectorSize: 0x200, Cylinders: 0xF34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:56:35.0098 1692  Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:56:35.0214 1692  ============================================================
22:56:35.0214 1692  \Device\Harddisk0\DR0:
22:56:35.0215 1692  MBR partitions:
22:56:35.0215 1692  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
22:56:35.0215 1692  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x5589EDB0
22:56:35.0215 1692  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x559035B0, BlocksNum 0x3A98000
22:56:35.0215 1692  \Device\Harddisk1\DR1:
22:56:35.0215 1692  MBR partitions:
22:56:35.0215 1692  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x51D61800, BlocksNum 0x3A98000
22:56:35.0215 1692  ============================================================
22:56:35.0217 1692  C: <-> \Device\Harddisk0\DR0\Partition2
22:56:35.0218 1692  ============================================================
22:56:35.0218 1692  Initialize success
22:56:35.0218 1692  ============================================================
22:57:07.0407 3676  ============================================================
22:57:07.0407 3676  Scan started
22:57:07.0407 3676  Mode: Manual; SigCheck; TDLFS; 
22:57:07.0407 3676  ============================================================
22:57:07.0463 3676  ================ Scan system memory ========================
22:57:07.0463 3676  System memory - ok
22:57:07.0463 3676  ================ Scan services =============================
22:57:07.0503 3676  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:57:07.0888 3676  1394ohci - ok
22:57:07.0896 3676  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:57:07.0917 3676  ACPI - ok
22:57:07.0921 3676  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:57:07.0934 3676  AcpiPmi - ok
22:57:07.0938 3676  [ 67672B229DC65CFF4A99ED80F6B2E170 ] ACPIVPC         C:\Windows\system32\DRIVERS\AcpiVpc.sys
22:57:08.0284 3676  ACPIVPC - ok
22:57:08.0290 3676  AdobeARMservice - ok
22:57:08.0312 3676  AdobeFlashPlayerUpdateSvc - ok
22:57:08.0320 3676  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:57:08.0336 3676  adp94xx - ok
22:57:08.0343 3676  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:57:08.0357 3676  adpahci - ok
22:57:08.0363 3676  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:57:08.0375 3676  adpu320 - ok
22:57:08.0380 3676  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:57:08.0410 3676  AeLookupSvc - ok
22:57:08.0419 3676  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:57:08.0435 3676  AFD - ok
22:57:08.0439 3676  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:57:08.0448 3676  agp440 - ok
22:57:08.0452 3676  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:57:08.0464 3676  ALG - ok
22:57:08.0467 3676  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:57:08.0475 3676  aliide - ok
22:57:08.0481 3676  [ CA52F07AB224527F0E2AFF987A4DEAAE ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:57:08.0496 3676  AMD External Events Utility - ok
22:57:08.0499 3676  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:57:08.0507 3676  amdide - ok
22:57:08.0511 3676  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:57:08.0522 3676  AmdK8 - ok
22:57:08.0654 3676  [ 5752679DF26FFF6F87E8EE7318F4931D ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:57:08.0820 3676  amdkmdag - ok
22:57:08.0831 3676  [ 0F010003B8032DDB4E5A4DFC37D6FDBD ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:57:08.0847 3676  amdkmdap - ok
22:57:08.0851 3676  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:57:08.0862 3676  AmdPPM - ok
22:57:08.0866 3676  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:57:08.0876 3676  amdsata - ok
22:57:08.0881 3676  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:57:08.0892 3676  amdsbs - ok
22:57:08.0895 3676  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:57:08.0904 3676  amdxata - ok
22:57:08.0911 3676  [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
22:57:08.0925 3676  AMPPAL - ok
22:57:08.0931 3676  [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
22:57:08.0939 3676  AMPPALP - ok
22:57:08.0956 3676  [ 576134E43169810B560F0BB6FDEE13F5 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
22:57:08.0981 3676  AMPPALR3 - ok
22:57:08.0985 3676  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:57:09.0013 3676  AppID - ok
22:57:09.0016 3676  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:57:09.0044 3676  AppIDSvc - ok
22:57:09.0046 3676  Appinfo - ok
22:57:09.0053 3676  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
22:57:09.0062 3676  arc - ok
22:57:09.0066 3676  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:57:09.0076 3676  arcsas - ok
22:57:09.0089 3676  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:57:09.0098 3676  aspnet_state - ok
22:57:09.0101 3676  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:57:09.0129 3676  AsyncMac - ok
22:57:09.0132 3676  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:57:09.0141 3676  atapi - ok
22:57:09.0153 3676  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:57:09.0187 3676  AudioEndpointBuilder - ok
22:57:09.0196 3676  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:57:09.0227 3676  AudioSrv - ok
22:57:09.0232 3676  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:57:09.0247 3676  AxInstSV - ok
22:57:09.0255 3676  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:57:09.0270 3676  b06bdrv - ok
22:57:09.0277 3676  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:57:09.0290 3676  b57nd60a - ok
22:57:09.0298 3676  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:57:09.0309 3676  BDESVC - ok
22:57:09.0313 3676  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:57:09.0342 3676  Beep - ok
22:57:09.0353 3676  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:57:09.0387 3676  BFE - ok
22:57:09.0399 3676  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
22:57:09.0437 3676  BITS - ok
22:57:09.0441 3676  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:57:09.0451 3676  blbdrive - ok
22:57:09.0465 3676  [ 5FF7B9916A10E8E69E7C0D16F0B4787A ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
22:57:09.0862 3676  Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
22:57:09.0862 3676  Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
22:57:09.0879 3676  [ E43D73CAF1023976EFBA1D0F0E69E271 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
22:57:10.0279 3676  Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
22:57:10.0279 3676  Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
22:57:10.0292 3676  [ 20427929646784A482DF34EF8C4FED23 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
22:57:10.0699 3676  Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
22:57:10.0699 3676  Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
22:57:10.0704 3676  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:57:10.0714 3676  bowser - ok
22:57:10.0717 3676  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:57:10.0729 3676  BrFiltLo - ok
22:57:10.0732 3676  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:57:10.0744 3676  BrFiltUp - ok
22:57:10.0749 3676  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
22:57:10.0777 3676  BridgeMP - ok
22:57:10.0780 3676  Browser - ok
22:57:10.0787 3676  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:57:10.0804 3676  Brserid - ok
22:57:10.0807 3676  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:57:10.0820 3676  BrSerWdm - ok
22:57:10.0823 3676  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:57:10.0836 3676  BrUsbMdm - ok
22:57:10.0839 3676  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:57:10.0849 3676  BrUsbSer - ok
22:57:10.0852 3676  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
22:57:10.0863 3676  BthEnum - ok
22:57:10.0866 3676  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:57:10.0879 3676  BTHMODEM - ok
22:57:10.0883 3676  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:57:10.0895 3676  BthPan - ok
22:57:10.0904 3676  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
22:57:10.0921 3676  BTHPORT - ok
22:57:10.0925 3676  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:57:10.0952 3676  bthserv - ok
22:57:10.0957 3676  [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
22:57:10.0964 3676  BTHSSecurityMgr - ok
22:57:10.0968 3676  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
22:57:10.0978 3676  BTHUSB - ok
22:57:10.0982 3676  [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio        C:\Windows\system32\drivers\btmaud.sys
22:57:10.0990 3676  btmaudio - ok
22:57:10.0995 3676  [ 75EAB5AAF6E9F83739249CE60B4B9C39 ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
22:57:11.0003 3676  btmaux - ok
22:57:11.0010 3676  [ 0B1CC2221DC5990E4557A78CE9AFAD4F ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
22:57:11.0021 3676  btmhsf - ok
22:57:11.0024 3676  catchme - ok
22:57:11.0030 3676  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:57:11.0058 3676  cdfs - ok
