Pup.Optional.Quick.Share.A gefunden

DanSkorksi · 09.08.2013, 18:49

Hallo zusammen,

mir ist aufgefallen, dass mein Rechner deutlich langsamer wurde. Malwarebytes fand schließlich Pup.Optional.Quick.Share.A und Spybot fand Elexdesk.365. Beide "Dateien" befinden sich jetzt in Quarantäne. Es wäre schön, wenn ihr mir dabei helfen könntet, die restlichen Auswüchse zu bekämpfen.:-)

Anbei mein Malwarebytes-logfile sowie das Logfile von Spybot:

Code:

ATTFilter

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
* :: *-PC [Administrator]

09.08.2013 03:18:58
mbam-log-2013-08-09 (03-18-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 515961
Laufzeit: 1 Stunde(n), 35 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

Search results from Spybot - Search & Destroy

8/8/2013 3:18:08 PM
Scan took 01:04:56.
98 items found.

Elex.Desk365: [SBI $02119D1D] Settings (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda

Elex.V9: [SBI $36B89780] Program directory (Directory, nothing done)
  C:\Program Files (x86)\newtabs\
  Directory.subfile=C:\Program Files (x86)\newtabs\newtabs.exe
  Directory.subfile.size=261032
  Directory.subfile.md5=7331B554FC1CA17DAFAF0837AB91AAC6
  Directory.subfile.filedate=1343857665
  Directory.subfile.filedatetext=2012-08-01 23:47:45

Elex.V9: [SBI $A24DFF74]  Executable (File, nothing done)
  C:\Program Files (x86)\newtabs\newtabs.exe
  Properties.size=261032
  Properties.md5=7331B554FC1CA17DAFAF0837AB91AAC6
  Properties.filedate=1343857665
  Properties.filedatetext=2012-08-01 23:47:45

Elex.V9: [SBI $69E57A00] Settings (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\V9Software

Toolbar.Snap.do: [SBI $8DDCAABF] Settings (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Toolbar.Snap.do: [SBI $8DDCAABF] Settings (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Toolbar.Snap.do: [SBI $EF91C26E] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESmartBar.BandObjectAttribute

Toolbar.Snap.do: [SBI $EF91C26E] Class ID (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Toolbar.Snap.do: [SBI $EF91C26E] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESmartBar.BandObjectAttribute

Toolbar.Snap.do: [SBI $EF91C26E] Class ID (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Toolbar.Snap.do: [SBI $E9445C6F] Settings (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Toolbar.Snap.do: [SBI $E9445C6F] Settings (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Toolbar.Snap.do: [SBI $83BB8987] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESmartBar.DockingPanel

Toolbar.Snap.do: [SBI $83BB8987] Class ID (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Toolbar.Snap.do: [SBI $83BB8987] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESmartBar.DockingPanel

Toolbar.Snap.do: [SBI $83BB8987] Class ID (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Toolbar.Snap.do: [SBI $8761DA80] Settings (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Toolbar.Snap.do: [SBI $8761DA80] Settings (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Toolbar.Snap.do: [SBI $CFA65105] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject

Toolbar.Snap.do: [SBI $CFA65105] Class ID (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Toolbar.Snap.do: [SBI $CFA65105] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject

Toolbar.Snap.do: [SBI $CFA65105] Class ID (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Toolbar.Snap.do: [SBI $2224DEB2] Settings (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Toolbar.Snap.do: [SBI $2224DEB2] Settings (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Toolbar.Snap.do: [SBI $0B5340BB] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm

Toolbar.Snap.do: [SBI $0B5340BB] Class ID (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Toolbar.Snap.do: [SBI $0B5340BB] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm

Toolbar.Snap.do: [SBI $0B5340BB] Class ID (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Toolbar.Snap.do: [SBI $B8DD52AF] Settings (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Toolbar.Snap.do: [SBI $B8DD52AF] Settings (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Toolbar.Snap.do: [SBI $5BC1CF35] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESmartBar.IESmartBar

Toolbar.Snap.do: [SBI $5BC1CF35] Class ID (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Toolbar.Snap.do: [SBI $5BC1CF35] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESmartBar.IESmartBar

Toolbar.Snap.do: [SBI $5BC1CF35] Class ID (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Toolbar.Snap.do: [SBI $8A184072] User settings (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Toolbar.Snap.do: [SBI $8A184072] User settings (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Toolbar.Snap.do: [SBI $2A1CCFF9] IE toolbar (Registry Value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113}

Toolbar.Snap.do: [SBI $2A1CCFF9] IE toolbar (Registry Value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113}

Toolbar.Snap.do: [SBI $1A7BE132] Settings (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Toolbar.Snap.do: [SBI $BD50E80E] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESmartBar.BHO

Toolbar.Snap.do: [SBI $BD50E80E] Class ID (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Toolbar.Snap.do: [SBI $BD50E80E] Browser helper object (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Toolbar.Snap.do: [SBI $BD50E80E] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESmartBar.BHO

Toolbar.Snap.do: [SBI $28BEF3EF] User settings (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Toolbar.Snap.do: [SBI $28BEF3EF] User settings (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

7-Zip: [SBI $12C3A52C] Folder history (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\7-ZIP\FM\FolderHistory

7-Zip: [SBI $3D5692BD] Last used folder (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\7-ZIP\FM\PanelPath0

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\DirectInput\MostRecentApplication\Id

vanBasco's Karaoke Player: [SBI $C85CC84D] Last used playlist (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\vanBasco\vanBasco's MIDI Player\Playlist\Last

vanBasco's Karaoke Player: [SBI $A1B1B280] Last used folder (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\vanBasco\vanBasco's MIDI Player\Playlist\LastDirectory

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows.OpenWith: [SBI $F34FE1D0] Open with list - .CUE extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUE\OpenWithList

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\WinRAR\ArcHistory

WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\WinRAR\General\LastFolder

WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\WinRAR\DialogEditHistory\ExtrPath

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (7) (Browser: Cache, nothing done)
  

Verlauf: [SBI $49804B54] Browser: History (1) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (4) (Browser: Cookie, nothing done)
  


--- Spybot - Search & Destroy version: 2.1.18.131  DLL (build: 20130516) ---

2013-05-16 blindman.exe (2.1.18.151)
2013-05-16 explorer.exe (2.1.18.177)
2013-05-16 SDBootCD.exe (2.1.18.109)
2013-05-16 SDCleaner.exe (2.1.18.110)
2013-05-16 SDDelFile.exe (2.1.18.94)
2013-06-18 SDDisableProxy.exe
2013-05-16 SDFiles.exe (2.1.18.135)
2013-03-20 SDFileScanHelper.exe (2.1.16.1)
2013-05-16 SDFSSvc.exe (2.1.18.208)
2013-05-16 SDHookHelper.exe (2.1.18.2)
2013-05-16 SDHookInst32.exe (2.1.18.2)
2013-05-16 SDHookInst64.exe (2.1.18.2)
2013-05-16 SDImmunize.exe (2.1.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-05-16 SDOnAccess.exe (2.1.18.4)
2013-05-16 SDPESetup.exe (2.1.18.3)
2013-05-16 SDPEStart.exe (2.1.18.86)
2013-05-16 SDPhoneScan.exe (2.1.18.28)
2013-05-16 SDPRE.exe (2.1.18.22)
2013-05-16 SDPrepPos.exe (2.1.18.10)
2013-05-16 SDQuarantine.exe (2.1.18.103)
2013-05-16 SDRootAlyzer.exe (2.1.18.116)
2013-05-16 SDSBIEdit.exe (2.1.18.39)
2013-05-16 SDScan.exe (2.1.18.177)
2013-05-16 SDScript.exe (2.1.18.53)
2013-05-16 SDSettings.exe (2.1.18.136)
2013-05-16 SDShell.exe (2.1.18.2)
2013-05-16 SDShred.exe (2.1.18.107)
2013-05-16 SDSysRepair.exe (2.1.18.101)
2013-05-16 SDTools.exe (2.1.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-05-16 SDUpdate.exe (2.1.18.91)
2013-05-16 SDUpdSvc.exe (2.1.18.76)
2013-07-10 SDWelcome.exe (2.1.21.129)
2013-05-15 SDWSCSvc.exe (2.1.18.2)
2013-06-19 spybotsd2-translation-frx.exe
2013-08-08 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-05-16 SDFileScanLibrary.dll (2.1.18.12)
2013-05-16 SDHook32.dll (2.1.18.2)
2013-05-16 SDHook64.dll (2.1.18.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2012-12-18 Includes\Adware.sbi (*)
2013-07-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-08-06 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-08-06 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-07-31 Includes\TrojansC-03.sbi (*)
2013-08-06 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-08-06 Includes\TrojansC.sbi (*)

