Laptop infiziert mit ihavenet.com

Steffi000 · 24.05.2013, 16:15

Hallo liebe Forumsmitglieder!
Auf meinem Laptop hat sich dieser fiese ihavenet.com-Trojaner eingenistet

. Das Windows-Sicherheitscenter ist deaktiviert und lässt sich nicht mehr aktivieren und beim Surfen werde ich ständig auf andere Seiten umgeleitet. Meistens ist es ihavenet.com, aber nicht immer. Weil ich einen Werbeblocker installiert hab, kann ich nicht sehen, was dort angezeigt wird. Das ist das erste Mal, dass ich mit so einem Schädlingsbefall zu tun hab und ich hab keine Ahnung, wie ich den wieder loswerden kann

. Ich hoffe, ihr könnt mir helfen, bitte?

Hier ist die OTL.txt (Ich habe "Scanne alle Benutzer" aktiviert):

OTL logfile created on: 24.05.2013 16:10:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,82 Gb Available Physical Memory | 70,47% Memory free
7,99 Gb Paging File | 6,58 Gb Available in Paging File | 82,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,09 Gb Total Space | 85,61 Gb Free Space | 73,12% Space Free | Partition Type: NTFS
Drive D: | 348,57 Gb Total Space | 338,71 Gb Free Space | 97,17% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.05.24 15:55:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.05.07 20:22:20 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.05.07 20:22:17 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013.03.27 13:31:18 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013.03.27 11:54:05 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.27 11:53:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.20 22:56:46 | 001,574,176 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.28 12:53:44 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

========== Modules (No Company Name) ==========

MOD - [2012.11.28 12:53:44 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll

========== Services (SafeList) ==========

SRV - [2013.05.15 19:25:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.07 20:22:20 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.04.12 22:29:13 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013.03.27 11:54:05 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.27 11:53:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.22 16:35:22 | 000,828,072 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.09.21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.05.11 15:20:54 | 000,335,288 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2013.03.27 11:54:16 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.27 11:54:16 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.27 11:54:16 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.12.13 11:49:42 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2012.11.28 13:08:44 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.11.28 12:50:32 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.11.28 12:31:32 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2012.11.28 12:30:04 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.09.15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.11.22 16:35:36 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/german
IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 AF B9 40 AB CD CD 01 [binary data]
IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\SearchScopes\{84B882D9-66EF-41A2-9AD5-A754D168469E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=0a38c308-1d12-4dcb-b48d-669a227fd36f&apn_sauid=CAEC86B4-5E44-45A6-BDD4-8E9BA7843FD2
IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013.05.04 21:33:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013.05.04 21:33:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 22:29:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.07 20:09:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 22:29:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.07 20:09:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012.11.28 22:23:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.12.02 15:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\extensions
[2012.12.02 16:27:48 | 000,000,000 | ---D | M] (IncrediMail MediaBar Deutsch 2) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\extensions\{990af1c2-5a27-4460-8149-ecc6bc122af3}
[2012.12.02 15:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4ccc7q0f.default\extensions
[2012.12.02 16:27:46 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4ccc7q0f.default\extensions\toolbar@ask.com
[2013.05.09 11:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tqnbumyk.default\extensions
[2013.05.04 21:33:29 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tqnbumyk.default\extensions\ffxtlbr@zonealarm.com
[2013.01.16 22:13:04 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tqnbumyk.default\extensions\toolbar@ask.com
[2012.11.28 22:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yijgufzc.default\extensions
[2013.02.09 19:38:48 | 000,004,270 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\addon@gutscheine-live.de.xpi
[2013.02.09 19:38:48 | 000,018,981 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\alarm@gutscheinsammler.de.xpi
[2013.02.09 19:31:50 | 000,087,753 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\ciuvo-extension@billiger.de.xpi
[2013.02.09 19:34:02 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\extension@ciuvo.com.xpi
[2013.02.09 19:38:48 | 000,011,951 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\info@gutscheinheld.de.xpi
[2013.02.09 19:38:48 | 000,016,460 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\shopclever@extension.xpi
[2013.02.09 19:38:48 | 000,149,831 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\{239cc760-75a9-4276-b1fc-c0ceb963f373}.xpi
[2013.02.09 22:42:04 | 000,328,332 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013.05.09 11:35:55 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.08 18:17:29 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.01.23 12:46:58 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.js
[2012.08.06 16:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\toolbar@ask.com\chrome\content\view_expiry.js
[2012.08.07 01:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.j s
[2012.12.02 15:26:52 | 000,002,413 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\4ccc7q0f.default\searchplugins\askcom.xml
[2013.04.12 22:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 22:29:13 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 09:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 09:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 09:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 09:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 09:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 09:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found.
O3 - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3177629839-3943153019-229376302-1000..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Windows\TEMP\E_SEF23.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{753AB398-11AF-4DE0-83BD-DC9645EC3859}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.24 15:55:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.11 16:49:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.05.11 15:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProtectDisc Driver Installer
[2013.05.11 15:20:54 | 000,335,288 | ---- | C] (Protect Software GmbH) -- C:\Windows\SysNative\drivers\acedrv11.sys
[2013.05.11 15:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B-Alive
[2013.05.11 14:34:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.05.11 10:28:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Der Bauernhof
[2013.05.11 10:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Der Bauernhof
[2013.05.11 09:17:03 | 000,268,048 | ---- | C] (MetaCreations Corporation) -- C:\Windows\SysWow64\dxtmeta2.dll
[2013.05.10 17:06:14 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.05.07 20:22:59 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.05 22:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

========== Files - Modified Within 30 Days ==========

[2013.05.24 16:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.24 15:55:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.24 15:53:46 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.05.24 15:22:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.24 15:15:49 | 000,015,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 15:15:49 | 000,015,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 15:08:21 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\XOQTMSAFP.job
[2013.05.24 15:07:58 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.19 19:18:41 | 000,348,160 | RHS- | M] () -- C:\Windows\SysWow64\msdartw.dll
[2013.05.18 11:50:28 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000D53.LCS
[2013.05.18 11:48:13 | 000,302,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.15 20:35:19 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.15 20:35:19 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.15 20:35:19 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.15 20:35:19 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.15 20:35:19 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.11 15:20:54 | 000,335,288 | ---- | M] (Protect Software GmbH) -- C:\Windows\SysNative\drivers\acedrv11.sys
[2013.05.11 10:28:15 | 000,001,597 | ---- | M] () -- C:\Users\***\Desktop\Der Bauernhof.lnk
[2013.05.11 10:28:15 | 000,000,881 | ---- | M] () -- C:\Users\***\Desktop\Der Bauernhof Anleitung.lnk
[2013.05.10 22:13:07 | 003,119,840 | ---- | M] () -- C:\Users\***\Desktop\Vorgarten.ods
[2013.05.07 20:22:35 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.05 22:19:46 | 000,008,452 | ---- | M] () -- C:\Users\Public\Documents\cc_20130505_221942.reg
[2013.05.04 21:35:31 | 000,417,563 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013.05.02 22:48:50 | 000,085,757 | ---- | M] () -- C:\Users\***\Desktop\Garten.ods

========== Files Created - No Company Name ==========

[2013.05.24 15:53:46 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.05.19 19:18:41 | 000,348,160 | RHS- | C] () -- C:\Windows\SysWow64\msdartw.dll
[2013.05.19 19:18:41 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\XOQTMSAFP.job
[2013.05.11 15:20:55 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000D53.LCS
[2013.05.11 10:28:15 | 000,001,597 | ---- | C] () -- C:\Users\***\Desktop\Der Bauernhof.lnk
[2013.05.11 10:28:15 | 000,000,881 | ---- | C] () -- C:\Users\***\Desktop\Der Bauernhof Anleitung.lnk
[2013.05.05 22:19:44 | 000,008,452 | ---- | C] () -- C:\Users\Public\Documents\cc_20130505_221942.reg
[2012.12.09 15:20:22 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.12.09 15:20:22 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.12.09 15:20:22 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.12.09 15:20:22 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.12.09 15:20:22 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.12.09 15:20:22 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.12.09 15:20:22 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.12.09 15:20:22 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.12.09 15:20:22 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.12.09 15:20:22 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.12.09 15:20:22 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.12.09 15:20:22 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.12.09 15:20:22 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.12.09 15:20:22 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.12.09 15:20:22 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.12.09 15:20:22 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.12.09 15:20:22 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.12.09 15:20:22 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.12.09 15:20:22 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012.12.09 15:01:13 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.12.17 20:50:14 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\CheckPoint
[2013.04.25 17:51:45 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\elsterformular
[2013.02.03 19:58:14 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\MAGIX
[2013.01.13 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\OpenOffice.org
[2013.05.11 15:20:48 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\ProtectDisc
[2013.02.08 20:24:09 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Thunderbird
[2013.02.09 19:49:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.11.28 21:07:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint
[2013.03.26 15:13:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2013.01.20 16:15:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2012.12.16 16:31:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hulubulu
[2012.12.16 14:37:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.12.02 17:15:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.12.26 18:28:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softland
[2012.12.02 17:50:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird

========== Purity Check ==========

< End of report >

Hier die Extra.txt:

OTL Extras logfile created on: 24.05.2013 16:10:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,82 Gb Available Physical Memory | 70,47% Memory free
7,99 Gb Paging File | 6,58 Gb Available in Paging File | 82,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,09 Gb Total Space | 85,61 Gb Free Space | 73,12% Space Free | Partition Type: NTFS
Drive D: | 348,57 Gb Total Space | 338,71 Gb Free Space | 97,17% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3177629839-3943153019-229376302-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CF8A7A-533B-41AB-B80E-23917157D5A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D8F24ED-AD7F-46D1-AEFB-D8E368F68F4C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2322C12B-31D5-4860-90CF-188F16B6AE3C}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{290E052E-7B1E-4396-A0F6-F9A91F8513F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33C14F4A-83FD-4EB5-86CA-BEA41E5B8A72}" = rport=139 | protocol=6 | dir=out | app=system |
"{359AFA63-8F7F-4094-B166-CEEF15E6F7FE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{383ACCEB-4AC6-48DA-9BE2-357D9EFB2D42}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{424AD1CE-B832-4854-8301-205F2E2EADCE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47F1F386-82CE-45EE-A6C1-82E1E18DD512}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59012EEB-06D7-49F4-8F33-F0F042CB7999}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5D2B84B8-E06C-4466-AF8B-BC6B746E246C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D34E524-628E-4735-BF81-C2C2FF7F51A1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79BA4395-CC14-4954-B3A3-B97C8DEE023A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81217A61-546B-415B-99F7-0F9AB64978A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{891B04DF-9337-4F7C-8162-4B080A424393}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{91DF5940-3B7F-437D-B36D-BE45DA31F568}" = rport=445 | protocol=6 | dir=out | app=system |
"{94FB11D1-0795-4462-90DA-8206F222F571}" = lport=137 | protocol=17 | dir=in | app=system |
"{9B050023-5C4F-4CDB-9DCD-C503F6C00F3D}" = lport=445 | protocol=6 | dir=in | app=system |
"{A09F5266-2DD7-4200-B431-D624BBB03C15}" = lport=138 | protocol=17 | dir=in | app=system |
"{A0DF2DAD-A8CA-43B2-A536-3F07E512A5D6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6126126-5B4E-4396-8649-48294ACE7517}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4AA0382-E437-470C-A62A-F0FD78F41948}" = rport=138 | protocol=17 | dir=out | app=system |
"{B833A075-0F08-4C9C-AE8F-0CCB6E8B1753}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D578B1E8-92C1-46B6-8EDF-BEDA9525A26E}" = lport=16741 | protocol=6 | dir=in | name=windows core service |
"{EF653B50-0D2D-4BE8-89BD-DCC4A4830564}" = rport=137 | protocol=17 | dir=out | app=system |
"{F3C3C6DD-A6AF-4711-80C1-A4A601F7D017}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BD915E-9D1E-4E76-82EC-B38C2327F5E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B49B865-2716-4C06-AA4B-D2A40920301B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24645E7F-5E4D-4C17-904C-FCD609BCB50D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{29EACCF2-9442-40FD-A21C-3F6A0436E307}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3A2AA1B5-5F8C-4BFC-A702-592691B8256B}" = protocol=6 | dir=out | app=system |
"{3B9F739E-8E66-4FA2-9D5F-9EDDB947CAE5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5DD2F2D5-3531-4BBD-9BCB-E139025F159B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6BC04B72-0AF9-40C9-BC44-E7CAF1C6D8CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7577D4F8-C271-414B-AE3B-97E86EAE143B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{807F1D4F-2656-46C8-B685-FF8A85CF1242}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9AD97E32-549F-49FD-928C-0C94691EC008}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9F5A9C1B-F886-4357-97E7-6AE86330BDD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B2393DE6-4DFE-468B-8EC4-21B7DA8291C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D3717F39-49BE-4BF5-B9CE-F69F4F95BEED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA598FF3-AE3C-4C52-A961-33D3ECC2E66C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1DA5EC0-6357-4C02-85E3-22A28DE322CE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EE8EDE4F-DF11-46E2-B24C-926C913AABB4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F541D1FD-D036-4476-9AE6-E9612626E68D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F9E75919-6B04-4D91-8F6B-768F4FF15AE2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"doPDF 7 printer_is1" = doPDF 7.3 printer
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10D4BC5F-F73E-4CD1-A7C2-DF215307A811}" = ZoneAlarm Firewall
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{16456401-9621-4F3D-836A-59EA425C471D}" = ZoneAlarm Security
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2756F572-C383-4A2E-B1F6-7315E6DA308A}" = ZoneAlarm Security
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{53652DA6-AD2D-4B0F-80BA-6F3CFE2B48D7}" = ZoneAlarm Security
"{54CCA4E2-D15D-4927-A866-2D33BFED4A8E}" = ZoneAlarm Firewall
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737B13C5-990B-4339-8A4D-0FFEBBC3DB17}" = ZoneAlarm Firewall
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Renamer_is1" = Advanced Renamer
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Apassionata_is1" = Apassionata v1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bauernhof" = Bauernhof
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"ElsterFormular" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"fotokasten comfort_is1" = fotokasten comfort 5.0
"Gardenscapes_is1" = Gardenscapes
"Horse Life_is1" = Horse Life
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"LManager" = Launch Manager
"MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3177629839-3943153019-229376302-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07.05.2013 14:18:03 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 07.05.2013 14:18:04 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 07.05.2013 14:18:04 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 07.05.2013 14:18:04 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 07.05.2013 14:18:04 | Computer Name = ***-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 11.05.2013 03:17:31 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cdstart.exe, Version: 1.0.0.0, Zeitstempel:
0x0bfc3047 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00020140 ID des fehlerhaften Prozesses:
0x1028 Startzeit der fehlerhaften Anwendung: 0x01ce4e1784c8e2f8 Pfad der fehlerhaften
Anwendung: E:\cdstart.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
d7d345bc-ba0a-11e2-a1e9-00262d5b93f5

Error - 11.05.2013 04:22:39 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cdstart.exe, Version: 1.0.0.0, Zeitstempel:
0x0bfc3047 Name des fehlerhaften Moduls: cdstart.exe, Version: 1.0.0.0, Zeitstempel:
0x0bfc3047 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00087c57 ID des fehlerhaften Prozesses:
0x1748 Startzeit der fehlerhaften Anwendung: 0x01ce4e206f6aecb8 Pfad der fehlerhaften
Anwendung: E:\cdstart.exe Pfad des fehlerhaften Moduls: E:\cdstart.exe Berichtskennung:
f109f544-ba13-11e2-91e0-00262d5b93f5

Error - 11.05.2013 04:22:43 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cdstart.exe, Version: 1.0.0.0, Zeitstempel:
0x0bfc3047 Name des fehlerhaften Moduls: cdstart.exe, Version: 1.0.0.0, Zeitstempel:
0x0bfc3047 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00087c57 ID des fehlerhaften Prozesses:
0x1748 Startzeit der fehlerhaften Anwendung: 0x01ce4e206f6aecb8 Pfad der fehlerhaften
Anwendung: E:\cdstart.exe Pfad des fehlerhaften Moduls: E:\cdstart.exe Berichtskennung:
f3a14a15-ba13-11e2-91e0-00262d5b93f5

Error - 13.05.2013 06:18:22 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Apassionata.exe, Version: 0.0.0.0,
Zeitstempel: 0x48f60f6e Name des fehlerhaften Moduls: Apassionata.exe, Version:
0.0.0.0, Zeitstempel: 0x48f60f6e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00279b19
ID
des fehlerhaften Prozesses: 0x13d0 Startzeit der fehlerhaften Anwendung: 0x01ce4fc315a660ec
Pfad
der fehlerhaften Anwendung: C:\Spiele\Apassionata\Apassionata.exe Pfad des fehlerhaften
Moduls: C:\Spiele\Apassionata\Apassionata.exe Berichtskennung: 70248d94-bbb6-11e2-81cd-00262d5b93f5

Error - 18.05.2013 14:59:10 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm soffice.bin, Version 3.4.9593.500 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 78c Startzeit:
01ce53f74bff9cda Endzeit: 30 Anwendungspfad: C:\Program Files (x86)\OpenOffice.org
3\program\soffice.bin Berichts-ID:

[ Media Center Events ]
Error - 26.03.2013 21:59:09 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 02:59:09 - Fehler beim Herstellen der Internetverbindung. 02:59:09
- Serververbindung konnte nicht hergestellt werden..