22:57:11.0064 3676  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:57:11.0084 3676  cdrom - ok
22:57:11.0089 3676  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:57:11.0116 3676  CertPropSvc - ok
22:57:11.0120 3676  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
22:57:11.0132 3676  circlass - ok
22:57:11.0139 3676  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:57:11.0153 3676  CLFS - ok
22:57:11.0162 3676  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:57:11.0170 3676  clr_optimization_v2.0.50727_32 - ok
22:57:11.0175 3676  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:57:11.0184 3676  clr_optimization_v2.0.50727_64 - ok
22:57:11.0193 3676  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:57:11.0201 3676  clr_optimization_v4.0.30319_32 - ok
22:57:11.0207 3676  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:57:11.0216 3676  clr_optimization_v4.0.30319_64 - ok
22:57:11.0220 3676  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
22:57:11.0228 3676  clwvd - ok
22:57:11.0231 3676  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:57:11.0241 3676  CmBatt - ok
22:57:11.0245 3676  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:57:11.0253 3676  cmdide - ok
22:57:11.0255 3676  CNG - ok
22:57:11.0278 3676  [ 74124D96E9E7F5FCE9C8C7148B295CA7 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
22:57:11.0310 3676  CnxtHdAudService - ok
22:57:11.0314 3676  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:57:11.0322 3676  Compbatt - ok
22:57:11.0326 3676  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:57:11.0338 3676  CompositeBus - ok
22:57:11.0341 3676  COMSysApp - ok
22:57:11.0348 3676  cpuz135 - ok
22:57:11.0352 3676  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:57:11.0361 3676  crcdisk - ok
22:57:11.0365 3676  CryptSvc - ok
22:57:11.0379 3676  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:57:11.0396 3676  cvhsvc - ok
22:57:11.0401 3676  [ F160B26B26BA4AFE8CECC12ED5AC231E ] CxAudMsg        C:\Windows\system32\CxAudMsg64.exe
22:57:11.0673 3676  CxAudMsg - ok
22:57:11.0679 3676  [ 5B209DED65A85B83380F5FD8D9F6E34F ] cyhid           C:\Windows\system32\DRIVERS\cyhid.sys
22:57:11.0688 3676  cyhid - ok
22:57:11.0692 3676  [ 8AF605163D2DE051165A8EB1CFA463CF ] cykbfltrService C:\Windows\system32\DRIVERS\cykbfltr.sys
22:57:11.0700 3676  cykbfltrService - ok
22:57:11.0704 3676  [ 8960C411AC89E033C50E7B745BB2FC28 ] cymfltrService  C:\Windows\system32\DRIVERS\cymfltr.sys
22:57:11.0713 3676  cymfltrService - ok
22:57:11.0723 3676  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:57:11.0755 3676  DcomLaunch - ok
22:57:11.0762 3676  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:57:11.0797 3676  defragsvc - ok
22:57:11.0801 3676  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:57:11.0829 3676  DfsC - ok
22:57:11.0836 3676  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:57:11.0850 3676  Dhcp - ok
22:57:11.0853 3676  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:57:11.0880 3676  discache - ok
22:57:11.0884 3676  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
22:57:11.0894 3676  Disk - ok
22:57:11.0899 3676  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:57:11.0911 3676  Dnscache - ok
22:57:11.0916 3676  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:57:11.0945 3676  dot3svc - ok
22:57:11.0950 3676  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:57:11.0979 3676  DPS - ok
22:57:11.0984 3676  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:57:11.0996 3676  drmkaud - ok
22:57:11.0998 3676  DXGKrnl - ok
22:57:12.0006 3676  [ FAF4969BDDEE7786862BBD75F4B499DE ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
22:57:12.0019 3676  e1cexpress - ok
22:57:12.0023 3676  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:57:12.0052 3676  EapHost - ok
22:57:12.0087 3676  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:57:12.0136 3676  ebdrv - ok
22:57:12.0140 3676  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:57:12.0164 3676  EFS - ok
22:57:12.0175 3676  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:57:12.0198 3676  ehRecvr - ok
22:57:12.0202 3676  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:57:12.0213 3676  ehSched - ok
22:57:12.0221 3676  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:57:12.0238 3676  elxstor - ok
22:57:12.0241 3676  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:57:12.0254 3676  ErrDev - ok
22:57:12.0265 3676  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:57:12.0297 3676  EventSystem - ok
22:57:12.0317 3676  [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:57:12.0347 3676  EvtEng - ok
22:57:12.0352 3676  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:57:12.0381 3676  exfat - ok
22:57:12.0386 3676  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:57:12.0417 3676  fastfat - ok
22:57:12.0427 3676  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:57:12.0446 3676  Fax - ok
22:57:12.0449 3676  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
22:57:12.0459 3676  fdc - ok
22:57:12.0463 3676  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:57:12.0490 3676  fdPHost - ok
22:57:12.0494 3676  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:57:12.0522 3676  FDResPub - ok
22:57:12.0525 3676  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:57:12.0535 3676  FileInfo - ok
22:57:12.0538 3676  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:57:12.0567 3676  Filetrace - ok
22:57:12.0570 3676  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:57:12.0580 3676  flpydisk - ok
22:57:12.0586 3676  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:57:12.0599 3676  FltMgr - ok
22:57:12.0602 3676  FontCache - ok
22:57:12.0607 3676  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:57:12.0614 3676  FontCache3.0.0.0 - ok
22:57:12.0617 3676  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:57:12.0626 3676  FsDepends - ok
22:57:12.0630 3676  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:57:12.0638 3676  Fs_Rec - ok
22:57:12.0641 3676  fvevol - ok
22:57:12.0647 3676  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:57:12.0656 3676  gagp30kx - ok
22:57:12.0667 3676  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:57:12.0702 3676  gpsvc - ok
22:57:12.0707 3676  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:57:12.0717 3676  gupdate - ok
22:57:12.0721 3676  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:57:12.0729 3676  gupdatem - ok
22:57:12.0732 3676  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:57:12.0743 3676  hcw85cir - ok
22:57:12.0751 3676  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:57:12.0766 3676  HdAudAddService - ok
22:57:12.0770 3676  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:57:12.0783 3676  HDAudBus - ok
22:57:12.0786 3676  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:57:12.0797 3676  HidBatt - ok
22:57:12.0801 3676  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:57:12.0814 3676  HidBth - ok
22:57:12.0817 3676  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:57:12.0830 3676  HidIr - ok
22:57:12.0833 3676  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
22:57:12.0862 3676  hidserv - ok
22:57:12.0866 3676  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:57:12.0874 3676  HidUsb - ok
22:57:12.0879 3676  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:57:12.0907 3676  hkmsvc - ok
22:57:12.0913 3676  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:57:12.0926 3676  HomeGroupListener - ok
22:57:12.0933 3676  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:57:12.0945 3676  HomeGroupProvider - ok
22:57:12.0949 3676  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:57:12.0958 3676  HpSAMD - ok
22:57:12.0969 3676  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:57:13.0004 3676  HTTP - ok
22:57:13.0007 3676  hwdatacard - ok
22:57:13.0013 3676  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:57:13.0020 3676  hwpolicy - ok
22:57:13.0023 3676  [ 2EB5187E2EC1C43DAC0DDC4BC8BFA956 ] hybridcfile     C:\Windows\system32\DRIVERS\HybridCFileX64.sys
22:57:13.0031 3676  hybridcfile - ok
22:57:13.0034 3676  [ BD626AE95B6E156F318D673E32012C14 ] HybridDisk      C:\Windows\system32\DRIVERS\HybridDiskX64.sys
22:57:13.0042 3676  HybridDisk - ok
22:57:13.0046 3676  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:57:13.0056 3676  i8042prt - ok
22:57:13.0066 3676  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
22:57:13.0079 3676  iaStor - ok
22:57:13.0087 3676  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:57:13.0102 3676  iaStorV - ok
22:57:13.0107 3676  [ 8A4EC1C3F10385181B1066120C610AE5 ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
22:57:13.0117 3676  iBtFltCoex - ok
22:57:13.0131 3676  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:57:13.0151 3676  idsvc - ok
22:57:13.0156 3676  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:57:13.0165 3676  iirsp - ok