Code:

ATTFilter

Search results from Spybot - Search & Destroy

8/8/2013 7:38:02 PM
Scan took 01:03:33.
4 items found.

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name

Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
  


--- Spybot - Search & Destroy version: 2.1.18.131  DLL (build: 20130516) ---

2013-05-16 blindman.exe (2.1.18.151)
2013-05-16 explorer.exe (2.1.18.177)
2013-05-16 SDBootCD.exe (2.1.18.109)
2013-05-16 SDCleaner.exe (2.1.18.110)
2013-05-16 SDDelFile.exe (2.1.18.94)
2013-06-18 SDDisableProxy.exe
2013-05-16 SDFiles.exe (2.1.18.135)
2013-03-20 SDFileScanHelper.exe (2.1.16.1)
2013-05-16 SDFSSvc.exe (2.1.18.208)
2013-05-16 SDHookHelper.exe (2.1.18.2)
2013-05-16 SDHookInst32.exe (2.1.18.2)
2013-05-16 SDHookInst64.exe (2.1.18.2)
2013-05-16 SDImmunize.exe (2.1.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-05-16 SDOnAccess.exe (2.1.18.4)
2013-05-16 SDPESetup.exe (2.1.18.3)
2013-05-16 SDPEStart.exe (2.1.18.86)
2013-05-16 SDPhoneScan.exe (2.1.18.28)
2013-05-16 SDPRE.exe (2.1.18.22)
2013-05-16 SDPrepPos.exe (2.1.18.10)
2013-05-16 SDQuarantine.exe (2.1.18.103)
2013-05-16 SDRootAlyzer.exe (2.1.18.116)
2013-05-16 SDSBIEdit.exe (2.1.18.39)
2013-05-16 SDScan.exe (2.1.18.177)
2013-05-16 SDScript.exe (2.1.18.53)
2013-05-16 SDSettings.exe (2.1.18.136)
2013-05-16 SDShell.exe (2.1.18.2)
2013-05-16 SDShred.exe (2.1.18.107)
2013-05-16 SDSysRepair.exe (2.1.18.101)
2013-05-16 SDTools.exe (2.1.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-05-16 SDUpdate.exe (2.1.18.91)
2013-05-16 SDUpdSvc.exe (2.1.18.76)
2013-07-10 SDWelcome.exe (2.1.21.129)
2013-05-15 SDWSCSvc.exe (2.1.18.2)
2013-06-19 spybotsd2-translation-frx.exe
2013-08-08 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-05-16 SDFileScanLibrary.dll (2.1.18.12)
2013-05-16 SDHook32.dll (2.1.18.2)
2013-05-16 SDHook64.dll (2.1.18.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2012-12-18 Includes\Adware.sbi (*)
2013-07-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-08-06 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-08-06 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-07-31 Includes\TrojansC-03.sbi (*)
2013-08-06 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-08-06 Includes\TrojansC.sbi (*)

Code:

ATTFilter

Search results from Spybot - Search & Destroy

8/8/2013 7:38:02 PM
Scan took 01:03:33.
4 items found.

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name

Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
  


--- Spybot - Search & Destroy version: 2.1.18.131  DLL (build: 20130516) ---

2013-05-16 blindman.exe (2.1.18.151)
2013-05-16 explorer.exe (2.1.18.177)
2013-05-16 SDBootCD.exe (2.1.18.109)
2013-05-16 SDCleaner.exe (2.1.18.110)
2013-05-16 SDDelFile.exe (2.1.18.94)
2013-06-18 SDDisableProxy.exe
2013-05-16 SDFiles.exe (2.1.18.135)
2013-03-20 SDFileScanHelper.exe (2.1.16.1)
2013-05-16 SDFSSvc.exe (2.1.18.208)
2013-05-16 SDHookHelper.exe (2.1.18.2)
2013-05-16 SDHookInst32.exe (2.1.18.2)
2013-05-16 SDHookInst64.exe (2.1.18.2)
2013-05-16 SDImmunize.exe (2.1.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-05-16 SDOnAccess.exe (2.1.18.4)
2013-05-16 SDPESetup.exe (2.1.18.3)
2013-05-16 SDPEStart.exe (2.1.18.86)
2013-05-16 SDPhoneScan.exe (2.1.18.28)
2013-05-16 SDPRE.exe (2.1.18.22)
2013-05-16 SDPrepPos.exe (2.1.18.10)
2013-05-16 SDQuarantine.exe (2.1.18.103)
2013-05-16 SDRootAlyzer.exe (2.1.18.116)
2013-05-16 SDSBIEdit.exe (2.1.18.39)
2013-05-16 SDScan.exe (2.1.18.177)
2013-05-16 SDScript.exe (2.1.18.53)
2013-05-16 SDSettings.exe (2.1.18.136)
2013-05-16 SDShell.exe (2.1.18.2)
2013-05-16 SDShred.exe (2.1.18.107)
2013-05-16 SDSysRepair.exe (2.1.18.101)
2013-05-16 SDTools.exe (2.1.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-05-16 SDUpdate.exe (2.1.18.91)
2013-05-16 SDUpdSvc.exe (2.1.18.76)
2013-07-10 SDWelcome.exe (2.1.21.129)
2013-05-15 SDWSCSvc.exe (2.1.18.2)
2013-06-19 spybotsd2-translation-frx.exe
2013-08-08 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-05-16 SDFileScanLibrary.dll (2.1.18.12)
2013-05-16 SDHook32.dll (2.1.18.2)
2013-05-16 SDHook64.dll (2.1.18.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2012-12-18 Includes\Adware.sbi (*)
2013-07-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-08-06 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-08-06 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-07-31 Includes\TrojansC-03.sbi (*)
2013-08-06 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-08-06 Includes\TrojansC.sbi (*)

Code:

ATTFilter

Search results from Spybot - Search & Destroy

8/9/2013 9:24:39 AM
Scan took 00:53:50.
9 items found.

FastClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): *) (Browser: Cookie, nothing done)
  

DoubleClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): *) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): *) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): *) (Browser: Cookie, nothing done)
  

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

Cookie: [SBI $49804B54] Browser: Cookie (5) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (20) (Browser: Cache, nothing done)
  

Verlauf: [SBI $49804B54] Browser: History (7) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)
  


--- Spybot - Search & Destroy version: 2.1.18.131  DLL (build: 20130516) ---

2013-05-16 blindman.exe (2.1.18.151)
2013-05-16 explorer.exe (2.1.18.177)
2013-05-16 SDBootCD.exe (2.1.18.109)
2013-05-16 SDCleaner.exe (2.1.18.110)
2013-05-16 SDDelFile.exe (2.1.18.94)
2013-06-18 SDDisableProxy.exe
2013-05-16 SDFiles.exe (2.1.18.135)
2013-03-20 SDFileScanHelper.exe (2.1.16.1)
2013-05-16 SDFSSvc.exe (2.1.18.208)
2013-05-16 SDHookHelper.exe (2.1.18.2)
2013-05-16 SDHookInst32.exe (2.1.18.2)
2013-05-16 SDHookInst64.exe (2.1.18.2)
2013-05-16 SDImmunize.exe (2.1.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-05-16 SDOnAccess.exe (2.1.18.4)
2013-05-16 SDPESetup.exe (2.1.18.3)
2013-05-16 SDPEStart.exe (2.1.18.86)
2013-05-16 SDPhoneScan.exe (2.1.18.28)
2013-05-16 SDPRE.exe (2.1.18.22)
2013-05-16 SDPrepPos.exe (2.1.18.10)
2013-05-16 SDQuarantine.exe (2.1.18.103)
2013-05-16 SDRootAlyzer.exe (2.1.18.116)
2013-05-16 SDSBIEdit.exe (2.1.18.39)
2013-05-16 SDScan.exe (2.1.18.177)
2013-05-16 SDScript.exe (2.1.18.53)
2013-05-16 SDSettings.exe (2.1.18.136)
2013-05-16 SDShell.exe (2.1.18.2)
2013-05-16 SDShred.exe (2.1.18.107)
2013-05-16 SDSysRepair.exe (2.1.18.101)
2013-05-16 SDTools.exe (2.1.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-05-16 SDUpdate.exe (2.1.18.91)
2013-05-16 SDUpdSvc.exe (2.1.18.76)
2013-07-10 SDWelcome.exe (2.1.21.129)
2013-05-15 SDWSCSvc.exe (2.1.18.2)
2013-06-19 spybotsd2-translation-frx.exe
2013-08-08 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-05-16 SDFileScanLibrary.dll (2.1.18.12)
2013-05-16 SDHook32.dll (2.1.18.2)
2013-05-16 SDHook64.dll (2.1.18.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2012-12-18 Includes\Adware.sbi (*)
2013-07-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-08-06 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-08-06 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-07-31 Includes\TrojansC-03.sbi (*)
2013-08-06 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-08-06 Includes\TrojansC.sbi (*)

markusg · 09.08.2013, 18:54

Hi, es folgt eine Anweisung für FRST, bitte beachte die Zusatzinfo, die ich für die Additions.txt benötige.

Empfehlungen fürs Deinstallieren
Bitte kopiere die Liste der installierten Programme aus der additions.txt hier in deinen Thread. Notiere mir bitte
hinter jede Zeile, ob folgendes Kategorie zutrifft: Unbekannt, Nötig, Unnötig

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

DanSkorksi · 09.08.2013, 19:30

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by * (administrator) on 09-08-2013 20:18:43
Running from C:\Users\*\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKCU\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [LoadFUJ02E3] - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.)
HKLM-x32\...\Run: [DeskUpdateNotifier] - c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Startup: C:\Users\Internetkonto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Internetkonto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\31qy4b1e.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - D:\Programme\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - D:\Programme\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - d:\programme\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - d:\programme\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-12-15] (Avira GmbH)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-09 20:17 - 2013-08-09 20:18 - 01790169 _____ (Farbar) C:\Users\*\Desktop\FRST64.exe
2013-08-08 23:10 - 2013-08-08 23:13 - 110344048 _____ C:\Users\*\Desktop\avira_free_antivirus85_de.exe
2013-08-08 18:10 - 2013-08-08 18:10 - 00000520 _____ C:\Windows\PFRO.log
2013-08-08 16:09 - 2013-08-08 16:09 - 00000000 ____D C:\Users\*\Documents\ProcAlyzer Dumps
2013-08-08 15:47 - 2013-08-08 15:47 - 00000101 _____ C:\Windows\wininit.ini
2013-08-08 14:10 - 2013-08-09 19:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-08 14:10 - 2013-08-08 14:12 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-08 14:10 - 2013-08-08 14:10 - 00001385 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-08-08 14:10 - 2013-08-08 14:10 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-08 14:10 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-08-08 14:09 - 2013-08-08 14:09 - 01440846 _____ C:\Users\Internetkonto\Desktop\mbam-chameleon-1.62.1.1000.zip
2013-08-08 14:08 - 2013-08-08 14:08 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\Internetkonto\Desktop\spybotsd-2.1.21-SR2.exe
2013-08-06 20:18 - 2013-08-09 08:27 - 00000336 _____ C:\Windows\setupact.log
2013-08-06 20:18 - 2013-08-06 20:18 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 18:16 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-06 18:15 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-06 18:15 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-06 18:15 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-06 18:15 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-06 18:15 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-06 18:15 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-06 18:15 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-06 18:15 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-06 18:15 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-06 18:15 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-06 18:15 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-06 18:15 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-06 18:15 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-06 18:15 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-06 18:15 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-06 18:15 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-06 18:15 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-06 18:15 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-06 18:15 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-06 18:15 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-06 18:00 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-06 18:00 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-06 18:00 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-06 18:00 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-06 18:00 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-06 17:59 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-06 17:59 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-06 17:41 - 2013-08-06 17:41 - 00000000 ____D C:\Users\Internetkonto\AppData\Roaming\RCP 6
2013-08-06 17:33 - 2013-08-06 17:33 - 00000000 ____D C:\ConversionOutput
2013-08-06 17:18 - 2013-08-06 17:18 - 00000000 ____D C:\Users\Internetkonto\AppData\Local\PictureConverter
2013-08-06 11:39 - 2013-08-06 11:39 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-06 11:14 - 2013-08-06 11:14 - 00000000 ____D C:\Windows\en
2013-08-06 11:14 - 2013-08-06 11:14 - 00000000 ____D C:\Windows\de
2013-08-06 11:07 - 2013-08-06 11:13 - 143436858 _____ C:\Users\*\Desktop\Apache_OpenOffice_4.0.0_Win_x86_install_en-US.exe
2013-07-14 10:30 - 2013-07-14 10:30 - 00001058 _____ C:\Users\Internetkonto\Desktop\Dropbox.lnk
2013-07-13 12:40 - 2013-07-13 12:40 - 00000584 _____ C:\Users\*\Documents\cc_20130713_124051.reg
2013-07-13 12:30 - 2013-07-13 12:30 - 00055650 _____ C:\Users\*\Documents\cc_20130713_123015.reg
2013-07-13 12:30 - 2013-07-13 12:30 - 00001076 _____ C:\Users\*\Documents\cc_20130713_123029.reg
2013-07-13 12:30 - 2013-07-13 12:30 - 00000082 _____ C:\Users\*\Documents\cc_20130713_123040.reg
2013-07-10 15:38 - 2013-06-09 21:59 - 00216064 _____ C:\Windows\SysWOW64\gcapi_dll.dll
2013-07-10 15:30 - 2013-07-10 15:30 - 00000000 ____D C:\Users\Internetkonto\AppData\Roaming\SumatraPDF