Error - 27.03.2013 05:51:05 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 10:49:33 - Fehler beim Herstellen der Internetverbindung. 10:49:33
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069

Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069

Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069

Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069

Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069

< End of report >

Und hier die Gmer-Datei (Der Aivra Echtzeit-Scanner und Browser-Schutz ließen sich nicht deaktivieren):

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-24 16:37:23
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HN-M500MBB rev.2AR10001 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\uxlyrkob.sys

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b51465 2 bytes [B5, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b514bb 2 bytes [B5, 75]
.text ... * 2
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b51465 2 bytes [B5, 75]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b514bb 2 bytes [B5, 75]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\SysWOW64\rundll32.exe [1756:1448] 000000000024feb0
Thread C:\Windows\SysWOW64\rundll32.exe [1756:1452] 00000000001b3a80
Thread C:\Windows\SysWOW64\rundll32.exe [1756:992] 00000000001b3a10
Thread C:\Windows\SysWOW64\rundll32.exe [1756:3220] 0000000000de80a3
Thread C:\Windows\SysWOW64\rundll32.exe [1756:3228] 0000000000de5235
Thread C:\Windows\SysWOW64\rundll32.exe [1756:3232] 0000000000de5755
Thread C:\Windows\SysWOW64\rundll32.exe [1756:3236] 00000000002738ea

---- EOF - GMER 2.1 ----

Ich hoffe, ich hab alles richtig gemacht.

markusg · 24.05.2013, 16:20

Hi,

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
[2013.05.19 19:18:41 | 000,348,160 | RHS- | M] () -- C:\Windows\SysWow64\msdartw.dll
[2013.05.19 19:18:41 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\XOQTMSAFP.job
:files
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

danach:
downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.

Frage:
hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt?
wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.

Steffi000 · 24.05.2013, 18:07

Wow,
superschnelle Antwort. Damit hab ich nicht gerechnet. Vielen Dank

Der Upload hat ohne Probleme geklappt.

Hier der OTL-Text:

All processes killed
========== OTL ==========
C:\Windows\SysWOW64\msdartw.dll moved successfully.
C:\Windows\Tasks\XOQTMSAFP.job moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: **
->Temp folder emptied: 176412 bytes
->Temporary Internet Files folder emptied: 128 bytes
->FireFox cache emptied: 5087245 bytes
->Flash cache emptied: 506 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ***
->Temp folder emptied: 902791 bytes
->Temporary Internet Files folder emptied: 8678200 bytes
->FireFox cache emptied: 144597930 bytes
->Flash cache emptied: 1109 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23151231 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95605 bytes
RecycleBin emptied: 123580 bytes

Total Files Cleaned = 174,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05242013_184534

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\***\AppData\Local\Temp\~DFAB0FE86F464587E5.TMP moved successfully.
File move failed. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File\Folder C:\Windows\temp\ZLT0152a.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

und die summary info:

System volume information: dwHighDateTime = 0x1cdccbe,dwLowDateTime = 0x8981868f
System32: dwHighDateTime = 0x1ca0431,dwLowDateTime = 0xfec9a6f8
dwSerialNumber = 0xc6ce2efd

Die Infektion ist meiner Tochter beim Surfen passiert. Ich hab daneben gesessen aber nicht die ganze Zeit auf den Bildschirm geguckt. Wir sind uns aber sicher, dass nichts installiert oder gedownloaded (keine Programme, keine Bilder, keine Texte) wurde. Auch die Tage davor ist nichts installiert worden.

markusg · 24.05.2013, 18:16

hi,
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Steffi000 · 24.05.2013, 18:25

TDSSKiller - Zitat : "No threats found".

Ist jetzt alles wieder gut?

markusg · 24.05.2013, 18:26

bitte log einstellen, und nein wir haben noch Arbeit

Steffi000 · 24.05.2013, 18:30

Ups, hab die Datei erst nicht gefunden. Hier ist sie:

19:22:43.0506 2324 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:22:43.0787 2324 ============================================================
19:22:43.0787 2324 Current date / time: 2013/05/24 19:22:43.0787
19:22:43.0787 2324 SystemInfo:
19:22:43.0787 2324
19:22:43.0787 2324 OS Version: 6.1.7601 ServicePack: 1.0
19:22:43.0787 2324 Product type: Workstation
19:22:43.0787 2324 ComputerName: ***-PC
19:22:43.0787 2324 UserName: ***
19:22:43.0787 2324 Windows directory: C:\Windows
19:22:43.0787 2324 System windows directory: C:\Windows
19:22:43.0787 2324 Running under WOW64
19:22:43.0787 2324 Processor architecture: Intel x64
19:22:43.0787 2324 Number of processors: 2
19:22:43.0787 2324 Page size: 0x1000
19:22:43.0787 2324 Boot type: Normal boot
19:22:43.0787 2324 ============================================================
19:22:45.0284 2324 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:22:45.0300 2324 ============================================================
19:22:45.0300 2324 \Device\Harddisk0\DR0:
19:22:45.0300 2324 MBR partitions:
19:22:45.0300 2324 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:22:45.0300 2324 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEA2E000
19:22:45.0300 2324 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xEA60800, BlocksNum 0x2B924000
19:22:45.0300 2324 ============================================================
19:22:45.0331 2324 C: <-> \Device\Harddisk0\DR0\Partition2
19:22:45.0362 2324 D: <-> \Device\Harddisk0\DR0\Partition3
19:22:45.0362 2324 ============================================================
19:22:45.0362 2324 Initialize success
19:22:45.0362 2324 ============================================================
19:22:55.0456 3584 ============================================================
19:22:55.0456 3584 Scan started
19:22:55.0456 3584 Mode: Manual; SigCheck; TDLFS;
19:22:55.0456 3584 ============================================================
19:22:56.0470 3584 ================ Scan system memory ========================
19:22:56.0470 3584 System memory - ok
19:22:56.0470 3584 ================ Scan services =============================
19:22:56.0657 3584 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:22:56.0750 3584 1394ohci - ok
19:22:56.0828 3584 [ 84DA132E969484F581C550DE69BD1727 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
19:22:56.0860 3584 acedrv11 - ok
19:22:57.0000 3584 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:22:57.0047 3584 ACPI - ok
19:22:57.0094 3584 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:22:57.0203 3584 AcpiPmi - ok
19:22:57.0343 3584 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:22:57.0374 3584 AdobeARMservice - ok
19:22:57.0515 3584 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:22:57.0530 3584 AdobeFlashPlayerUpdateSvc - ok
19:22:57.0608 3584 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:22:57.0624 3584 adp94xx - ok
19:22:57.0702 3584 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:22:57.0749 3584 adpahci - ok
19:22:57.0764 3584 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:22:57.0780 3584 adpu320 - ok
19:22:57.0858 3584 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:22:57.0920 3584 AeLookupSvc - ok
19:22:58.0030 3584 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:22:58.0076 3584 AFD - ok
19:22:58.0123 3584 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:22:58.0154 3584 agp440 - ok
19:22:58.0217 3584 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:22:58.0264 3584 ALG - ok
19:22:58.0310 3584 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:22:58.0326 3584 aliide - ok
19:22:58.0388 3584 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:22:58.0420 3584 amdide - ok
19:22:58.0451 3584 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:22:58.0513 3584 AmdK8 - ok
19:22:58.0513 3584 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:22:58.0560 3584 AmdPPM - ok
19:22:58.0607 3584 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:22:58.0622 3584 amdsata - ok
19:22:58.0654 3584 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:22:58.0669 3584 amdsbs - ok
19:22:58.0685 3584 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:22:58.0700 3584 amdxata - ok
19:22:58.0778 3584 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:22:58.0810 3584 AntiVirSchedulerService - ok
19:22:58.0856 3584 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:22:58.0888 3584 AntiVirService - ok
19:22:58.0919 3584 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:22:58.0966 3584 AntiVirWebService - ok
19:22:59.0012 3584 [ 9815014F3E30357168DA272088C6F12F ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
19:22:59.0059 3584 ApfiltrService - ok
19:22:59.0106 3584 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:22:59.0200 3584 AppID - ok
19:22:59.0231 3584 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:22:59.0309 3584 AppIDSvc - ok
19:22:59.0356 3584 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:22:59.0402 3584 Appinfo - ok
19:22:59.0434 3584 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:22:59.0465 3584 arc - ok
19:22:59.0543 3584 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:22:59.0574 3584 arcsas - ok
19:22:59.0605 3584 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:22:59.0699 3584 AsyncMac - ok
19:22:59.0730 3584 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:22:59.0761 3584 atapi - ok
19:22:59.0808 3584 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:22:59.0933 3584 AudioEndpointBuilder - ok
19:22:59.0964 3584 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:23:00.0011 3584 AudioSrv - ok
19:23:00.0058 3584 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:23:00.0089 3584 avgntflt - ok
19:23:00.0120 3584 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:23:00.0151 3584 avipbb - ok
19:23:00.0198 3584 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:23:00.0229 3584 avkmgr - ok
19:23:00.0260 3584 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:23:00.0307 3584 AxInstSV - ok
19:23:00.0354 3584 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:23:00.0401 3584 b06bdrv - ok
19:23:00.0463 3584 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:23:00.0510 3584 b57nd60a - ok
19:23:00.0666 3584 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:23:00.0728 3584 BDESVC - ok
19:23:00.0744 3584 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:23:00.0822 3584 Beep - ok
19:23:00.0884 3584 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:23:00.0962 3584 BFE - ok
19:23:01.0009 3584 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:23:01.0087 3584 BITS - ok
19:23:01.0103 3584 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:23:01.0134 3584 blbdrive - ok
19:23:01.0181 3584 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:23:01.0212 3584 bowser - ok
19:23:01.0259 3584 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:23:01.0306 3584 BrFiltLo - ok
19:23:01.0306 3584 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:23:01.0337 3584 BrFiltUp - ok
19:23:01.0368 3584 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:23:01.0415 3584 Browser - ok
19:23:01.0430 3584 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:23:01.0493 3584 Brserid - ok
19:23:01.0493 3584 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:23:01.0524 3584 BrSerWdm - ok
19:23:01.0586 3584 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:23:01.0633 3584 BrUsbMdm - ok
19:23:01.0649 3584 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:23:01.0664 3584 BrUsbSer - ok
19:23:01.0680 3584 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:23:01.0696 3584 BTHMODEM - ok
19:23:01.0758 3584 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:23:01.0836 3584 bthserv - ok
19:23:01.0852 3584 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:23:01.0914 3584 cdfs - ok
19:23:01.0976 3584 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:23:02.0023 3584 cdrom - ok
19:23:02.0117 3584 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:23:02.0179 3584 CertPropSvc - ok
19:23:02.0226 3584 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:23:02.0257 3584 circlass - ok
19:23:02.0304 3584 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:23:02.0335 3584 CLFS - ok
19:23:02.0444 3584 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:23:02.0476 3584 clr_optimization_v2.0.50727_32 - ok
19:23:02.0538 3584 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:23:02.0569 3584 clr_optimization_v2.0.50727_64 - ok
19:23:02.0678 3584 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:23:02.0710 3584 clr_optimization_v4.0.30319_32 - ok
19:23:02.0756 3584 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:23:02.0788 3584 clr_optimization_v4.0.30319_64 - ok
19:23:02.0803 3584 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:23:02.0881 3584 CmBatt - ok
19:23:02.0897 3584 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:23:02.0912 3584 cmdide - ok
19:23:02.0975 3584 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:23:03.0006 3584 CNG - ok
19:23:03.0068 3584 [ 20F3F8674D7DEE5D90A352B775D5D5BA ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
19:23:03.0131 3584 CnxtHdAudService - ok
19:23:03.0193 3584 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:23:03.0224 3584 Compbatt - ok
19:23:03.0271 3584 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:23:03.0302 3584 CompositeBus - ok
19:23:03.0318 3584 COMSysApp - ok
19:23:03.0334 3584 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:23:03.0365 3584 crcdisk - ok
19:23:03.0396 3584 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:23:03.0412 3584 CryptSvc - ok
19:23:03.0474 3584 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:23:03.0536 3584 DcomLaunch - ok
19:23:03.0568 3584 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:23:03.0630 3584 defragsvc - ok
19:23:03.0661 3584 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:23:03.0724 3584 DfsC - ok
19:23:03.0770 3584 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:23:03.0817 3584 Dhcp - ok
19:23:03.0833 3584 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:23:03.0880 3584 discache - ok
19:23:03.0926 3584 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:23:03.0958 3584 Disk - ok
19:23:04.0020 3584 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys
19:23:04.0036 3584 DKbFltr - ok
19:23:04.0082 3584 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:23:04.0145 3584 Dnscache - ok
19:23:04.0176 3584 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:23:04.0285 3584 dot3svc - ok
19:23:04.0301 3584 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:23:04.0363 3584 DPS - ok
19:23:04.0426 3584 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:23:04.0457 3584 drmkaud - ok
19:23:04.0519 3584 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:23:04.0566 3584 DXGKrnl - ok
19:23:04.0613 3584 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:23:04.0706 3584 EapHost - ok
19:23:04.0816 3584 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:23:04.0925 3584 ebdrv - ok