22:57:13.0177 3676  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:57:13.0215 3676  IKEEXT - ok
22:57:13.0220 3676  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
22:57:13.0228 3676  intaud_WaveExtensible - ok
22:57:13.0235 3676  [ AE594CC17C33AC146739494615E14851 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
22:57:13.0247 3676  IntcDAud - ok
22:57:13.0252 3676  [ CE30E176D5F67728DE368242108B9C34 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
22:57:13.0263 3676  Intel(R) PROSet Monitoring Service - ok
22:57:13.0266 3676  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:57:13.0274 3676  intelide - ok
22:57:13.0550 3676  [ 978D876A581D57E0DE6437674EB0014D ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
22:57:13.0877 3676  intelkmd - ok
22:57:13.0886 3676  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:57:13.0896 3676  intelppm - ok
22:57:13.0901 3676  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:57:13.0934 3676  IPBusEnum - ok
22:57:13.0942 3676  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:57:13.0971 3676  IpFilterDriver - ok
22:57:13.0973 3676  iphlpsvc - ok
22:57:13.0980 3676  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:57:13.0995 3676  IPMIDRV - ok
22:57:14.0002 3676  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:57:14.0035 3676  IPNAT - ok
22:57:14.0038 3676  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:57:14.0054 3676  IRENUM - ok
22:57:14.0057 3676  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:57:14.0065 3676  isapnp - ok
22:57:14.0076 3676  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:57:14.0093 3676  iScsiPrt - ok
22:57:14.0101 3676  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
22:57:14.0111 3676  iwdbus - ok
22:57:14.0115 3676  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:57:14.0124 3676  kbdclass - ok
22:57:14.0128 3676  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:57:14.0139 3676  kbdhid - ok
22:57:14.0143 3676  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:57:14.0152 3676  KeyIso - ok
22:57:14.0156 3676  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:57:14.0166 3676  KSecDD - ok
22:57:14.0169 3676  KSecPkg - ok
22:57:14.0173 3676  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:57:14.0201 3676  ksthunk - ok
22:57:14.0208 3676  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:57:14.0241 3676  KtmRm - ok
22:57:14.0247 3676  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:57:14.0275 3676  LanmanServer - ok
22:57:14.0280 3676  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:57:14.0307 3676  LanmanWorkstation - ok
22:57:14.0312 3676  [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr          C:\Windows\system32\DRIVERS\LhdX64.sys
22:57:14.0321 3676  LHDmgr - ok
22:57:14.0325 3676  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:57:14.0353 3676  lltdio - ok
22:57:14.0360 3676  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:57:14.0391 3676  lltdsvc - ok
22:57:14.0394 3676  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:57:14.0422 3676  lmhosts - ok
22:57:14.0428 3676  [ 1584DEEAE5AA0E3FB045F3D0EAC585EA ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:57:14.0438 3676  LMS - ok
22:57:14.0444 3676  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:57:14.0454 3676  LSI_FC - ok
22:57:14.0458 3676  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:57:14.0468 3676  LSI_SAS - ok
22:57:14.0472 3676  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:57:14.0481 3676  LSI_SAS2 - ok
22:57:14.0485 3676  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:57:14.0494 3676  LSI_SCSI - ok
22:57:14.0499 3676  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:57:14.0527 3676  luafv - ok
22:57:14.0540 3676  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:57:14.0552 3676  Mcx2Svc - ok
22:57:14.0555 3676  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:57:14.0564 3676  megasas - ok
22:57:14.0570 3676  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:57:14.0585 3676  MegaSR - ok
22:57:14.0589 3676  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
22:57:14.0597 3676  MEIx64 - ok
22:57:14.0601 3676  Microsoft Office Groove Audit Service - ok
22:57:14.0606 3676  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:57:14.0634 3676  MMCSS - ok
22:57:14.0637 3676  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:57:14.0665 3676  Modem - ok
22:57:14.0669 3676  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:57:14.0688 3676  monitor - ok
22:57:14.0691 3676  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:57:14.0700 3676  mouclass - ok
22:57:14.0704 3676  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:57:14.0714 3676  mouhid - ok
22:57:14.0717 3676  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:57:14.0726 3676  mountmgr - ok
22:57:14.0731 3676  MpFilter - ok
22:57:14.0736 3676  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:57:14.0748 3676  mpio - ok
22:57:14.0751 3676  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:57:14.0779 3676  mpsdrv - ok
22:57:14.0791 3676  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:57:14.0827 3676  MpsSvc - ok
22:57:14.0832 3676  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:57:14.0848 3676  MRxDAV - ok
22:57:14.0853 3676  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:57:14.0864 3676  mrxsmb - ok
22:57:14.0870 3676  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:57:14.0883 3676  mrxsmb10 - ok
22:57:14.0888 3676  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:57:14.0899 3676  mrxsmb20 - ok
22:57:14.0902 3676  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:57:14.0911 3676  msahci - ok
22:57:14.0917 3676  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:57:14.0928 3676  msdsm - ok
22:57:14.0933 3676  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:57:14.0946 3676  MSDTC - ok
22:57:14.0953 3676  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:57:14.0981 3676  Msfs - ok
22:57:14.0984 3676  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:57:15.0011 3676  mshidkmdf - ok
22:57:15.0015 3676  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:57:15.0023 3676  msisadrv - ok
22:57:15.0028 3676  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:57:15.0058 3676  MSiSCSI - ok
22:57:15.0061 3676  msiserver - ok
22:57:15.0065 3676  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:57:15.0093 3676  MSKSSRV - ok
22:57:15.0098 3676  MsMpSvc - ok
22:57:15.0101 3676  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:57:15.0128 3676  MSPCLOCK - ok
22:57:15.0132 3676  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:57:15.0159 3676  MSPQM - ok
22:57:15.0166 3676  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:57:15.0180 3676  MsRPC - ok
22:57:15.0185 3676  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:57:15.0193 3676  mssmbios - ok
22:57:15.0197 3676  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:57:15.0228 3676  MSTEE - ok
22:57:15.0233 3676  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:57:15.0241 3676  MTConfig - ok
22:57:15.0245 3676  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:57:15.0254 3676  Mup - ok
22:57:15.0261 3676  [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:57:15.0272 3676  MyWiFiDHCPDNS - ok
22:57:15.0280 3676  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:57:15.0312 3676  napagent - ok
22:57:15.0318 3676  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:57:15.0335 3676  NativeWifiP - ok
22:57:15.0338 3676  NDIS - ok
22:57:15.0342 3676  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:57:15.0371 3676  NdisCap - ok
22:57:15.0374 3676  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:57:15.0401 3676  NdisTapi - ok
22:57:15.0405 3676  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:57:15.0433 3676  Ndisuio - ok
22:57:15.0438 3676  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:57:15.0467 3676  NdisWan - ok
22:57:15.0470 3676  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:57:15.0497 3676  NDProxy - ok
22:57:15.0501 3676  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:57:15.0528 3676  NetBIOS - ok
22:57:15.0535 3676  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:57:15.0564 3676  NetBT - ok
22:57:15.0568 3676  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:57:15.0577 3676  Netlogon - ok
22:57:15.0586 3676  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:57:15.0618 3676  Netman - ok
22:57:15.0622 3676  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:57:15.0631 3676  NetMsmqActivator - ok
22:57:15.0634 3676  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:57:15.0642 3676  NetPipeActivator - ok
22:57:15.0650 3676  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:57:15.0684 3676  netprofm - ok
22:57:15.0687 3676  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:57:15.0695 3676  NetTcpActivator - ok
22:57:15.0698 3676  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:57:15.0706 3676  NetTcpPortSharing - ok