==================== One Month Modified Files and Folders =======

2013-08-09 20:18 - 2013-08-09 20:18 - 00000000 ____D C:\FRST
2013-08-09 20:18 - 2013-08-09 20:17 - 01790169 _____ (Farbar) C:\Users\*\Desktop\FRST64.exe
2013-08-09 19:56 - 2012-11-21 19:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-09 19:37 - 2013-08-08 14:10 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-09 19:13 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 19:13 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 13:46 - 2012-08-24 12:52 - 00000000 ____D C:\Users\Internetkonto\AppData\Roaming\Dropbox
2013-08-09 08:27 - 2013-08-06 20:18 - 00000336 _____ C:\Windows\setupact.log
2013-08-09 08:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 08:26 - 2011-12-26 02:39 - 01103912 _____ C:\Windows\WindowsUpdate.log
2013-08-08 23:13 - 2013-08-08 23:10 - 110344048 _____ C:\Users\*\Desktop\avira_free_antivirus85_de.exe
2013-08-08 18:10 - 2013-08-08 18:10 - 00000520 _____ C:\Windows\PFRO.log
2013-08-08 16:09 - 2013-08-08 16:09 - 00000000 ____D C:\Users\*\Documents\ProcAlyzer Dumps
2013-08-08 15:47 - 2013-08-08 15:47 - 00000101 _____ C:\Windows\wininit.ini
2013-08-08 14:12 - 2013-08-08 14:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-08 14:10 - 2013-08-08 14:10 - 00001385 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-08-08 14:10 - 2013-08-08 14:10 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-08 14:09 - 2013-08-08 14:09 - 01440846 _____ C:\Users\Internetkonto\Desktop\mbam-chameleon-1.62.1.1000.zip
2013-08-08 14:08 - 2013-08-08 14:08 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\Internetkonto\Desktop\spybotsd-2.1.21-SR2.exe
2013-08-08 09:32 - 2011-02-14 14:57 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-08-08 09:32 - 2011-02-14 14:57 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-08-08 09:32 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-06 20:18 - 2013-08-06 20:18 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 19:00 - 2012-09-12 16:32 - 00000000 ____D C:\Users\*\AppData\Local\CrashDumps
2013-08-06 18:57 - 2011-02-14 14:43 - 00000000 ____D C:\Windows\Panther
2013-08-06 18:44 - 2011-12-25 19:05 - 00117024 _____ C:\Users\*\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-06 18:44 - 2011-12-25 19:04 - 00000000 ____D C:\Users\*
2013-08-06 18:43 - 2009-07-14 06:45 - 00461120 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-06 18:42 - 2012-05-19 03:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 18:42 - 2012-05-19 03:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 18:40 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-06 18:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-06 18:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-06 18:19 - 2011-12-25 22:04 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-06 17:41 - 2013-08-06 17:41 - 00000000 ____D C:\Users\Internetkonto\AppData\Roaming\RCP 6
2013-08-06 17:35 - 2011-12-27 00:11 - 00000000 ___RD C:\Users\Internetkonto
2013-08-06 17:33 - 2013-08-06 17:33 - 00000000 ____D C:\ConversionOutput
2013-08-06 17:18 - 2013-08-06 17:18 - 00000000 ____D C:\Users\Internetkonto\AppData\Local\PictureConverter
2013-08-06 12:35 - 2013-07-02 19:01 - 00000000 ____D C:\Users\Internetkonto\AppData\Local\Windows Live
2013-08-06 12:18 - 2011-12-27 00:13 - 00117024 _____ C:\Users\Internetkonto\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-06 11:39 - 2013-08-06 11:39 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-06 11:39 - 2012-01-25 01:43 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-08-06 11:37 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-06 11:34 - 2011-12-25 19:04 - 00000000 ____D C:\Users\*\AppData\Local\Adobe
2013-08-06 11:30 - 2012-11-21 19:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-06 11:30 - 2012-04-04 00:00 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-06 11:30 - 2011-12-28 22:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-06 11:21 - 2011-12-27 00:00 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-06 11:21 - 2011-12-27 00:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-06 11:14 - 2013-08-06 11:14 - 00000000 ____D C:\Windows\en
2013-08-06 11:14 - 2013-08-06 11:14 - 00000000 ____D C:\Windows\de
2013-08-06 11:13 - 2013-08-06 11:07 - 143436858 _____ C:\Users\*\Desktop\Apache_OpenOffice_4.0.0_Win_x86_install_en-US.exe
2013-08-06 11:12 - 2011-12-25 19:07 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-08-06 11:12 - 2011-12-25 19:06 - 00000000 ____D C:\Program Files\Windows Live
2013-07-30 08:50 - 2012-03-13 18:32 - 03864576 ___SH C:\Users\Internetkonto\Desktop\Thumbs.db
2013-07-28 04:46 - 2013-02-23 01:10 - 00000000 ____D C:\Users\Internetkonto\AppData\Roaming\Spotify
2013-07-28 01:23 - 2013-02-23 01:10 - 00000000 ____D C:\Users\Internetkonto\AppData\Local\Spotify
2013-07-14 10:30 - 2013-07-14 10:30 - 00001058 _____ C:\Users\Internetkonto\Desktop\Dropbox.lnk
2013-07-14 10:23 - 2012-08-24 12:53 - 00000000 ____D C:\Users\*\AppData\Roaming\Dropbox
2013-07-14 09:49 - 2012-08-24 12:54 - 00000000 ___RD C:\Users\Internetkonto\Dropbox
2013-07-13 12:40 - 2013-07-13 12:40 - 00000584 _____ C:\Users\*\Documents\cc_20130713_124051.reg
2013-07-13 12:30 - 2013-07-13 12:30 - 00055650 _____ C:\Users\*\Documents\cc_20130713_123015.reg
2013-07-13 12:30 - 2013-07-13 12:30 - 00001076 _____ C:\Users\*\Documents\cc_20130713_123029.reg
2013-07-13 12:30 - 2013-07-13 12:30 - 00000082 _____ C:\Users\*\Documents\cc_20130713_123040.reg
2013-07-10 15:39 - 2013-04-03 10:00 - 00000000 ____D C:\Users\*\AppData\Roaming\Foxit Software
2013-07-10 15:30 - 2013-07-10 15:30 - 00000000 ____D C:\Users\Internetkonto\AppData\Roaming\SumatraPDF