19:23:04.0956 3584 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:23:05.0018 3584 EFS - ok
19:23:05.0128 3584 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:23:05.0206 3584 ehRecvr - ok
19:23:05.0221 3584 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:23:05.0252 3584 ehSched - ok
19:23:05.0299 3584 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:23:05.0315 3584 elxstor - ok
19:23:05.0362 3584 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:23:05.0408 3584 ErrDev - ok
19:23:05.0518 3584 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:23:05.0580 3584 EventSystem - ok
19:23:05.0705 3584 [ 51643EE2712D9212E1E53CA7E8D8EB4A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:23:05.0783 3584 EvtEng - ok
19:23:05.0830 3584 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:23:05.0908 3584 exfat - ok
19:23:05.0939 3584 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:23:06.0001 3584 fastfat - ok
19:23:06.0048 3584 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:23:06.0142 3584 Fax - ok
19:23:06.0142 3584 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:23:06.0188 3584 fdc - ok
19:23:06.0235 3584 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:23:06.0344 3584 fdPHost - ok
19:23:06.0360 3584 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:23:06.0422 3584 FDResPub - ok
19:23:06.0469 3584 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:23:06.0500 3584 FileInfo - ok
19:23:06.0516 3584 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:23:06.0578 3584 Filetrace - ok
19:23:06.0594 3584 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:23:06.0625 3584 flpydisk - ok
19:23:06.0641 3584 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:23:06.0672 3584 FltMgr - ok
19:23:06.0750 3584 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:23:06.0797 3584 FontCache - ok
19:23:06.0859 3584 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:23:06.0890 3584 FontCache3.0.0.0 - ok
19:23:06.0922 3584 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:23:06.0937 3584 FsDepends - ok
19:23:07.0031 3584 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:23:07.0046 3584 Fs_Rec - ok
19:23:07.0093 3584 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:23:07.0140 3584 fvevol - ok
19:23:07.0187 3584 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:23:07.0218 3584 gagp30kx - ok
19:23:07.0312 3584 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:23:07.0390 3584 gpsvc - ok
19:23:07.0405 3584 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:23:07.0436 3584 hcw85cir - ok
19:23:07.0483 3584 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:23:07.0530 3584 HdAudAddService - ok
19:23:07.0561 3584 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:23:07.0608 3584 HDAudBus - ok
19:23:07.0639 3584 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:23:07.0670 3584 HidBatt - ok
19:23:07.0717 3584 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:23:07.0780 3584 HidBth - ok
19:23:07.0780 3584 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:23:07.0811 3584 HidIr - ok
19:23:07.0842 3584 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:23:07.0904 3584 hidserv - ok
19:23:07.0998 3584 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:23:08.0029 3584 HidUsb - ok
19:23:08.0060 3584 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:23:08.0123 3584 hkmsvc - ok
19:23:08.0170 3584 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:23:08.0201 3584 HomeGroupListener - ok
19:23:08.0232 3584 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:23:08.0263 3584 HomeGroupProvider - ok
19:23:08.0294 3584 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:23:08.0326 3584 HpSAMD - ok
19:23:08.0357 3584 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:23:08.0466 3584 HTTP - ok
19:23:08.0497 3584 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:23:08.0513 3584 hwpolicy - ok
19:23:08.0544 3584 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:23:08.0575 3584 i8042prt - ok
19:23:08.0622 3584 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:23:08.0653 3584 iaStorV - ok
19:23:08.0716 3584 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:23:08.0762 3584 idsvc - ok
19:23:08.0794 3584 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:23:08.0809 3584 iirsp - ok
19:23:08.0840 3584 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:23:08.0918 3584 IKEEXT - ok
19:23:08.0950 3584 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:23:08.0981 3584 intelide - ok
19:23:08.0996 3584 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:23:09.0028 3584 intelppm - ok
19:23:09.0059 3584 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:23:09.0121 3584 IPBusEnum - ok
19:23:09.0137 3584 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:23:09.0199 3584 IpFilterDriver - ok
19:23:09.0230 3584 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:23:09.0262 3584 iphlpsvc - ok
19:23:09.0308 3584 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:23:09.0340 3584 IPMIDRV - ok
19:23:09.0355 3584 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:23:09.0402 3584 IPNAT - ok
19:23:09.0433 3584 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:23:09.0464 3584 IRENUM - ok
19:23:09.0496 3584 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:23:09.0511 3584 isapnp - ok
19:23:09.0527 3584 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:23:09.0558 3584 iScsiPrt - ok
19:23:09.0667 3584 [ BE72D2B3A99615F84E270C80F0A18448 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
19:23:09.0698 3584 ISWKL - ok
19:23:09.0761 3584 [ D9A4C1353CC653F8E2FE4D2C6A490E96 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
19:23:09.0808 3584 IswSvc - ok
19:23:09.0839 3584 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
19:23:09.0886 3584 k57nd60a - ok
19:23:09.0932 3584 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:23:09.0948 3584 kbdclass - ok
19:23:10.0010 3584 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:23:10.0057 3584 kbdhid - ok
19:23:10.0073 3584 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:23:10.0104 3584 KeyIso - ok
19:23:10.0151 3584 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:23:10.0198 3584 KSecDD - ok
19:23:10.0213 3584 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:23:10.0229 3584 KSecPkg - ok
19:23:10.0244 3584 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:23:10.0307 3584 ksthunk - ok
19:23:10.0322 3584 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:23:10.0385 3584 KtmRm - ok
19:23:10.0432 3584 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:23:10.0541 3584 LanmanServer - ok
19:23:10.0572 3584 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:23:10.0634 3584 LanmanWorkstation - ok
19:23:10.0681 3584 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:23:10.0806 3584 lltdio - ok
19:23:10.0837 3584 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:23:10.0946 3584 lltdsvc - ok
19:23:10.0978 3584 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:23:11.0024 3584 lmhosts - ok
19:23:11.0056 3584 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:23:11.0071 3584 LSI_FC - ok
19:23:11.0102 3584 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:23:11.0118 3584 LSI_SAS - ok
19:23:11.0134 3584 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:23:11.0149 3584 LSI_SAS2 - ok
19:23:11.0258 3584 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:23:11.0290 3584 LSI_SCSI - ok
19:23:11.0305 3584 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:23:11.0368 3584 luafv - ok
19:23:11.0414 3584 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:23:11.0461 3584 Mcx2Svc - ok
19:23:11.0477 3584 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:23:11.0492 3584 megasas - ok
19:23:11.0524 3584 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:23:11.0555 3584 MegaSR - ok
19:23:11.0570 3584 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:23:11.0633 3584 MMCSS - ok
19:23:11.0648 3584 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:23:11.0695 3584 Modem - ok
19:23:11.0726 3584 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:23:11.0758 3584 monitor - ok
19:23:11.0773 3584 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:23:11.0789 3584 mouclass - ok
19:23:11.0820 3584 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:23:11.0851 3584 mouhid - ok
19:23:11.0882 3584 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:23:11.0898 3584 mountmgr - ok
19:23:11.0976 3584 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:23:12.0023 3584 MozillaMaintenance - ok
19:23:12.0038 3584 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:23:12.0070 3584 mpio - ok
19:23:12.0101 3584 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:23:12.0148 3584 mpsdrv - ok
19:23:12.0194 3584 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:23:12.0288 3584 MpsSvc - ok
19:23:12.0335 3584 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:23:12.0382 3584 MRxDAV - ok
19:23:12.0413 3584 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:23:12.0491 3584 mrxsmb - ok
19:23:12.0522 3584 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:23:12.0553 3584 mrxsmb10 - ok
19:23:12.0553 3584 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:23:12.0584 3584 mrxsmb20 - ok
19:23:12.0616 3584 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:23:12.0631 3584 msahci - ok
19:23:12.0662 3584 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:23:12.0694 3584 msdsm - ok
19:23:12.0740 3584 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:23:12.0803 3584 MSDTC - ok
19:23:12.0850 3584 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:23:12.0896 3584 Msfs - ok
19:23:12.0912 3584 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:23:13.0037 3584 mshidkmdf - ok
19:23:13.0068 3584 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:23:13.0099 3584 msisadrv - ok
19:23:13.0162 3584 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:23:13.0240 3584 MSiSCSI - ok
19:23:13.0240 3584 msiserver - ok
19:23:13.0271 3584 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:23:13.0333 3584 MSKSSRV - ok
19:23:13.0364 3584 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:23:13.0411 3584 MSPCLOCK - ok
19:23:13.0411 3584 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:23:13.0458 3584 MSPQM - ok
19:23:13.0489 3584 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:23:13.0520 3584 MsRPC - ok
19:23:13.0552 3584 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:23:13.0567 3584 mssmbios - ok
19:23:13.0583 3584 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:23:13.0645 3584 MSTEE - ok
19:23:13.0661 3584 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:23:13.0692 3584 MTConfig - ok
19:23:13.0708 3584 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:23:13.0723 3584 Mup - ok
19:23:13.0770 3584 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:23:13.0817 3584 napagent - ok
19:23:13.0926 3584 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:23:13.0988 3584 NativeWifiP - ok