22:57:15.0817 3676  [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
22:57:15.0948 3676  NETwNs64 - ok
22:57:15.0956 3676  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:57:15.0965 3676  nfrd960 - ok
22:57:15.0969 3676  NisDrv - ok
22:57:15.0972 3676  NisSrv - ok
22:57:15.0977 3676  NlaSvc - ok
22:57:15.0982 3676  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:57:16.0009 3676  Npfs - ok
22:57:16.0013 3676  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:57:16.0040 3676  nsi - ok
22:57:16.0043 3676  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:57:16.0071 3676  nsiproxy - ok
22:57:16.0075 3676  Ntfs - ok
22:57:16.0079 3676  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:57:16.0106 3676  Null - ok
22:57:16.0110 3676  [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
22:57:16.0123 3676  nusb3hub - ok
22:57:16.0128 3676  [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:57:16.0139 3676  nusb3xhc - ok
22:57:16.0144 3676  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:57:16.0154 3676  nvraid - ok
22:57:16.0159 3676  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:57:16.0170 3676  nvstor - ok
22:57:16.0176 3676  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:57:16.0186 3676  nv_agp - ok
22:57:16.0190 3676  odserv - ok
22:57:16.0196 3676  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:57:16.0207 3676  ohci1394 - ok
22:57:16.0212 3676  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:57:16.0222 3676  ose - ok
22:57:16.0276 3676  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:57:16.0363 3676  osppsvc - ok
22:57:16.0374 3676  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:57:16.0388 3676  p2pimsvc - ok
22:57:16.0396 3676  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:57:16.0410 3676  p2psvc - ok
22:57:16.0415 3676  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
22:57:16.0424 3676  Parport - ok
22:57:16.0428 3676  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:57:16.0438 3676  partmgr - ok
22:57:16.0443 3676  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:57:16.0457 3676  PcaSvc - ok
22:57:16.0464 3676  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:57:16.0474 3676  pci - ok
22:57:16.0478 3676  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:57:16.0486 3676  pciide - ok
22:57:16.0492 3676  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:57:16.0503 3676  pcmcia - ok
22:57:16.0507 3676  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:57:16.0516 3676  pcw - ok
22:57:16.0525 3676  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:57:16.0560 3676  PEAUTH - ok
22:57:16.0580 3676  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:57:16.0592 3676  PerfHost - ok
22:57:16.0614 3676  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:57:16.0660 3676  pla - ok
22:57:16.0668 3676  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:57:16.0684 3676  PlugPlay - ok
22:57:16.0687 3676  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:57:16.0698 3676  PNRPAutoReg - ok
22:57:16.0705 3676  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:57:16.0716 3676  PNRPsvc - ok
22:57:16.0725 3676  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:57:16.0765 3676  PolicyAgent - ok
22:57:16.0773 3676  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:57:16.0803 3676  Power - ok
22:57:16.0807 3676  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:57:16.0835 3676  PptpMiniport - ok
22:57:16.0839 3676  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
22:57:16.0850 3676  Processor - ok
22:57:16.0855 3676  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:57:16.0868 3676  ProfSvc - ok
22:57:16.0871 3676  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:57:16.0880 3676  ProtectedStorage - ok
22:57:16.0885 3676  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:57:16.0913 3676  Psched - ok
22:57:16.0932 3676  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:57:16.0963 3676  ql2300 - ok
22:57:16.0968 3676  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:57:16.0978 3676  ql40xx - ok
22:57:16.0984 3676  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:57:17.0001 3676  QWAVE - ok
22:57:17.0004 3676  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:57:17.0018 3676  QWAVEdrv - ok
22:57:17.0021 3676  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:57:17.0049 3676  RasAcd - ok
22:57:17.0053 3676  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:57:17.0080 3676  RasAgileVpn - ok
22:57:17.0085 3676  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:57:17.0114 3676  RasAuto - ok
22:57:17.0119 3676  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:57:17.0147 3676  Rasl2tp - ok
22:57:17.0155 3676  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:57:17.0187 3676  RasMan - ok
22:57:17.0191 3676  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:57:17.0220 3676  RasPppoe - ok
22:57:17.0224 3676  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:57:17.0253 3676  RasSstp - ok
22:57:17.0259 3676  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:57:17.0289 3676  rdbss - ok
22:57:17.0292 3676  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:57:17.0305 3676  rdpbus - ok
22:57:17.0308 3676  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:57:17.0335 3676  RDPCDD - ok
22:57:17.0342 3676  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:57:17.0369 3676  RDPENCDD - ok
22:57:17.0374 3676  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:57:17.0401 3676  RDPREFMP - ok
22:57:17.0405 3676  RdpVideoMiniport - ok
22:57:17.0412 3676  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:57:17.0426 3676  RDPWD - ok
22:57:17.0431 3676  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:57:17.0443 3676  rdyboost - ok
22:57:17.0458 3676  [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:57:17.0479 3676  RegSrvc - ok
22:57:17.0484 3676  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:57:17.0513 3676  RemoteAccess - ok
22:57:17.0519 3676  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:57:17.0550 3676  RemoteRegistry - ok
22:57:17.0555 3676  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:57:17.0570 3676  RFCOMM - ok
22:57:17.0575 3676  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:57:17.0604 3676  RpcEptMapper - ok
22:57:17.0607 3676  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:57:17.0619 3676  RpcLocator - ok
22:57:17.0627 3676  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:57:17.0657 3676  RpcSs - ok
22:57:17.0661 3676  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:57:17.0689 3676  rspndr - ok
22:57:17.0694 3676  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:57:17.0703 3676  SamSs - ok
22:57:17.0707 3676  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:57:17.0717 3676  sbp2port - ok
22:57:17.0722 3676  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:57:17.0753 3676  SCardSvr - ok
22:57:17.0756 3676  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:57:17.0783 3676  scfilter - ok
22:57:17.0797 3676  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:57:17.0837 3676  Schedule - ok
22:57:17.0841 3676  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:57:17.0866 3676  SCPolicySvc - ok
22:57:17.0871 3676  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:57:17.0883 3676  SDRSVC - ok
22:57:17.0888 3676  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:57:17.0916 3676  secdrv - ok
22:57:17.0920 3676  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:57:17.0948 3676  seclogon - ok
22:57:17.0952 3676  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
22:57:17.0980 3676  SENS - ok
22:57:17.0984 3676  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:57:17.0994 3676  SensrSvc - ok
22:57:17.0998 3676  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:57:18.0008 3676  Serenum - ok
22:57:18.0012 3676  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
22:57:18.0023 3676  Serial - ok
22:57:18.0026 3676  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:57:18.0036 3676  sermouse - ok
22:57:18.0046 3676  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:57:18.0076 3676  SessionEnv - ok
22:57:18.0080 3676  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:57:18.0096 3676  sffdisk - ok
22:57:18.0100 3676  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:57:18.0113 3676  sffp_mmc - ok
22:57:18.0116 3676  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:57:18.0129 3676  sffp_sd - ok
22:57:18.0132 3676  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:57:18.0142 3676  sfloppy - ok
22:57:18.0153 3676  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
22:57:18.0172 3676  Sftfs - ok
22:57:18.0180 3676  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:57:18.0196 3676  sftlist - ok
22:57:18.0205 3676  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:57:18.0215 3676  Sftplay - ok
22:57:18.0220 3676  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:57:18.0227 3676  Sftredir - ok