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 02:33

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2013 02
Ran by * at 2013-08-09 20:19:17
Running from C:\Users\*\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) NÖTIG
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) NÖTIG
AIS Connect (x32 Version: 1.1.1.6) UNBEKANNT
AudibleManager (x32 Version: 2003320046.48.56.4001002) NÖTIG
Avira Free Antivirus (x32 Version: 12.1.9.2500) NÖTIG
Bluetooth Feature Pack 5.0 (Version: 5.0.14) UNBEKANNT
CyberLink YouCam (x32 Version: 3.0.1908.7636) UNBEKANNT
D3DX10 (x32 Version: 15.4.2368.0902) UNBEKANNT
DeskUpdate (x32 Version: 4.14.0118) UNBEKANNT
Die Gilde 2 (x32 Version: 1.20) NÖTIG
eaner (Version: 4.04) UNBEKANNT
ElsterFormular (x32 Version: 14.0.0.10960) NÖTIG
FileHippo.com Update Checker (x32) NÖTIG
Fotogalerie (x32 Version: 16.4.3508.0205) UNBEKANNT
Foxit Reader (x32 Version: 6.0.5.618) NÖTIG
Fujitsu Display Manager (Version: 7.01.00.210) UNBEKANNT
Fujitsu Display Manager (x32 Version: ) UNBEKANNT
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0) UNBEKANNT
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000) UNBEKANNT
Fujitsu MobilityCenter Extension Utility (x32 Version: ) UNBEKANNT
Fujitsu System Extension Utility (Version: 3.1.1.0) UNBEKANNT
Fujitsu System Extension Utility (x32) UNBEKANNT
FUSSBALL MANAGER 12 (x32 Version: 1.0.0.3) NÖTIG
Futuremark SystemInfo (x32 Version: 4.0.0.0) UNBEKANNT
GIMP 2.6.8 UNNÖTIG
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (Version: 22.50.231.0) NÖTIG
HP Photosmart Plus B210 series Hilfe (x32 Version: 140.0.54.54) NÖTIG
HP Update (x32 Version: 5.002.006.003) UNBEKANNT
HTC Driver Installer (x32 Version: 4.1.0.001) NÖTIG
ImgBurn (x32 Version: 2.5.8.0) Unnötig
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2025) UNBEKANNT
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179) UNBEKANNT
IPTInstaller (x32 Version: 4.0.8) UNBEKANNT
Java 7 Update 25 (64-bit) (Version: 7.0.250) NÖTIG
Junk Mail filter update (x32 Version: 16.4.3508.0205) UNBEKANNT
LifeBook Application Panel (Version: 8.1.0.0) UNBEKANNT
LifeBook Application Panel (x32) UNBEKANNT
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) NÖTIG
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) UNBEKANNT
Microsoft .NET Framework 4 Extended (Version: 4.0.30319) UNBEKANNT
Microsoft Application Error Reporting (Version: 12.0.6015.5000) UNBEKANNT
Microsoft Silverlight (Version: 5.1.20513.0) UNBEKANNT
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910) UNBEKANNT
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) UNBEKANNT
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) UNBEKANNT
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) UNBEKANNT
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411) UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) UNBEKANNT
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3508.0205) UNBEKANNT
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) NÖTIG
Mozilla Maintenance Service (x32 Version: 22.0) UNBEKANNT
Mp3tag v2.49b (x32 Version: v2.49b) NÖTIG
MSVCRT (x32 Version: 15.4.2862.0708) UNBEKANNT
MSVCRT_amd64 (x32 Version: 15.4.2862.0708) UNBEKANNT
MSVCRT110 (x32 Version: 16.4.1108.0727) UNBEKANNT
MSVCRT110_amd64 (Version: 16.4.1109.0912) UNBEKANNT
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) UNBEKANNT
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) UNBEKANNT
MyPhoneExplorer (x32 Version: 1.8.4) NÖTIG
NVIDIA PhysX (x32 Version: 9.10.0513) UNBEKANNT
OpenOffice 4.0.0 (x32 Version: 4.00.9702) NÖTIG
PDF24 Creator 5.4.0 (x32) NÖTIG
Photo Common (x32 Version: 16.4.3508.0205) UNBEKANNT
Photo Gallery (x32 Version: 16.4.3508.0205) UNBEKANNT
Plugfree NETWORK (Version: 5.3.0.1) UNBEKANNT
Plugfree NETWORK (Version: 5.3.001) UNBEKANNT
Power Saving Utility (Version: 31.01.11.013) UNBEKANNT
Power Saving Utility (x32) UNBEKANNT
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969) NÖTIG
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30087) UNBEKANNT
Scribus 1.4.2 (x32 Version: 1.4.2) UNBEKANNT
Spybot - Search & Destroy (x32 Version: 2.1.21) NÖTIG
Steam (x32 Version: 1.0.0.0) NÖTIG
SumatraPDF (x32 Version: 2.3.2) NÖTIG
Synaptics Pointing Device Driver (Version: 14.0.10.0) UNBEKANNT
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
VirtualDJ Home FREE (x32 Version: 7.0.5) NÖTIG
VLC media player 2.0.7 (Version: 2.0.7) NÖTIG
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live Family Safety (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Mail (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)

==================== Restore Points  =========================

07-08-2013 22:00:02 Geplanter Prüfpunkt
08-08-2013 13:47:46 S
08-08-2013 13:48:38 S

==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-11-26 19:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03ED20E5-6DD6-4450-9DF8-6582622BC2CD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-06] (Adobe Systems Incorporated)
Task: {2AB5D8C4-867D-414B-A8E7-8A15026AD4B3} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {3FCE60E6-0D19-42B0-AC13-E6247C625EBC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe No File
Task: {46499856-DDFD-41AC-853B-3B53FB23322D} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe No File
Task: {4870DD65-6D6E-4AA0-BD04-F8FF4967ED01} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2742597350-2926104813-441540862-1003 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {5537BE2F-0BFF-4ECF-BCC6-23858B8260C7} - System32\Tasks\Fujitsu\DeskUpdate => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)
Task: {7355AFC4-D5FB-4B21-B620-8F6C3B1AFAFC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {85C89B54-D15D-4AC2-B444-83A9BB64AA23} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe No File
Task: {9C4716E8-8167-4791-B10F-2A571FFCA98E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {B15B2A64-8F4D-4D6F-892B-5D49B9D9E425} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe No File
Task: {C1EB6372-3B20-4A2F-A0FB-22EC5BE63B79} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {FAEEF2BF-4BDF-40D3-B14B-978A9E6F47DC} - System32\Tasks\hpUtility.exe => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\utils\hpUtility.exe [2010-11-16] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2013 08:28:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 06:32:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 06:11:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 03:48:38 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/08/2013 03:47:57 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/06/2013 08:20:42 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/06/2013 08:20:42 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/06/2013 08:20:42 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/06/2013 08:20:42 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (08/06/2013 08:20:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/09/2013 08:27:52 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/09/2013 08:27:52 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (08/08/2013 06:32:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/08/2013 06:32:16 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (08/08/2013 06:31:36 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎08.‎08.‎2013 um 18:15:32 unerwartet heruntergefahren.

Error: (08/08/2013 06:15:44 PM) (Source: Microsoft-Windows-Kernel-Power) (User: NT-AUTORITÄT)
Description: Das System wurde aufgrund eines kritischen thermischen Ereignisses heruntergefahren.
            
Zeit für das Herunterfahren = 2013-08-08T16:15:44.711165100Z
            
ACPI-Thermozone = ACPI\ThermalZone\THRM
            
_CRT = 362K

Error: (08/08/2013 06:11:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/08/2013 06:11:21 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (08/07/2013 02:21:16 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (08/06/2013 08:20:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (08/09/2013 08:28:01 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 06:32:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 06:11:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 03:48:38 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/08/2013 03:47:57 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/06/2013 08:20:42 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/06/2013 08:20:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/06/2013 08:20:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/06/2013 08:20:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (08/06/2013 08:20:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2012-11-26 18:53:24.964
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-11-26 18:53:24.933
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-08-28 09:33:57.758
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\*\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-08-28 09:33:57.743
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\*\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-08-28 09:33:57.547
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-08-28 09:33:57.532
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-12-30 19:24:34.551
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\*\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-12-30 19:24:34.533
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users*\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-12-30 19:24:34.222
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Programme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-12-30 19:24:34.205
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Programme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 3892.55 MB
Available physical RAM: 2259.1 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 5824.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:50 GB) (Free:12.48 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:413.76 GB) (Free:110.82 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B477DB1C)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=414 GB) - (Type=07 NTFS)

==================== End Of Log ============================

markusg · 12.08.2013, 16:07

Hi,
es sind 2 Logs zu erstellen, bitte gleichzeitig posten, wenn möglich.
1. deinstaliere:
Futuremark
GIMP
ImgBurn
Spybot : kann weg, nimm lieber malwarebytes.
Neustarten.
2.
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

3.
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

DanSkorksi · 13.08.2013, 13:02

Beim Durchlaufen der Combofix-Software fährt irgendwann der Rechner von selbst runter, denke das ist nicht richtig so, oder? Ich kann zudem kein logfile finden.