19:23:14.0098 3584 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:23:14.0144 3584 NDIS - ok
19:23:14.0176 3584 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:23:14.0285 3584 NdisCap - ok
19:23:14.0332 3584 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:23:14.0456 3584 NdisTapi - ok
19:23:14.0503 3584 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:23:14.0628 3584 Ndisuio - ok
19:23:14.0659 3584 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:23:14.0722 3584 NdisWan - ok
19:23:14.0737 3584 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:23:14.0800 3584 NDProxy - ok
19:23:14.0846 3584 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:23:14.0924 3584 NetBIOS - ok
19:23:14.0956 3584 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:23:15.0002 3584 NetBT - ok
19:23:15.0034 3584 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:23:15.0049 3584 Netlogon - ok
19:23:15.0112 3584 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:23:15.0190 3584 Netman - ok
19:23:15.0221 3584 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:23:15.0283 3584 netprofm - ok
19:23:15.0314 3584 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:23:15.0346 3584 NetTcpPortSharing - ok
19:23:15.0502 3584 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
19:23:15.0720 3584 NETw5s64 - ok
19:23:15.0907 3584 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
19:23:16.0063 3584 netw5v64 - ok
19:23:16.0110 3584 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:23:16.0141 3584 nfrd960 - ok
19:23:16.0235 3584 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:23:16.0282 3584 NlaSvc - ok
19:23:16.0297 3584 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:23:16.0328 3584 Npfs - ok
19:23:16.0360 3584 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:23:16.0422 3584 nsi - ok
19:23:16.0453 3584 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:23:16.0562 3584 nsiproxy - ok
19:23:16.0625 3584 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:23:16.0687 3584 Ntfs - ok
19:23:16.0718 3584 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:23:16.0796 3584 Null - ok
19:23:16.0843 3584 [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:23:16.0874 3584 NVHDA - ok
19:23:17.0124 3584 [ FD39B98FF1BB8ED3848781497E9D02E0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:23:17.0327 3584 nvlddmkm - ok
19:23:17.0436 3584 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:23:17.0467 3584 nvraid - ok
19:23:17.0498 3584 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:23:17.0514 3584 nvstor - ok
19:23:17.0592 3584 [ C1668D58547DD0C4A0FBD6AFA20D5890 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:23:17.0623 3584 nvsvc - ok
19:23:17.0670 3584 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:23:17.0701 3584 nv_agp - ok
19:23:17.0732 3584 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:23:17.0826 3584 ohci1394 - ok
19:23:17.0873 3584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:23:17.0920 3584 p2pimsvc - ok
19:23:17.0935 3584 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:23:17.0966 3584 p2psvc - ok
19:23:17.0998 3584 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:23:18.0013 3584 Parport - ok
19:23:18.0076 3584 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:23:18.0107 3584 partmgr - ok
19:23:18.0122 3584 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:23:18.0169 3584 PcaSvc - ok
19:23:18.0247 3584 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:23:18.0278 3584 pci - ok
19:23:18.0310 3584 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:23:18.0325 3584 pciide - ok
19:23:18.0341 3584 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:23:18.0372 3584 pcmcia - ok
19:23:18.0388 3584 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:23:18.0403 3584 pcw - ok
19:23:18.0434 3584 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:23:18.0512 3584 PEAUTH - ok
19:23:18.0528 3584 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:23:18.0559 3584 PerfHost - ok
19:23:18.0637 3584 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:23:18.0731 3584 pla - ok
19:23:18.0793 3584 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:23:18.0824 3584 PlugPlay - ok
19:23:18.0856 3584 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:23:18.0902 3584 PNRPAutoReg - ok
19:23:18.0918 3584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:23:18.0934 3584 PNRPsvc - ok
19:23:19.0012 3584 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:23:19.0090 3584 PolicyAgent - ok
19:23:19.0121 3584 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:23:19.0214 3584 Power - ok
19:23:19.0261 3584 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:23:19.0308 3584 PptpMiniport - ok
19:23:19.0339 3584 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:23:19.0386 3584 Processor - ok
19:23:19.0417 3584 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:23:19.0464 3584 ProfSvc - ok
19:23:19.0480 3584 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:23:19.0495 3584 ProtectedStorage - ok
19:23:19.0542 3584 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:23:19.0667 3584 Psched - ok
19:23:19.0698 3584 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:23:19.0745 3584 ql2300 - ok
19:23:19.0776 3584 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:23:19.0792 3584 ql40xx - ok
19:23:19.0823 3584 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:23:19.0870 3584 QWAVE - ok
19:23:19.0916 3584 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:23:19.0963 3584 QWAVEdrv - ok
19:23:19.0979 3584 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:23:20.0041 3584 RasAcd - ok
19:23:20.0088 3584 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:23:20.0166 3584 RasAgileVpn - ok
19:23:20.0182 3584 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:23:20.0244 3584 RasAuto - ok
19:23:20.0260 3584 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:23:20.0369 3584 Rasl2tp - ok
19:23:20.0400 3584 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:23:20.0462 3584 RasMan - ok
19:23:20.0478 3584 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:23:20.0540 3584 RasPppoe - ok
19:23:20.0572 3584 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:23:20.0634 3584 RasSstp - ok
19:23:20.0650 3584 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:23:20.0712 3584 rdbss - ok
19:23:20.0728 3584 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:23:20.0759 3584 rdpbus - ok
19:23:20.0790 3584 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:23:20.0821 3584 RDPCDD - ok
19:23:20.0868 3584 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:23:20.0993 3584 RDPENCDD - ok
19:23:21.0008 3584 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:23:21.0040 3584 RDPREFMP - ok
19:23:21.0071 3584 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:23:21.0118 3584 RDPWD - ok
19:23:21.0149 3584 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:23:21.0180 3584 rdyboost - ok
19:23:21.0289 3584 [ 3B71B5B91E7DCA93585D5A86C897ADC4 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:23:21.0336 3584 RegSrvc - ok
19:23:21.0367 3584 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:23:21.0414 3584 RemoteAccess - ok
19:23:21.0445 3584 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:23:21.0492 3584 RemoteRegistry - ok
19:23:21.0523 3584 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:23:21.0570 3584 RpcEptMapper - ok
19:23:21.0601 3584 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:23:21.0695 3584 RpcLocator - ok
19:23:21.0726 3584 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:23:21.0773 3584 RpcSs - ok
19:23:21.0804 3584 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:23:21.0851 3584 rspndr - ok
19:23:21.0866 3584 RSUSBSTOR - ok
19:23:21.0866 3584 RtsUIR - ok
19:23:21.0898 3584 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:23:21.0913 3584 SamSs - ok
19:23:21.0944 3584 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:23:21.0976 3584 sbp2port - ok
19:23:22.0022 3584 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:23:22.0085 3584 SCardSvr - ok
19:23:22.0100 3584 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:23:22.0147 3584 scfilter - ok
19:23:22.0210 3584 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:23:22.0272 3584 Schedule - ok
19:23:22.0303 3584 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:23:22.0334 3584 SCPolicySvc - ok
19:23:22.0366 3584 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:23:22.0397 3584 SDRSVC - ok
19:23:22.0490 3584 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:23:22.0568 3584 secdrv - ok
19:23:22.0600 3584 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:23:22.0646 3584 seclogon - ok
19:23:22.0678 3584 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:23:22.0802 3584 SENS - ok
19:23:22.0818 3584 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:23:22.0834 3584 SensrSvc - ok
19:23:22.0849 3584 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:23:22.0880 3584 Serenum - ok
19:23:22.0943 3584 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:23:23.0021 3584 Serial - ok
19:23:23.0083 3584 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:23:23.0114 3584 sermouse - ok
19:23:23.0177 3584 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:23:23.0239 3584 SessionEnv - ok
19:23:23.0286 3584 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:23:23.0317 3584 sffdisk - ok
19:23:23.0333 3584 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:23:23.0380 3584 sffp_mmc - ok
19:23:23.0395 3584 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:23:23.0489 3584 sffp_sd - ok
19:23:23.0504 3584 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:23:23.0536 3584 sfloppy - ok
19:23:23.0567 3584 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:23:23.0676 3584 SharedAccess - ok
19:23:23.0723 3584 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:23:23.0832 3584 ShellHWDetection - ok
19:23:23.0832 3584 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:23:23.0863 3584 SiSRaid2 - ok
19:23:23.0879 3584 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:23:23.0926 3584 SiSRaid4 - ok
19:23:23.0941 3584 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:23:24.0004 3584 Smb - ok
19:23:24.0082 3584 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:23:24.0128 3584 SNMPTRAP - ok
19:23:24.0144 3584 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:23:24.0160 3584 spldr - ok
19:23:24.0206 3584 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:23:24.0269 3584 Spooler - ok
19:23:24.0378 3584 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:23:24.0472 3584 sppsvc - ok
19:23:24.0503 3584 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:23:24.0565 3584 sppuinotify - ok
19:23:24.0596 3584 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:23:24.0628 3584 srv - ok
19:23:24.0643 3584 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:23:24.0721 3584 srv2 - ok