22:57:18.0230 3676  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
22:57:18.0238 3676  Sftvol - ok
22:57:18.0243 3676  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:57:18.0253 3676  sftvsa - ok
22:57:18.0260 3676  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:57:18.0293 3676  SharedAccess - ok
22:57:18.0300 3676  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:57:18.0330 3676  ShellHWDetection - ok
22:57:18.0335 3676  [ C10D453B07E3E7E00E5103BBA9BAD524 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
22:57:18.0345 3676  Shockprf - ok
22:57:18.0349 3676  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:57:18.0358 3676  SiSRaid2 - ok
22:57:18.0362 3676  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:57:18.0372 3676  SiSRaid4 - ok
22:57:18.0376 3676  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:57:18.0405 3676  Smb - ok
22:57:18.0411 3676  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:57:18.0422 3676  SNMPTRAP - ok
22:57:18.0443 3676  [ 047341270913A8DF16A4A773FD11274D ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
22:57:18.0473 3676  SNP2UVC - ok
22:57:18.0478 3676  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:57:18.0487 3676  spldr - ok
22:57:18.0489 3676  Spooler - ok
22:57:18.0527 3676  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:57:18.0596 3676  sppsvc - ok
22:57:18.0601 3676  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:57:18.0629 3676  sppuinotify - ok
22:57:18.0646 3676  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:57:18.0669 3676  srv - ok
22:57:18.0682 3676  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:57:18.0702 3676  srv2 - ok
22:57:18.0710 3676  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:57:18.0726 3676  srvnet - ok
22:57:18.0737 3676  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:57:18.0767 3676  SSDPSRV - ok
22:57:18.0773 3676  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:57:18.0803 3676  SstpSvc - ok
22:57:18.0806 3676  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:57:18.0814 3676  stexstor - ok
22:57:18.0831 3676  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:57:18.0857 3676  stisvc - ok
22:57:18.0862 3676  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:57:18.0872 3676  swenum - ok
22:57:18.0887 3676  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:57:18.0925 3676  swprv - ok
22:57:18.0955 3676  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:57:18.0989 3676  SysMain - ok
22:57:18.0993 3676  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:57:19.0009 3676  TabletInputService - ok
22:57:19.0015 3676  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:57:19.0045 3676  TapiSrv - ok
22:57:19.0049 3676  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:57:19.0077 3676  TBS - ok
22:57:19.0079 3676  Tcpip - ok
22:57:19.0083 3676  TCPIP6 - ok
22:57:19.0090 3676  tcpipreg - ok
22:57:19.0096 3676  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:57:19.0107 3676  TDPIPE - ok
22:57:19.0110 3676  [ 6FF3E30F82B9D7840369598FB3DDDE5E ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:57:19.0143 3676  Suspicious file (Forged): C:\Windows\system32\drivers\tdtcp.sys. Real md5: 6FF3E30F82B9D7840369598FB3DDDE5E, Fake md5: 51C5ECEB1CDEE2468A1748BE550CFBC8
22:57:19.0144 3676  TDTCP ( ForgedFile.Multi.Generic ) - warning
22:57:19.0144 3676  TDTCP - detected ForgedFile.Multi.Generic (1)
22:57:19.0154 3676  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:57:19.0203 3676  tdx - ok
22:57:19.0207 3676  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:57:19.0216 3676  TermDD - ok
22:57:19.0227 3676  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:57:19.0263 3676  TermService - ok
22:57:19.0267 3676  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:57:19.0280 3676  Themes - ok
22:57:19.0284 3676  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:57:19.0312 3676  THREADORDER - ok
22:57:19.0315 3676  [ 74868C001C7214FBD88B1A57EBB04811 ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
22:57:19.0323 3676  TPDIGIMN - ok
22:57:19.0326 3676  [ 130E6B36A8EEE48AA4F0AC404236836B ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
22:57:19.0334 3676  TPHDEXLGSVC - ok
22:57:19.0338 3676  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
22:57:19.0348 3676  TPM - ok
22:57:19.0353 3676  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:57:19.0382 3676  TrkWks - ok
22:57:19.0387 3676  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:57:19.0416 3676  TrustedInstaller - ok
22:57:19.0421 3676  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:57:19.0449 3676  tssecsrv - ok
22:57:19.0453 3676  TsUsbFlt - ok
22:57:19.0456 3676  TsUsbGD - ok
22:57:19.0462 3676  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:57:19.0490 3676  tunnel - ok
22:57:19.0493 3676  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:57:19.0503 3676  uagp35 - ok
22:57:19.0509 3676  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:57:19.0540 3676  udfs - ok
22:57:19.0547 3676  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:57:19.0558 3676  UI0Detect - ok
22:57:19.0562 3676  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:57:19.0572 3676  uliagpkx - ok
22:57:19.0575 3676  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:57:19.0586 3676  umbus - ok
22:57:19.0589 3676  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:57:19.0598 3676  UmPass - ok
22:57:19.0629 3676  [ FC43877B4625F6EB773C98233EB625C5 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:57:19.0674 3676  UNS - ok
22:57:19.0681 3676  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:57:19.0714 3676  upnphost - ok
22:57:19.0718 3676  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:57:19.0735 3676  usbccgp - ok
22:57:19.0739 3676  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:57:19.0752 3676  usbcir - ok
22:57:19.0755 3676  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:57:19.0765 3676  usbehci - ok
22:57:19.0773 3676  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:57:19.0787 3676  usbhub - ok
22:57:19.0790 3676  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:57:19.0799 3676  usbohci - ok
22:57:19.0804 3676  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
22:57:19.0815 3676  usbprint - ok
22:57:19.0821 3676  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:57:19.0838 3676  USBSTOR - ok
22:57:19.0841 3676  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:57:19.0851 3676  usbuhci - ok
22:57:19.0857 3676  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:57:19.0871 3676  usbvideo - ok
22:57:19.0875 3676  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:57:19.0903 3676  UxSms - ok
22:57:19.0906 3676  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:57:19.0915 3676  VaultSvc - ok
22:57:19.0920 3676  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:57:19.0928 3676  vdrvroot - ok
22:57:19.0937 3676  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:57:19.0971 3676  vds - ok
22:57:19.0975 3676  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:57:19.0987 3676  vga - ok
22:57:19.0990 3676  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:57:20.0017 3676  VgaSave - ok
22:57:20.0023 3676  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:57:20.0036 3676  vhdmp - ok
22:57:20.0039 3676  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:57:20.0047 3676  viaide - ok
22:57:20.0052 3676  VMCService - ok
22:57:20.0057 3676  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:57:20.0067 3676  volmgr - ok
22:57:20.0074 3676  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:57:20.0089 3676  volmgrx - ok
22:57:20.0095 3676  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:57:20.0108 3676  volsnap - ok
22:57:20.0113 3676  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:57:20.0124 3676  vsmraid - ok
22:57:20.0143 3676  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:57:20.0189 3676  VSS - ok
22:57:20.0193 3676  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:57:20.0205 3676  vwifibus - ok
22:57:20.0208 3676  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:57:20.0223 3676  vwififlt - ok
22:57:20.0227 3676  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:57:20.0240 3676  vwifimp - ok
22:57:20.0247 3676  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:57:20.0279 3676  W32Time - ok
22:57:20.0284 3676  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:57:20.0295 3676  WacomPen - ok
22:57:20.0299 3676  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:57:20.0327 3676  WANARP - ok
22:57:20.0330 3676  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:57:20.0356 3676  Wanarpv6 - ok
22:57:20.0375 3676  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:57:20.0404 3676  wbengine - ok
22:57:20.0409 3676  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:57:20.0426 3676  WbioSrvc - ok
22:57:20.0432 3676  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:57:20.0451 3676  wcncsvc - ok
22:57:20.0455 3676  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:57:20.0466 3676  WcsPlugInService - ok