Code:

ATTFilter

13:52:35.0196 4940  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:52:35.0448 4940  ============================================================
13:52:35.0448 4940  Current date / time: 2013/08/13 13:52:35.0448
13:52:35.0448 4940  SystemInfo:
13:52:35.0448 4940  
13:52:35.0448 4940  OS Version: 6.1.7601 ServicePack: 1.0
13:52:35.0448 4940  Product type: Workstation
13:52:35.0448 4940  ComputerName: DANJESSI-PC
13:52:35.0448 4940  UserName: DanJessi
13:52:35.0448 4940  Windows directory: C:\Windows
13:52:35.0448 4940  System windows directory: C:\Windows
13:52:35.0448 4940  Running under WOW64
13:52:35.0448 4940  Processor architecture: Intel x64
13:52:35.0448 4940  Number of processors: 2
13:52:35.0448 4940  Page size: 0x1000
13:52:35.0448 4940  Boot type: Normal boot
13:52:35.0448 4940  ============================================================
13:52:38.0464 4940  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:52:38.0474 4940  ============================================================
13:52:38.0474 4940  \Device\Harddisk0\DR0:
13:52:38.0474 4940  MBR partitions:
13:52:38.0474 4940  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x401000, BlocksNum 0x6400800
13:52:38.0474 4940  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6801800, BlocksNum 0x33B84000
13:52:38.0474 4940  ============================================================
13:52:38.0524 4940  C: <-> \Device\Harddisk0\DR0\Partition1
13:52:38.0664 4940  D: <-> \Device\Harddisk0\DR0\Partition2
13:52:38.0664 4940  ============================================================
13:52:38.0664 4940  Initialize success
13:52:38.0664 4940  ============================================================
13:53:50.0153 4724  ============================================================
13:53:50.0153 4724  Scan started
13:53:50.0153 4724  Mode: Manual; SigCheck; TDLFS; 
13:53:50.0153 4724  ============================================================
13:53:50.0512 4724  ================ Scan system memory ========================
13:53:50.0512 4724  System memory - ok
13:53:50.0512 4724  ================ Scan services =============================
13:53:50.0699 4724  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:53:50.0777 4724  1394ohci - ok
13:53:50.0824 4724  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:53:50.0840 4724  ACPI - ok
13:53:50.0887 4724  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:53:50.0965 4724  AcpiPmi - ok
13:53:51.0136 4724  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:53:51.0152 4724  AdobeFlashPlayerUpdateSvc - ok
13:53:51.0214 4724  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:53:51.0230 4724  adp94xx - ok
13:53:51.0277 4724  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:53:51.0292 4724  adpahci - ok
13:53:51.0308 4724  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:53:51.0323 4724  adpu320 - ok
13:53:51.0355 4724  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:53:51.0542 4724  AeLookupSvc - ok
13:53:51.0589 4724  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
13:53:51.0651 4724  AFD - ok
13:53:51.0698 4724  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:53:51.0729 4724  agp440 - ok
13:53:51.0760 4724  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
13:53:51.0807 4724  ALG - ok
13:53:51.0838 4724  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:53:51.0869 4724  aliide - ok
13:53:51.0901 4724  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:53:51.0916 4724  amdide - ok
13:53:51.0947 4724  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:53:51.0979 4724  AmdK8 - ok
13:53:51.0994 4724  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:53:52.0041 4724  AmdPPM - ok
13:53:52.0072 4724  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:53:52.0088 4724  amdsata - ok
13:53:52.0119 4724  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:53:52.0135 4724  amdsbs - ok
13:53:52.0150 4724  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:53:52.0150 4724  amdxata - ok
13:53:52.0197 4724  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
13:53:52.0275 4724  androidusb - ok
13:53:52.0400 4724  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:53:52.0415 4724  AntiVirSchedulerService - ok
13:53:52.0509 4724  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:53:52.0525 4724  AntiVirService - ok
13:53:52.0571 4724  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
13:53:52.0759 4724  AppID - ok
13:53:52.0774 4724  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:53:52.0852 4724  AppIDSvc - ok
13:53:52.0899 4724  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
13:53:52.0961 4724  Appinfo - ok
13:53:53.0008 4724  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
13:53:53.0039 4724  arc - ok
13:53:53.0071 4724  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:53:53.0086 4724  arcsas - ok
13:53:53.0195 4724  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:53:53.0211 4724  aspnet_state - ok
13:53:53.0242 4724  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:53:53.0320 4724  AsyncMac - ok
13:53:53.0351 4724  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
13:53:53.0367 4724  atapi - ok
13:53:53.0429 4724  [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
13:53:53.0523 4724  athr - ok
13:53:53.0570 4724  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:53:53.0663 4724  AudioEndpointBuilder - ok
13:53:53.0757 4724  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:53:53.0804 4724  AudioSrv - ok
13:53:53.0866 4724  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
13:53:53.0882 4724  avgntflt - ok
13:53:53.0944 4724  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
13:53:53.0960 4724  avipbb - ok
13:53:53.0991 4724  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
13:53:54.0007 4724  avkmgr - ok
13:53:54.0053 4724  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:53:54.0163 4724  AxInstSV - ok
13:53:54.0194 4724  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:53:54.0241 4724  b06bdrv - ok
13:53:54.0303 4724  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:53:54.0334 4724  b57nd60a - ok
13:53:54.0397 4724  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:53:54.0443 4724  BDESVC - ok
13:53:54.0475 4724  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:53:54.0537 4724  Beep - ok
13:53:54.0599 4724  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
13:53:54.0693 4724  BFE - ok
13:53:54.0740 4724  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
13:53:54.0833 4724  BITS - ok
13:53:54.0865 4724  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:53:54.0911 4724  blbdrive - ok
13:53:54.0943 4724  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:53:54.0989 4724  bowser - ok
13:53:55.0036 4724  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:53:55.0083 4724  BrFiltLo - ok
13:53:55.0114 4724  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:53:55.0130 4724  BrFiltUp - ok
13:53:55.0145 4724  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
13:53:55.0208 4724  BridgeMP - ok
13:53:55.0239 4724  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
13:53:55.0286 4724  Browser - ok
13:53:55.0317 4724  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:53:55.0379 4724  Brserid - ok
13:53:55.0411 4724  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:53:55.0442 4724  BrSerWdm - ok
13:53:55.0457 4724  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:53:55.0504 4724  BrUsbMdm - ok
13:53:55.0535 4724  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:53:55.0567 4724  BrUsbSer - ok
13:53:55.0598 4724  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
13:53:55.0660 4724  BthEnum - ok
13:53:55.0691 4724  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:53:55.0754 4724  BTHMODEM - ok
13:53:55.0785 4724  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:53:55.0816 4724  BthPan - ok
13:53:55.0847 4724  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
13:53:55.0894 4724  BTHPORT - ok
13:53:55.0925 4724  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
13:53:55.0972 4724  bthserv - ok
13:53:56.0019 4724  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
13:53:56.0066 4724  BTHUSB - ok
13:53:56.0128 4724  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:53:56.0191 4724  cdfs - ok
13:53:56.0237 4724  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:53:56.0269 4724  cdrom - ok
13:53:56.0331 4724  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
13:53:56.0378 4724  CertPropSvc - ok
13:53:56.0440 4724  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
13:53:56.0487 4724  circlass - ok
13:53:56.0534 4724  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:53:56.0565 4724  CLFS - ok
13:53:56.0627 4724  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:53:56.0659 4724  clr_optimization_v2.0.50727_32 - ok
13:53:56.0705 4724  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:53:56.0721 4724  clr_optimization_v2.0.50727_64 - ok
13:53:56.0783 4724  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:53:56.0799 4724  clr_optimization_v4.0.30319_32 - ok
13:53:56.0830 4724  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:53:56.0830 4724  clr_optimization_v4.0.30319_64 - ok
13:53:56.0861 4724  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:53:56.0877 4724  CmBatt - ok
13:53:56.0908 4724  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:53:56.0924 4724  cmdide - ok
13:53:56.0971 4724  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