19:23:24.0752 3584 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:23:24.0799 3584 srvnet - ok
19:23:24.0830 3584 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:23:24.0877 3584 SSDPSRV - ok
19:23:24.0924 3584 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:23:25.0033 3584 SstpSvc - ok
19:23:25.0049 3584 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:23:25.0080 3584 stexstor - ok
19:23:25.0127 3584 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:23:25.0174 3584 stisvc - ok
19:23:25.0205 3584 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:23:25.0221 3584 swenum - ok
19:23:25.0252 3584 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:23:25.0314 3584 swprv - ok
19:23:25.0377 3584 [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:23:25.0408 3584 SynTP - ok
19:23:25.0517 3584 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:23:25.0579 3584 SysMain - ok
19:23:25.0642 3584 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:23:25.0704 3584 TabletInputService - ok
19:23:25.0735 3584 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:23:25.0798 3584 TapiSrv - ok
19:23:25.0829 3584 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:23:25.0985 3584 TBS - ok
19:23:26.0063 3584 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:23:26.0125 3584 Tcpip - ok
19:23:26.0157 3584 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:23:26.0203 3584 TCPIP6 - ok
19:23:26.0235 3584 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:23:26.0266 3584 tcpipreg - ok
19:23:26.0359 3584 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:23:26.0406 3584 TDPIPE - ok
19:23:26.0437 3584 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:23:26.0515 3584 TDTCP - ok
19:23:26.0562 3584 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:23:26.0609 3584 tdx - ok
19:23:26.0625 3584 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:23:26.0656 3584 TermDD - ok
19:23:26.0687 3584 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:23:26.0734 3584 TermService - ok
19:23:26.0765 3584 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:23:26.0796 3584 Themes - ok
19:23:26.0812 3584 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:23:26.0859 3584 THREADORDER - ok
19:23:26.0874 3584 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:23:26.0937 3584 TrkWks - ok
19:23:26.0999 3584 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:23:27.0108 3584 TrustedInstaller - ok
19:23:27.0139 3584 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:23:27.0171 3584 tssecsrv - ok
19:23:27.0217 3584 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:23:27.0249 3584 TsUsbFlt - ok
19:23:27.0295 3584 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:23:27.0342 3584 tunnel - ok
19:23:27.0373 3584 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:23:27.0389 3584 uagp35 - ok
19:23:27.0420 3584 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:23:27.0529 3584 udfs - ok
19:23:27.0561 3584 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:23:27.0607 3584 UI0Detect - ok
19:23:27.0654 3584 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:23:27.0685 3584 uliagpkx - ok
19:23:27.0748 3584 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:23:27.0857 3584 umbus - ok
19:23:27.0888 3584 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:23:27.0904 3584 UmPass - ok
19:23:27.0919 3584 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:23:27.0966 3584 upnphost - ok
19:23:27.0997 3584 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:23:28.0029 3584 usbccgp - ok
19:23:28.0029 3584 USBCCID - ok
19:23:28.0060 3584 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:23:28.0075 3584 usbcir - ok
19:23:28.0122 3584 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:23:28.0153 3584 usbehci - ok
19:23:28.0185 3584 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:23:28.0263 3584 usbhub - ok
19:23:28.0278 3584 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:23:28.0309 3584 usbohci - ok
19:23:28.0341 3584 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:23:28.0434 3584 usbprint - ok
19:23:28.0481 3584 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:23:28.0512 3584 usbscan - ok
19:23:28.0528 3584 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:23:28.0559 3584 USBSTOR - ok
19:23:28.0590 3584 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:23:28.0684 3584 usbuhci - ok
19:23:28.0715 3584 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:23:28.0762 3584 usbvideo - ok
19:23:28.0840 3584 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:23:28.0902 3584 UxSms - ok
19:23:28.0918 3584 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:23:28.0933 3584 VaultSvc - ok
19:23:28.0965 3584 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:23:28.0980 3584 vdrvroot - ok
19:23:29.0011 3584 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:23:29.0058 3584 vds - ok
19:23:29.0089 3584 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:23:29.0105 3584 vga - ok
19:23:29.0121 3584 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:23:29.0245 3584 VgaSave - ok
19:23:29.0261 3584 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:23:29.0292 3584 vhdmp - ok
19:23:29.0308 3584 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:23:29.0323 3584 viaide - ok
19:23:29.0355 3584 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:23:29.0370 3584 volmgr - ok
19:23:29.0433 3584 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:23:29.0479 3584 volmgrx - ok
19:23:29.0495 3584 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:23:29.0526 3584 volsnap - ok
19:23:29.0573 3584 [ 1065A957523ED51AAFFF737CC63010A6 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
19:23:29.0604 3584 Vsdatant - ok
19:23:29.0651 3584 vsmon - ok
19:23:29.0682 3584 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:23:29.0698 3584 vsmraid - ok
19:23:29.0791 3584 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:23:29.0901 3584 VSS - ok
19:23:29.0932 3584 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:23:29.0963 3584 vwifibus - ok
19:23:29.0994 3584 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:23:30.0025 3584 vwififlt - ok
19:23:30.0072 3584 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:23:30.0181 3584 W32Time - ok
19:23:30.0213 3584 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:23:30.0244 3584 WacomPen - ok
19:23:30.0353 3584 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:23:30.0447 3584 WANARP - ok
19:23:30.0462 3584 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:23:30.0493 3584 Wanarpv6 - ok
19:23:30.0556 3584 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:23:30.0665 3584 wbengine - ok
19:23:30.0696 3584 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:23:30.0727 3584 WbioSrvc - ok
19:23:30.0759 3584 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:23:30.0821 3584 wcncsvc - ok
19:23:30.0883 3584 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:23:30.0930 3584 WcsPlugInService - ok
19:23:30.0946 3584 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:23:30.0961 3584 Wd - ok
19:23:31.0008 3584 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:23:31.0055 3584 Wdf01000 - ok
19:23:31.0086 3584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:23:31.0164 3584 WdiServiceHost - ok
19:23:31.0164 3584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:23:31.0195 3584 WdiSystemHost - ok
19:23:31.0242 3584 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:23:31.0336 3584 WebClient - ok
19:23:31.0351 3584 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:23:31.0414 3584 Wecsvc - ok
19:23:31.0445 3584 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:23:31.0492 3584 wercplsupport - ok
19:23:31.0523 3584 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:23:31.0570 3584 WerSvc - ok
19:23:31.0632 3584 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:23:31.0695 3584 WfpLwf - ok
19:23:31.0710 3584 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:23:31.0726 3584 WIMMount - ok
19:23:31.0788 3584 WinDefend - ok
19:23:31.0804 3584 WinHttpAutoProxySvc - ok
19:23:31.0882 3584 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:23:31.0975 3584 Winmgmt - ok
19:23:32.0053 3584 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:23:32.0163 3584 WinRM - ok
19:23:32.0225 3584 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:23:32.0303 3584 Wlansvc - ok
19:23:32.0350 3584 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:23:32.0381 3584 WmiAcpi - ok
19:23:32.0412 3584 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:23:32.0459 3584 wmiApSrv - ok
19:23:32.0475 3584 WMPNetworkSvc - ok
19:23:32.0506 3584 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:23:32.0521 3584 WPCSvc - ok
19:23:32.0584 3584 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:23:32.0615 3584 WPDBusEnum - ok
19:23:32.0646 3584 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:23:32.0677 3584 ws2ifsl - ok
19:23:32.0709 3584 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:23:32.0755 3584 wscsvc - ok
19:23:32.0755 3584 WSearch - ok
19:23:32.0865 3584 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:23:32.0927 3584 wuauserv - ok
19:23:32.0958 3584 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:23:33.0052 3584 WudfPf - ok
19:23:33.0099 3584 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:23:33.0145 3584 WUDFRd - ok
19:23:33.0208 3584 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:23:33.0255 3584 wudfsvc - ok
19:23:33.0286 3584 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:23:33.0364 3584 WwanSvc - ok
19:23:33.0379 3584 ================ Scan global ===============================
19:23:33.0395 3584 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:23:33.0426 3584 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:23:33.0442 3584 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:23:33.0457 3584 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:23:33.0489 3584 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:23:33.0489 3584 [Global] - ok
19:23:33.0489 3584 ================ Scan MBR ==================================
19:23:33.0504 3584 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:23:33.0801 3584 \Device\Harddisk0\DR0 - ok
19:23:33.0801 3584 ================ Scan VBR ==================================
19:23:33.0832 3584 [ 49C5A8DF251B791918CD01084025E030 ] \Device\Harddisk0\DR0\Partition1
19:23:33.0832 3584 \Device\Harddisk0\DR0\Partition1 - ok
19:23:33.0847 3584 [ 6D8D7085E51EE73BC65ADDACAF31C84B ] \Device\Harddisk0\DR0\Partition2
19:23:33.0847 3584 \Device\Harddisk0\DR0\Partition2 - ok
19:23:33.0879 3584 [ 402AE99EE0970F836E1375877797EFF1 ] \Device\Harddisk0\DR0\Partition3
19:23:33.0879 3584 \Device\Harddisk0\DR0\Partition3 - ok
19:23:33.0879 3584 ============================================================
19:23:33.0879 3584 Scan finished
19:23:33.0879 3584 ============================================================
19:23:33.0894 3436 Detected object count: 0
19:23:33.0894 3436 Actual detected object count: 0