22:57:20.0471 3676  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
22:57:20.0479 3676  Wd - ok
22:57:20.0490 3676  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:57:20.0511 3676  Wdf01000 - ok
22:57:20.0515 3676  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:57:20.0550 3676  WdiServiceHost - ok
22:57:20.0553 3676  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:57:20.0569 3676  WdiSystemHost - ok
22:57:20.0576 3676  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:57:20.0594 3676  WebClient - ok
22:57:20.0600 3676  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:57:20.0632 3676  Wecsvc - ok
22:57:20.0636 3676  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:57:20.0664 3676  wercplsupport - ok
22:57:20.0668 3676  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:57:20.0696 3676  WerSvc - ok
22:57:20.0700 3676  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:57:20.0728 3676  WfpLwf - ok
22:57:20.0731 3676  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:57:20.0740 3676  WIMMount - ok
22:57:20.0743 3676  WinDefend - ok
22:57:20.0749 3676  WinHttpAutoProxySvc - ok
22:57:20.0759 3676  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:57:20.0788 3676  Winmgmt - ok
22:57:20.0811 3676  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:57:20.0862 3676  WinRM - ok
22:57:20.0870 3676  WinUsb - ok
22:57:20.0883 3676  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:57:20.0907 3676  Wlansvc - ok
22:57:20.0910 3676  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:57:20.0918 3676  wlcrasvc - ok
22:57:20.0945 3676  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:57:20.0984 3676  wlidsvc - ok
22:57:20.0988 3676  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:57:20.0998 3676  WmiAcpi - ok
22:57:21.0007 3676  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:57:21.0020 3676  wmiApSrv - ok
22:57:21.0023 3676  WMPNetworkSvc - ok
22:57:21.0027 3676  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:57:21.0038 3676  WPCSvc - ok
22:57:21.0042 3676  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:57:21.0054 3676  WPDBusEnum - ok
22:57:21.0057 3676  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:57:21.0084 3676  ws2ifsl - ok
22:57:21.0089 3676  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
22:57:21.0104 3676  wscsvc - ok
22:57:21.0107 3676  WSearch - ok
22:57:21.0114 3676  [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
22:57:21.0123 3676  wsvd - ok
22:57:21.0150 3676  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:57:21.0195 3676  wuauserv - ok
22:57:21.0198 3676  WudfPf - ok
22:57:21.0203 3676  WUDFRd - ok
22:57:21.0207 3676  wudfsvc - ok
22:57:21.0210 3676  WwanSvc - ok
22:57:21.0222 3676  ================ Scan global ===============================
22:57:21.0226 3676  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:57:21.0233 3676  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:57:21.0241 3676  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:57:21.0244 3676  [Global] - ok
22:57:21.0244 3676  ================ Scan MBR ==================================
22:57:21.0247 3676  [ 69387055C6F72FF99BFD7A75C19E7708 ] \Device\Harddisk0\DR0
22:57:21.0380 3676  \Device\Harddisk0\DR0 - ok
22:57:21.0411 3676  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:57:21.0412 3676  Suspicious mbr (NoAccess): \Device\Harddisk1\DR1
22:57:22.0209 3676  \Device\Harddisk1\DR1 - ok
22:57:22.0210 3676  ================ Scan VBR ==================================
22:57:22.0217 3676  [ 75ABDD0C8912FE3F0482F3DEF1977C41 ] \Device\Harddisk0\DR0\Partition1
22:57:22.0222 3676  \Device\Harddisk0\DR0\Partition1 - ok
22:57:22.0227 3676  [ B6EF645E8984DDC47831B451FB107F71 ] \Device\Harddisk0\DR0\Partition2
22:57:22.0231 3676  \Device\Harddisk0\DR0\Partition2 - ok
22:57:22.0264 3676  [ AAE51351EF8EF3360C8EF74856A16531 ] \Device\Harddisk1\DR1\Partition1
22:57:22.0266 3676  \Device\Harddisk1\DR1\Partition1 - ok
22:57:22.0267 3676  ============================================================
22:57:22.0267 3676  Scan finished
22:57:22.0267 3676  ============================================================
22:57:22.0287 3084  Detected object count: 4
22:57:22.0288 3084  Actual detected object count: 4
22:57:56.0354 3084  Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
22:57:56.0354 3084  Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:57:56.0357 3084  Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:57:56.0357 3084  Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:57:56.0360 3084  Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:57:56.0360 3084  Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:57:56.0363 3084  TDTCP ( ForgedFile.Multi.Generic ) - skipped by user
22:57:56.0363 3084  TDTCP ( ForgedFile.Multi.Generic ) - User select action: Skip 
22:58:03.0362 1424  Deinitialize success

cosinus · 23.05.2013, 22:26

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Shakka · 24.05.2013, 02:32

JRT.txt:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by **** on 24.05.2013 at  3:19:06,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2801948
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{77AA7A54-D746-423B-A319-98827EBD25F9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{93E68F95-737E-4018-95D7-789C9E960C24}



~~~ Files

Successfully deleted: [File] "C:\end"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\****\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\****\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{06776DD2-1E9A-4265-A039-F0A9EB466DC4}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{0B18C5AE-C181-42F1-89E6-4C534A8E23E7}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{118D3041-8F34-4C25-86B8-0F94252572EF}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{9EDD4AA4-A449-4396-AFF9-D62C937C3925}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{CB7EC798-5955-438F-BCFF-545D22EE3FBC}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{E2317A8F-4E6E-4F0F-95AF-476DB24D2945}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{E3B0B0FD-B27B-421B-A908-D3FC15336412}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{F264F864-3B4D-4193-9FBF-4D163942BAA9}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.05.2013 at  3:22:32,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Nachdem ich den ersten JRT Scan ausgeführt hatte, habe ich Google Chrome neugestartet, um den adwCleaner runterzuladen. Dabei war die Toolbar zuerst verschwunden, nach kurzer Zeit war sie aber wieder da, deshalb habe ich vorsichtshalber einen zweiten JRT Scan durchgeführt:

JRT.txt:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by **** on 24.05.2013 at  3:34:56,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\****\appdata\locallow\conduit"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.05.2013 at  3:38:22,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Danach kam der adwCleaner:

Code:

ATTFilter

# AdwCleaner v2.301 - Datei am 24/05/2013 um 03:42:38 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : **** - CYBERPORT-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_images.search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_images.search.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Gelöscht mit Neustart : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn
Ordner Gelöscht : C:\Users\****\AppData\Local\APN
Ordner Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.31] : icon_url = "hxxp://search.conduit.com/fav.ico",
Gelöscht [l.34] : keyword = "search.conduit.com",
Gelöscht [l.38] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2[...]
Gelöscht [l.2171] : homepage = "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=48",

*************************

AdwCleaner[S1].txt - [2453 octets] - [24/05/2013 03:42:38]

########## EOF - C:\AdwCleaner[S1].txt - [2513 octets] ##########

OTL.txt:

Code:

ATTFilter

OTL logfile created on: 24.05.2013 03:45:40 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 60,89% Memory free
7,83 Gb Paging File | 6,06 Gb Available in Paging File | 77,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,31 Gb Total Space | 577,96 Gb Free Space | 84,46% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 0,02 Gb Free Space | 0,05% Space Free | Partition Type: NTFS
 
Computer Name: CYBERPORT-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe ()
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\23673bbebe3c0ca7c894e614bb3ffd1a\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (cymfltrService) -- C:\Windows\SysNative\drivers\cymfltr.sys (Cypress Semiconductor, Inc.)
DRV:64bit: - (cykbfltrService) -- C:\Windows\SysNative\drivers\cykbfltr.sys (Cypress Semiconductor, Inc.)
DRV:64bit: - (cyhid) -- C:\Windows\SysNative\drivers\cyhid.sys (Cypress Semiconductor, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys (Sonix Technology Co., Ltd.)
DRV:64bit: - (HybridDisk) -- C:\Windows\SysNative\drivers\HybridDiskX64.sys (Lenovo.)