13:53:57.0017 4724  CNG - ok
13:53:57.0033 4724  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:53:57.0049 4724  Compbatt - ok
13:53:57.0095 4724  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
13:53:57.0142 4724  CompositeBus - ok
13:53:57.0158 4724  COMSysApp - ok
13:53:57.0189 4724  cpuz135 - ok
13:53:57.0220 4724  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:53:57.0236 4724  crcdisk - ok
13:53:57.0283 4724  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:53:57.0345 4724  CryptSvc - ok
13:53:57.0423 4724  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:53:57.0485 4724  DcomLaunch - ok
13:53:57.0595 4724  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
13:53:57.0844 4724  defragsvc - ok
13:53:57.0891 4724  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:53:57.0953 4724  DfsC - ok
13:53:57.0985 4724  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:53:58.0047 4724  Dhcp - ok
13:53:58.0078 4724  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
13:53:58.0141 4724  discache - ok
13:53:58.0172 4724  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
13:53:58.0203 4724  Disk - ok
13:53:58.0234 4724  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:53:58.0297 4724  Dnscache - ok
13:53:58.0328 4724  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:53:58.0406 4724  dot3svc - ok
13:53:58.0437 4724  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
13:53:58.0515 4724  DPS - ok
13:53:58.0562 4724  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:53:58.0609 4724  drmkaud - ok
13:53:58.0702 4724  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:53:58.0733 4724  DXGKrnl - ok
13:53:58.0780 4724  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
13:53:58.0843 4724  EapHost - ok
13:53:58.0952 4724  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:53:59.0061 4724  ebdrv - ok
13:53:59.0092 4724  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
13:53:59.0123 4724  EFS - ok
13:53:59.0186 4724  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:53:59.0248 4724  ehRecvr - ok
13:53:59.0264 4724  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
13:53:59.0311 4724  ehSched - ok
13:53:59.0342 4724  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:53:59.0373 4724  elxstor - ok
13:53:59.0404 4724  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:53:59.0435 4724  ErrDev - ok
13:53:59.0482 4724  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
13:53:59.0545 4724  EventSystem - ok
13:53:59.0607 4724  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
13:53:59.0669 4724  exfat - ok
13:53:59.0701 4724  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:53:59.0779 4724  fastfat - ok
13:53:59.0825 4724  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
13:53:59.0872 4724  Fax - ok
13:53:59.0888 4724  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
13:53:59.0935 4724  fdc - ok
13:53:59.0966 4724  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:54:00.0028 4724  fdPHost - ok
13:54:00.0044 4724  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:54:00.0106 4724  FDResPub - ok
13:54:00.0122 4724  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:54:00.0137 4724  FileInfo - ok
13:54:00.0153 4724  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:54:00.0231 4724  Filetrace - ok
13:54:00.0262 4724  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:54:00.0278 4724  flpydisk - ok
13:54:00.0309 4724  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:54:00.0325 4724  FltMgr - ok
13:54:00.0418 4724  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
13:54:00.0481 4724  FontCache - ok
13:54:00.0527 4724  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:54:00.0543 4724  FontCache3.0.0.0 - ok
13:54:00.0574 4724  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:54:00.0590 4724  FsDepends - ok
13:54:00.0621 4724  [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
13:54:00.0637 4724  fssfltr - ok
13:54:00.0761 4724  [ B6AB40819ECEC4BA07266EC0EBBC85A7 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:54:00.0839 4724  fsssvc - ok
13:54:00.0855 4724  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:54:00.0871 4724  Fs_Rec - ok
13:54:00.0886 4724  [ BA0C1FFDA496D8BCBCAC63F8D98D20E3 ] FUJ02B1         C:\Windows\system32\DRIVERS\FUJ02B1.sys
13:54:00.0933 4724  FUJ02B1 - ok
13:54:00.0949 4724  [ 7135030CBF87D724B6037BB023923730 ] FUJ02E3         C:\Windows\system32\DRIVERS\FUJ02E3.sys
13:54:00.0995 4724  FUJ02E3 - ok
13:54:01.0027 4724  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:54:01.0058 4724  fvevol - ok
13:54:01.0089 4724  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:54:01.0105 4724  gagp30kx - ok
13:54:01.0167 4724  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
13:54:01.0245 4724  gpsvc - ok
13:54:01.0276 4724  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:54:01.0323 4724  hcw85cir - ok
13:54:01.0339 4724  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:54:01.0370 4724  HdAudAddService - ok
13:54:01.0401 4724  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:54:01.0417 4724  HDAudBus - ok
13:54:01.0448 4724  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
13:54:01.0463 4724  HECIx64 - ok
13:54:01.0495 4724  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:54:01.0526 4724  HidBatt - ok
13:54:01.0541 4724  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:54:01.0573 4724  HidBth - ok
13:54:01.0604 4724  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:54:01.0619 4724  HidIr - ok
13:54:01.0651 4724  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
13:54:01.0713 4724  hidserv - ok
13:54:01.0744 4724  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:54:01.0760 4724  HidUsb - ok
13:54:01.0775 4724  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:54:01.0869 4724  hkmsvc - ok
13:54:01.0885 4724  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:54:01.0931 4724  HomeGroupListener - ok
13:54:01.0963 4724  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:54:01.0994 4724  HomeGroupProvider - ok
13:54:02.0025 4724  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:54:02.0041 4724  HpSAMD - ok
13:54:02.0072 4724  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
13:54:02.0103 4724  HTCAND64 - ok
13:54:02.0165 4724  [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
13:54:02.0181 4724  htcnprot - ok
13:54:02.0212 4724  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:54:02.0275 4724  HTTP - ok
13:54:02.0275 4724  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:54:02.0290 4724  hwpolicy - ok
13:54:02.0321 4724  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:54:02.0337 4724  i8042prt - ok
13:54:02.0368 4724  [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor          C:\Windows\system32\drivers\iaStor.sys
13:54:02.0399 4724  iaStor - ok
13:54:02.0446 4724  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:54:02.0462 4724  iaStorV - ok
13:54:02.0524 4724  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:54:02.0571 4724  idsvc - ok
13:54:02.0774 4724  [ 8E509DE232CFA4F8A5B34F01802F500E ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:54:03.0055 4724  igfx - ok
13:54:03.0086 4724  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:54:03.0101 4724  iirsp - ok
13:54:03.0133 4724  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:54:03.0211 4724  IKEEXT - ok
13:54:03.0242 4724  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
13:54:03.0289 4724  Impcd - ok
13:54:03.0429 4724  [ 42943BB3AB7A405B30EFF7C8283CC129 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:54:03.0476 4724  IntcAzAudAddService - ok
13:54:03.0523 4724  [ D248AAE81C156C0D47A77CD61BC24CD4 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
13:54:03.0538 4724  IntcDAud - ok
13:54:03.0554 4724  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
13:54:03.0569 4724  intelide - ok
13:54:03.0601 4724  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:54:03.0632 4724  intelppm - ok
13:54:03.0647 4724  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:54:03.0710 4724  IPBusEnum - ok
13:54:03.0741 4724  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:54:03.0803 4724  IpFilterDriver - ok
13:54:03.0819 4724  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:54:03.0881 4724  iphlpsvc - ok
13:54:03.0897 4724  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:54:03.0913 4724  IPMIDRV - ok
13:54:03.0944 4724  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:54:04.0006 4724  IPNAT - ok
13:54:04.0053 4724  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:54:04.0069 4724  IRENUM - ok
13:54:04.0100 4724  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:54:04.0115 4724  isapnp - ok
13:54:04.0162 4724  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:54:04.0178 4724  iScsiPrt - ok
13:54:04.0225 4724  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:54:04.0225 4724  kbdclass - ok
13:54:04.0271 4724  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:54:04.0303 4724  kbdhid - ok
13:54:04.0334 4724  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
13:54:04.0349 4724  KeyIso - ok
13:54:04.0381 4724  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:54:04.0396 4724  KSecDD - ok
13:54:04.0427 4724  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:54:04.0443 4724  KSecPkg - ok
13:54:04.0459 4724  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:54:04.0521 4724  ksthunk - ok
13:54:04.0537 4724  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:54:04.0599 4724  KtmRm - ok