markusg · 24.05.2013, 19:23

Hi,
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Steffi000 · 24.05.2013, 20:22

Avira lässt sich immer noch nicht ausschalten. Soll ich das Programm trotzdem starten?

markusg · 24.05.2013, 20:23

wenn du über Rechtsklick auf den schirm, deaktivieren gewählt hast, ja.

Steffi000 · 24.05.2013, 20:31

Wenn ich das mache, wird mir der Zugriff auf ccuac.exe verweigert

markusg · 24.05.2013, 20:39

kannst du mal combofix beenden, neustarten und erneut versuchen avira zu deaktivieren?

Steffi000 · 24.05.2013, 20:55

Ich hab alles beendet, den Computer neugestartet und nochmal versucht, den Echtzeit-Scanner und den Browser-Schutz zu deaktivieren. Es wird immer gemeldet, dass auf die Datei nicht zugegriffen werden kann. Ich bin auch als Administrator am PC angemeldet.

markusg · 24.05.2013, 23:00

ok dann scann mit aktiviertem avira

Steffi000 · 25.05.2013, 10:29

Ich hab ComboFix laufen lassen, den Pc neugestartet. Es öffnet sich keine log-Datei

Ist das die Datei?

ComboFix 13-05-24.01 - *** 25.05.2013 7:33:07.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4091.2876 [GMT 2:00]
ausgeführt von:: C:\Users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt

((((((((((((((((((((((( Dateien erstellt von 2013-04-25 bis 2013-05-25 ))))))))))))))))))))))))))))))

2013-05-25 06:09:52 . 2013-05-25 06:09:52 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-05-25 06:09:52 . 2013-05-25 06:09:52 -------- d-----w- C:\Users\**\AppData\Local\temp
2013-05-24 16:45:34 . 2013-05-24 16:54:35 -------- d-----w- C:\_OTL
2013-05-15 15:50:40 . 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-11 13:20:55 . 2013-05-11 13:20:55 -------- d-----w- C:\Program Files (x86)\ProtectDisc Driver Installer
2013-05-11 13:20:54 . 2013-05-11 13:20:54 335288 ----a-w- C:\Windows\system32\drivers\acedrv11.sys
2013-05-11 13:20:48 . 2013-05-11 13:20:48 -------- d-----w- C:\Users\**\AppData\Roaming\ProtectDisc
2013-05-11 07:17:03 . 2000-08-19 18:29:32 268048 ----a-w- C:\Windows\SysWow64\dxtmeta2.dll
2013-05-07 18:22:59 . 2013-05-07 18:22:35 83160 ----a-w- C:\Windows\system32\drivers\avnetflt.sys
2013-04-25 15:51:25 . 2013-04-25 15:51:45 -------- d-----w- C:\Users\**\AppData\Roaming\elsterformular
2013-04-25 15:44:28 . 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\system32\drivers\ntfs.sys
.

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-05-15 18:37:03 . 2012-11-28 12:50:22 75016696 ----a-w- C:\Windows\system32\MRT.exe
2013-05-15 17:25:29 . 2012-12-02 15:05:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 17:25:29 . 2012-12-02 15:05:47 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-13 05:49:23 . 2013-05-15 15:50:33 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 . 2013-05-15 15:50:33 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 . 2013-05-15 15:50:33 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 . 2013-05-15 15:50:32 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 . 2013-05-15 15:50:33 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 . 2013-05-15 15:50:33 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-05 08:56:58 . 2013-04-05 08:56:58 1054720 ----a-w- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-04-05 08:56:58 . 2013-04-05 08:56:57 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-04-05 08:56:57 . 2013-04-05 08:56:57 73728 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2013-04-05 08:56:57 . 2013-04-05 08:56:57 719360 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2013-04-05 08:56:57 . 2013-04-05 08:56:57 61952 ----a-w- C:\Windows\SysWow64\tdc.ocx
2013-04-05 08:56:57 . 2013-04-05 08:56:57 523264 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-04-05 08:56:57 . 2013-04-05 08:56:57 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2013-04-05 08:56:57 . 2013-04-05 08:56:57 38400 ----a-w- C:\Windows\SysWow64\imgutil.dll
2013-04-05 08:56:57 . 2013-04-05 08:56:57 361984 ----a-w- C:\Windows\SysWow64\html.iec
2013-04-05 08:56:57 . 2013-04-05 08:56:57 226304 ----a-w- C:\Windows\system32\elshyph.dll
2013-04-05 08:56:57 . 2013-04-05 08:56:57 158720 ----a-w- C:\Windows\SysWow64\msls31.dll
2013-04-05 08:56:57 . 2013-04-05 08:56:57 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2013-04-05 08:56:57 . 2013-04-05 08:56:57 138752 ----a-w- C:\Windows\SysWow64\wextract.exe
2013-04-05 08:56:57 . 2013-04-05 08:56:57 137216 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-05 08:56:57 . 2013-04-05 08:56:57 12800 ----a-w- C:\Windows\SysWow64\mshta.exe
2013-04-05 08:56:57 . 2013-04-05 08:56:57 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 97280 ----a-w- C:\Windows\system32\mshtmled.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 92160 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2013-04-05 08:56:56 . 2013-04-05 08:56:56 905728 ----a-w- C:\Windows\system32\mshtmlmedia.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 81408 ----a-w- C:\Windows\system32\icardie.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 77312 ----a-w- C:\Windows\system32\tdc.ocx
2013-04-05 08:56:56 . 2013-04-05 08:56:56 762368 ----a-w- C:\Windows\system32\ieapfltr.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 62976 ----a-w- C:\Windows\system32\pngfilt.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 599552 ----a-w- C:\Windows\system32\vbscript.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 52224 ----a-w- C:\Windows\system32\msfeedsbs.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 51200 ----a-w- C:\Windows\system32\imgutil.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 452096 ----a-w- C:\Windows\system32\dxtmsft.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 441856 ----a-w- C:\Windows\system32\html.iec
2013-04-05 08:56:56 . 2013-04-05 08:56:56 281600 ----a-w- C:\Windows\system32\dxtrans.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 27648 ----a-w- C:\Windows\system32\licmgr10.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 270848 ----a-w- C:\Windows\system32\iedkcs32.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 247296 ----a-w- C:\Windows\system32\webcheck.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 235008 ----a-w- C:\Windows\system32\url.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 23040 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 216064 ----a-w- C:\Windows\system32\msls31.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 197120 ----a-w- C:\Windows\system32\msrating.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 173568 ----a-w- C:\Windows\system32\ieUnatt.exe
2013-04-05 08:56:56 . 2013-04-05 08:56:56 167424 ----a-w- C:\Windows\system32\iexpress.exe
2013-04-05 08:56:56 . 2013-04-05 08:56:56 1509376 ----a-w- C:\Windows\system32\inetcpl.cpl
2013-04-05 08:56:56 . 2013-04-05 08:56:56 149504 ----a-w- C:\Windows\system32\occache.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 144896 ----a-w- C:\Windows\system32\wextract.exe
2013-04-05 08:56:56 . 2013-04-05 08:56:56 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-05 08:56:56 . 2013-04-05 08:56:56 1400416 ----a-w- C:\Windows\system32\ieapfltr.dat
2013-04-05 08:56:56 . 2013-04-05 08:56:56 13824 ----a-w- C:\Windows\system32\mshta.exe
2013-04-05 08:56:56 . 2013-04-05 08:56:56 136192 ----a-w- C:\Windows\system32\iepeers.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 135680 ----a-w- C:\Windows\system32\IEAdvpack.dll
2013-04-05 08:56:56 . 2013-04-05 08:56:56 12800 ----a-w- C:\Windows\system32\msfeedssync.exe
2013-04-05 08:56:56 . 2013-04-05 08:56:56 102912 ----a-w- C:\Windows\system32\inseng.dll
2013-03-27 10:53:33 . 2013-03-27 10:53:33 893552 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-03-27 10:53:23 . 2013-03-27 10:53:23 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-03-27 10:53:18 . 2013-03-27 10:53:18 1236816 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-03-27 09:54:16 . 2013-03-27 09:54:34 28600 ----a-w- C:\Windows\system32\drivers\avkmgr.sys
2013-03-27 09:54:16 . 2013-03-27 09:54:33 130016 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2013-03-27 09:54:16 . 2013-03-27 09:54:33 100712 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2013-03-19 06:04:06 . 2013-04-10 12:02:30 5550424 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-03-19 05:46:56 . 2013-04-10 12:02:28 43520 ----a-w- C:\Windows\system32\csrsrv.dll
2013-03-19 05:04:13 . 2013-04-10 12:02:29 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 . 2013-04-10 12:02:29 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 . 2013-04-10 12:02:28 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 . 2013-04-10 12:02:28 112640 ----a-w- C:\Windows\system32\smss.exe

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-20 20:56:40 1521952]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-12-20 20:56:40 1521952 ----a-w- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-20 20:56:40 1521952]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2012-11-28 10:53:44 1194504]
"ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [2012-12-20 20:56:46 1574176]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 18:22:17 345312]
"ZoneAlarm"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 11:31:18 73832]

C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 20:35:28 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;C:\Windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2013-03-27 09:54:16 28600]
S2 acedrv11;acedrv11;C:\Windows\system32\drivers\acedrv11.sys [2013-05-11 13:20:54 335288]
S2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-27 09:54:05 86752]
S2 AntiVirWebService;Avira Browser-Schutz;C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-05-07 18:22:20 562744]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 14:35:36 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-22 14:35:22 828072]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 20:34:36 270848]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 11:40:42 6952960]

Inhalt des "geplante Tasks" Ordners

24.05.2013, 18:26	#6
markusg /// Malware-holic	Laptop infiziert mit ihavenet.com bitte log einstellen, und nein wir haben noch Arbeit __________________ --> Laptop infiziert mit ihavenet.com

24.05.2013, 20:23	#10
markusg /// Malware-holic	Laptop infiziert mit ihavenet.com wenn du über Rechtsklick auf den schirm, deaktivieren gewählt hast, ja. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

24.05.2013, 23:00	#14
markusg /// Malware-holic	Laptop infiziert mit ihavenet.com ok dann scann mit aktiviertem avira __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Laptop infiziert mit ihavenet.com

Log-Analyse und Auswertung: Laptop infiziert mit ihavenet.com