DRV:64bit: - (hybridcfile) -- C:\Windows\SysNative\drivers\HybridCFileX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE474
IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.05.22 20:15:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [CyCpIo] C:\Programme\Cypress\TrackPad\CyCpIo.exe (Cypress Semiconductor Corporation)
O4:64bit: - HKLM..\Run: [CyHidWin] C:\Programme\Cypress\TrackPad\CyHidWin.exe (Cypress Semiconductor, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [Intelligent Touchpad] C:\Program Files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe ()
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2351051258-829387-1154746032-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E9FFE70-9FB6-414F-BAAA-45D98D1F7475}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DD66717-2FB1-4B77-A070-A48135AFF3AE}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.24 03:31:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2013.05.24 03:19:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.24 03:18:48 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.24 03:16:52 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\****\Desktop\JRT.exe
[2013.05.23 22:53:14 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\tdsskiller.exe
[2013.05.23 22:34:14 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe
[2013.05.23 00:24:38 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\mbar
[2013.05.23 00:24:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\WinRAR
[2013.05.23 00:24:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.23 00:24:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.23 00:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.05.22 23:00:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.22 20:14:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.22 20:09:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.22 20:09:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.22 20:09:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.22 20:07:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.22 20:07:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.22 19:59:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.22 19:59:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.22 19:59:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.22 19:59:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.22 19:59:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.22 19:59:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.22 19:59:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.22 19:59:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.22 19:59:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.22 19:59:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.22 19:59:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.22 19:59:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.22 19:59:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.22 19:59:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.22 19:59:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.22 19:56:13 | 005,069,782 | R--- | C] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe
[2013.05.22 03:05:47 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.22 03:05:40 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.22 03:05:40 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.22 03:05:40 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.22 03:05:40 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.22 03:05:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.21 18:29:09 | 008,534,408 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.13 12:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.05.13 12:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.05.13 12:41:11 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.05.13 12:41:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.05.13 12:41:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.05.13 12:41:10 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.05.13 12:41:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013.05.13 12:41:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.05.13 12:41:09 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.05.13 12:41:09 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.05.13 12:41:09 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.05.13 12:41:09 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.05.13 12:41:09 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.05.13 12:41:09 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.05.13 12:41:09 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.05.13 12:41:09 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.05.13 12:41:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.05.13 12:41:09 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.05.13 12:41:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.05.13 12:41:09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.05.13 12:41:09 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.05.13 12:41:09 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.05.13 12:41:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.05.13 12:41:08 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.05.13 12:41:08 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.05.13 12:41:08 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.05.13 12:41:08 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.05.13 12:40:24 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.05.13 12:40:23 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.05.13 12:40:23 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.05.13 12:32:18 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2013.05.13 12:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.13 12:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.13 12:31:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.13 12:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.13 12:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.05.13 12:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.04.29 11:40:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AB Frühlingswerkstatt
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.24 03:44:05 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.24 03:43:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.24 03:43:50 | 3153,268,736 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.24 03:42:56 | 000,000,172 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.24 03:31:18 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 03:31:18 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 03:31:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2013.05.24 03:30:09 | 000,632,031 | ---- | M] () -- C:\Users\****\Desktop\adwcleaner.exe
[2013.05.24 03:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.24 03:28:51 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.24 03:28:51 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.24 03:28:51 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.24 03:28:51 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.24 03:28:51 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.24 03:16:59 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\****\Desktop\JRT.exe
[2013.05.23 22:58:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.23 22:53:21 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\tdsskiller.exe
[2013.05.23 22:42:50 | 000,000,512 | ---- | M] () -- C:\Users\****\Desktop\MBR.dat
[2013.05.23 22:35:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe
[2013.05.23 00:11:41 | 000,377,856 | ---- | M] () -- C:\Users\****\Desktop\nv6evsnh.exe
[2013.05.22 20:15:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.22 20:05:38 | 000,467,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.22 19:56:50 | 005,069,782 | R--- | M] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe
[2013.05.21 18:29:21 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.21 18:29:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.21 18:29:10 | 008,534,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.15 20:07:02 | 000,067,928 | ---- | M] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.pdf
[2013.05.15 20:07:02 | 000,067,928 | ---- | M] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.pdf
[2013.05.15 20:06:52 | 000,022,775 | ---- | M] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.odt
[2013.05.15 20:06:52 | 000,022,775 | ---- | M] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.odt
[2013.05.13 12:45:32 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.04.30 18:18:27 | 000,119,124 | ---- | M] () -- C:\Users\****\Documents\Werkstatt 3.pdf
 
========== Files Created - No Company Name ==========
 
[2013.05.24 03:42:44 | 000,000,172 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.24 03:30:00 | 000,632,031 | ---- | C] () -- C:\Users\****\Desktop\adwcleaner.exe
[2013.05.23 22:42:50 | 000,000,512 | ---- | C] () -- C:\Users\****\Desktop\MBR.dat
[2013.05.23 00:11:38 | 000,377,856 | ---- | C] () -- C:\Users\****\Desktop\nv6evsnh.exe
[2013.05.22 20:09:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.22 20:09:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.22 20:09:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.22 20:09:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.22 20:09:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.15 20:18:28 | 000,067,928 | ---- | C] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.pdf
[2013.05.15 20:18:28 | 000,022,775 | ---- | C] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.odt
[2013.05.13 12:45:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.05.13 12:45:32 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.11 22:31:34 | 000,067,928 | ---- | C] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.pdf
[2013.05.11 19:56:17 | 000,022,775 | ---- | C] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.odt
[2013.04.30 18:18:27 | 000,119,124 | ---- | C] () -- C:\Users\****\Documents\Werkstatt 3.pdf
[2012.03.06 15:07:13 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012.01.06 19:04:29 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.06 19:03:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.06 18:58:13 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012.01.06 18:57:48 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.12.23 07:44:14 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.23 07:44:09 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.12.23 07:44:06 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.12.23 07:44:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.12.23 07:43:58 | 013,903,360 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.12.23 07:43:33 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.05 23:29:16 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2008.03.07 17:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.03.07 14:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 24.05.2013 03:45:40 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 60,89% Memory free
7,83 Gb Paging File | 6,06 Gb Available in Paging File | 77,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,31 Gb Total Space | 577,96 Gb Free Space | 84,46% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 0,02 Gb Free Space | 0,05% Space Free | Partition Type: NTFS
 
Computer Name: CYBERPORT-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DE5E1F-5522-469B-917B-735606214F37}" = lport=139 | protocol=6 | dir=in | app=system | 
"{11898D98-6C8B-449D-A2B7-3260E7A42A89}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1440C683-D216-4C0F-B0AB-E11A798B22BA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{22A0B024-E877-46CC-9035-C09744F296FA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3B9C5270-05F2-424F-93E7-460FE768F2F9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5433E419-3F1B-4924-9093-C25B6EC82F1E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5909DC2D-11D5-473E-A8FA-8F10686C3C7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{596BDC4F-B34E-49F2-A66E-9CBA525CDBD6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5FC741AF-EB3B-4B71-A64F-22B4F98E5A92}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6FC2ED6D-274F-4062-87F0-C376B8FBBDCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7F50513E-DB7E-46A2-83C6-403FE54DF2E0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{887ADCD7-2DC2-4801-BDDC-1F7847B60183}" = rport=445 | protocol=6 | dir=out | app=system | 
"{91603165-A76E-407D-88A0-F1CA0BACBB97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9B49EB6C-7BAC-4953-97B2-C3AC9DF3D204}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A9133D80-F58F-4337-8B0B-BBB9B17D4086}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B31C9C55-75B5-4B60-875E-7DF121B1F1B9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{BEC36110-393E-4342-ACF3-06C77AE80918}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CC5DCA69-A3B4-454F-A91B-23213A542967}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D0B0E9D9-824E-496B-AEE3-81CB471BA91D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D1D0B992-25A1-4FFB-BF8B-D019D34F935E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D7720F69-4039-4C4E-A54D-EB8F55E102DB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DF53888D-69C8-419F-9867-47F95F427FE9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E591F36F-FF0D-41F9-8A00-C4608A75BAE4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E7731312-E65B-4832-9CF7-BEFEC9BA8F4C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F103313D-9BFC-4DF6-9AF7-CCAD53764491}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FF825F-715D-4F2B-BF72-E79E6F3CCF0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0754AF5F-E2CB-421F-828D-90BC5E1DB4D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{121CC999-B044-4204-A718-718E511F7F0F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{16934280-B72C-40B8-BEE1-8BF40460F2F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{16FD38D6-C784-47B2-9307-5751384A6D51}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{21804C10-A4B8-4D5B-90C5-46A2BC93FC2B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2EC7E695-F050-4D50-BFFD-8C6F27B00795}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3881C58D-8CBE-457E-8E9A-AB4B93805563}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe | 
"{3CCF642E-12F4-4540-8768-9AD7F8D57657}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{46872405-394C-449D-8754-AE9E6AA3C726}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4C96B856-39D4-4974-9F6C-C15348BA42A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5CBA1D4E-AFE1-4CC2-A62C-4F07FFEB96C6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{63DB3F01-26AF-4A15-AD17-9A391B16B6B0}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{6935D317-D3DF-45C8-9485-8FDA3A138335}" = protocol=6 | dir=out | app=system | 
"{6CB7D10D-9DAC-4335-BE32-D1A5D11A5114}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6E9C5116-E7AC-45BA-AAFC-CF2163E3E378}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{7AA820E0-C10B-4A1C-93C6-C823BBF0C719}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{7E89FA16-1E44-4403-9655-02C4CECDB305}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8AEFB76F-6542-4190-A08A-3F5D866A1652}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{920A9F42-B17E-407B-9900-9C04C2763592}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{932DE051-58E1-4954-B8BD-55448E28AD0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AA494033-0955-4A8E-97A6-EF9022F11C8E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{B3D830B1-E70C-42BE-A5FB-DABD4B93B643}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B3F237AB-4E86-4D05-BC12-811FEEDBC937}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BA973E0E-DCEA-4303-B698-C47BA3214D37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB21EA61-C609-4C7E-BF4D-C628D6FAF8CB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CF6141CB-8DB6-4F58-BB05-4C19CC831999}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{E19CABA1-B198-4DCE-8B39-FCD52389DA8E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F7D8F07F-2EC0-42B8-99E3-113033705B65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F816EDEB-A1B2-4AE1-8984-785DDF5A0761}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{216EFEDD-6665-1A06-BC5E-D66DB0F63E94}" = AMD Catalyst Install Manager
"{25EE6AF4-8FD6-4E09-AD9B-3ACC0B81D902}" = SRS Premium Sound Control Panel
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{44663264-E108-4938-BF9E-A767315072C9}" = Intel(R) Network Connections 16.3.48.0
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1" = Cypress TrackPad
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B3B521D0-C0B9-F9FB-2F87-FAFBC23C131E}" = AMD Media Foundation Decoders
"{BF220B74-FCAE-2674-8939-CA8AC138278B}" = ccc-utility64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"03A1C6133CBCFD1D944CAC45762E2EC5CD524136" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (08/04/2011 6.1.0.1)
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 16.3.48.0
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{09A7C56F-3131-FA22-5D0A-6026D5AB5733}" = Catalyst Control Center Localization All
"{0A29AAE4-08D8-D865-E468-8CF1B4E2C0E4}" = CCC Help Norwegian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13FCE396-40F7-C93F-F79B-2215627A76D2}" = PX Profile Update
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DEB3E6-87BA-28B7-E7C3-BA7305E91DFD}" = CCC Help Portuguese
"{233A7E16-A21A-3970-A0F1-1E84712A529E}" = CCC Help Russian
"{267BA0D6-1405-1181-0601-75133559A44E}" = CCC Help Greek
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Lenovo EasyCamera
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{4171D296-832D-D6C7-1A24-DB80A9D16A31}" = CCC Help Chinese Standard
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{52FDA874-17C5-18EC-1753-A389BC9FD155}" = CCC Help Japanese
"{53F80399-2F41-9067-4131-44253FF14881}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{557100D3-1016-1409-FC90-D9C50F9D32E4}" = CCC Help Czech
"{56C9B0FB-3080-651E-7C80-C422CB3D27BF}" = CCC Help Hungarian
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F75710E-3D36-B3AF-D2FB-48875CD10D0B}" = CCC Help German
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66DDDCFD-14D6-F579-C21B-87B12149991A}" = CCC Help Korean
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{81B13DC5-800B-1F1B-30B0-DC5D3083E4A1}" = CCC Help Italian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9143971E-6162-804D-319A-6B9280C976E8}" = CCC Help Spanish
"{921DF4FA-FCCB-F72D-E625-B9634DDCC797}" = Catalyst Control Center
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D24AEA-D6DB-70AE-C560-E346F9EFAA5C}" = CCC Help English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96D35AEA-E736-DB41-B600-C427A3137B29}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1F6929-ECAF-9F73-E8BB-B3176925E5AF}" = CCC Help Finnish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E292145-51DD-2B95-B04C-3D90F0A4BF6B}" = CCC Help Chinese Traditional
"{A1A2D971-FD11-A5E6-B6FD-57822E2DF67A}" = CCC Help French
"{A4D65972-71A0-1C92-AECC-BB8017E51C8D}" = CCC Help Danish
"{A5FE05E7-8EB8-452E-6D5F-5D9453EB7855}" = CCC Help Polish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB044210-33FB-CFB2-3962-B6BC770B3A56}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B5DF52CC-6A6C-8FF4-867B-0F2759DB144F}" = CCC Help Swedish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF3637CF-C793-4842-A653-3C1DA2AE2853}" = Catalyst Control Center - Branding
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0C90720-0243-0886-B9E0-FC59F9B1A29B}" = Catalyst Control Center Profiles Mobile
"{D159483E-93B4-7072-2AE5-0C771481FEC5}" = CCC Help Turkish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}" = Intel(R) WiDi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6A03223-47BC-F37E-AD0C-A98B821A3C21}" = Catalyst Control Center InstallProxy
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F493761C-E465-4B9E-9FC1-A312F161DE0A}" = Active Protection System
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}" = Intelligent Touchpad
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"f42012" = f4 2012
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PitchPerfect" = PitchPerfect Musical Instrument Tuner
"ProInst" = Intel PROSet Wireless
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.05.2013 21:44:03 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 23.05.2013 21:42:04 | Computer Name = Cyberport-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

cosinus · 24.05.2013, 10:37

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Shakka · 24.05.2013, 17:38

Im Rahmen des ESET Scans habe ich ja nun (wie von dir geschrieben) zum ersten Mal, seitdem ich hier gepostet hatte, wieder die USB Sticks angeschlossen. Leider sind die Verknüpfungen zu Facebook.vbs dort noch immer vorhanden und die echten Dateien werden nur versteckt angezeigt, auch nach dem ESET Scan. Angeklickt habe ich aber keine davon.

Hier nun jedenfalls die Logs:

MBAM:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
**** :: CYBERPORT-PC [Administrator]

24.05.2013 15:55:27
mbam-log-2013-05-24 (15-55-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 375084
Laufzeit: 34 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3339477899108f43876ccc656ec06553
# engine=13905
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-24 04:28:07
# local_time=2013-05-24 06:28:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 35850555 121042737 0 0
# scanned=189386
# found=0
# cleaned=0
# scan_time=5492

cosinus · 24.05.2013, 18:48

Zitat:

Leider sind die Verknüpfungen zu Facebook.vbs dort noch immer vorhanden und die echten Dateien werden nur versteckt angezeigt,

na, Verknüpfungen sind ja auch keine Schädlinge, einfach löschen. und das Versteckt-Attribut kannst du entfernen

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Shakka · 25.05.2013, 16:45

Okay, ich habe jetzt alle Verknüpfungen auf den USB Sticks gelöscht und das Versteckt Attribut bei den echten Dateien entfernt. Damit sind nun, soweit ich das sehe, alle Probleme gelöst.

Vielen Dank für deine großartige Hilfe, natürlich auch im Namen meiner Freundin!

cosinus · 26.05.2013, 18:28

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Facebook.vbs auf USB-Stick

Plagegeister aller Art und deren Bekämpfung: Facebook.vbs auf USB-Stick