13:54:04.0646 4724  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
13:54:04.0708 4724  LanmanServer - ok
13:54:04.0755 4724  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:54:04.0802 4724  LanmanWorkstation - ok
13:54:04.0864 4724  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:54:04.0927 4724  lltdio - ok
13:54:04.0958 4724  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:54:05.0020 4724  lltdsvc - ok
13:54:05.0036 4724  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:54:05.0083 4724  lmhosts - ok
13:54:05.0145 4724  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:54:05.0176 4724  LMS ( UnsignedFile.Multi.Generic ) - warning
13:54:05.0176 4724  LMS - detected UnsignedFile.Multi.Generic (1)
13:54:05.0207 4724  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:54:05.0239 4724  LSI_FC - ok
13:54:05.0254 4724  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:54:05.0270 4724  LSI_SAS - ok
13:54:05.0301 4724  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:54:05.0317 4724  LSI_SAS2 - ok
13:54:05.0317 4724  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:54:05.0332 4724  LSI_SCSI - ok
13:54:05.0379 4724  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:54:05.0457 4724  luafv - ok
13:54:05.0488 4724  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:54:05.0519 4724  Mcx2Svc - ok
13:54:05.0535 4724  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:54:05.0551 4724  megasas - ok
13:54:05.0597 4724  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:54:05.0629 4724  MegaSR - ok
13:54:05.0644 4724  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
13:54:05.0738 4724  MMCSS - ok
13:54:05.0753 4724  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
13:54:05.0816 4724  Modem - ok
13:54:05.0847 4724  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:54:05.0878 4724  monitor - ok
13:54:05.0925 4724  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:54:05.0941 4724  mouclass - ok
13:54:05.0972 4724  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:54:05.0987 4724  mouhid - ok
13:54:06.0003 4724  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:54:06.0034 4724  mountmgr - ok
13:54:06.0081 4724  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:54:06.0097 4724  MozillaMaintenance - ok
13:54:06.0159 4724  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:54:06.0175 4724  mpio - ok
13:54:06.0221 4724  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:54:06.0284 4724  mpsdrv - ok
13:54:06.0331 4724  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:54:06.0409 4724  MpsSvc - ok
13:54:06.0424 4724  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:54:06.0455 4724  MRxDAV - ok
13:54:06.0487 4724  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:54:06.0518 4724  mrxsmb - ok
13:54:06.0549 4724  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:54:06.0565 4724  mrxsmb10 - ok
13:54:06.0580 4724  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:54:06.0627 4724  mrxsmb20 - ok
13:54:06.0643 4724  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:54:06.0658 4724  msahci - ok
13:54:06.0689 4724  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:54:06.0705 4724  msdsm - ok
13:54:06.0721 4724  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
13:54:06.0783 4724  MSDTC - ok
13:54:06.0814 4724  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:54:06.0877 4724  Msfs - ok
13:54:06.0908 4724  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:54:06.0955 4724  mshidkmdf - ok
13:54:06.0986 4724  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:54:07.0001 4724  msisadrv - ok
13:54:07.0033 4724  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:54:07.0095 4724  MSiSCSI - ok
13:54:07.0095 4724  msiserver - ok
13:54:07.0157 4724  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:54:07.0204 4724  MSKSSRV - ok
13:54:07.0220 4724  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:54:07.0267 4724  MSPCLOCK - ok
13:54:07.0282 4724  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:54:07.0345 4724  MSPQM - ok
13:54:07.0376 4724  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:54:07.0407 4724  MsRPC - ok
13:54:07.0423 4724  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:54:07.0438 4724  mssmbios - ok
13:54:07.0454 4724  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:54:07.0501 4724  MSTEE - ok
13:54:07.0532 4724  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:54:07.0563 4724  MTConfig - ok
13:54:07.0579 4724  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:54:07.0594 4724  Mup - ok
13:54:07.0641 4724  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
13:54:07.0703 4724  napagent - ok
13:54:07.0750 4724  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:54:07.0813 4724  NativeWifiP - ok
13:54:07.0875 4724  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:54:07.0922 4724  NDIS - ok
13:54:07.0953 4724  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:54:08.0000 4724  NdisCap - ok
13:54:08.0031 4724  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:54:08.0078 4724  NdisTapi - ok
13:54:08.0093 4724  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:54:08.0171 4724  Ndisuio - ok
13:54:08.0187 4724  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:54:08.0249 4724  NdisWan - ok
13:54:08.0265 4724  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:54:08.0327 4724  NDProxy - ok
13:54:08.0343 4724  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:54:08.0405 4724  NetBIOS - ok
13:54:08.0421 4724  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:54:08.0483 4724  NetBT - ok
13:54:08.0515 4724  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
13:54:08.0530 4724  Netlogon - ok
13:54:08.0561 4724  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
13:54:08.0639 4724  Netman - ok
13:54:08.0671 4724  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:54:08.0702 4724  NetMsmqActivator - ok
13:54:08.0733 4724  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:54:08.0749 4724  NetPipeActivator - ok
13:54:08.0780 4724  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
13:54:08.0842 4724  netprofm - ok
13:54:08.0858 4724  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:54:08.0873 4724  NetTcpActivator - ok
13:54:08.0889 4724  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:54:08.0889 4724  NetTcpPortSharing - ok
13:54:08.0936 4724  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:54:08.0951 4724  nfrd960 - ok
13:54:08.0983 4724  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:54:09.0014 4724  NlaSvc - ok
13:54:09.0029 4724  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:54:09.0092 4724  Npfs - ok
13:54:09.0107 4724  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
13:54:09.0154 4724  nsi - ok
13:54:09.0170 4724  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:54:09.0232 4724  nsiproxy - ok
13:54:09.0295 4724  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:54:09.0404 4724  Ntfs - ok
13:54:09.0419 4724  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
13:54:09.0482 4724  Null - ok
13:54:09.0513 4724  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:54:09.0529 4724  nvraid - ok
13:54:09.0544 4724  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:54:09.0560 4724  nvstor - ok
13:54:09.0575 4724  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:54:09.0591 4724  nv_agp - ok
13:54:09.0622 4724  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:54:09.0669 4724  ohci1394 - ok
13:54:09.0700 4724  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:54:09.0731 4724  p2pimsvc - ok
13:54:09.0778 4724  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:54:09.0809 4724  p2psvc - ok
13:54:09.0841 4724  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
13:54:09.0872 4724  Parport - ok
13:54:09.0887 4724  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:54:09.0919 4724  partmgr - ok
13:54:09.0981 4724  [ 3CAE2BBC86FCF7F94C9696994AF30386 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
13:54:10.0012 4724  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
13:54:10.0012 4724  PassThru Service - detected UnsignedFile.Multi.Generic (1)
13:54:10.0043 4724  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:54:10.0075 4724  PcaSvc - ok
13:54:10.0106 4724  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
13:54:10.0121 4724  pci - ok
13:54:10.0137 4724  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
13:54:10.0153 4724  pciide - ok
13:54:10.0184 4724  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:54:10.0199 4724  pcmcia - ok
13:54:10.0231 4724  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:54:10.0246 4724  pcw - ok
13:54:10.0277 4724  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:54:10.0355 4724  PEAUTH - ok
13:54:10.0480 4724  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:54:10.0496 4724  PerfHost - ok
13:54:10.0589 4724  [ C0F1CFCEE7E8AFF3AE0A7F54A7D3D6BE ] PFNService      C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
13:54:10.0621 4724  PFNService ( UnsignedFile.Multi.Generic ) - warning
13:54:10.0621 4724  PFNService - detected UnsignedFile.Multi.Generic (1)
13:54:10.0683 4724  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
13:54:10.0808 4724  pla - ok
13:54:10.0870 4724  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:54:10.0917 4724  PlugPlay - ok
13:54:10.0948 4724  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:54:10.0995 4724  PNRPAutoReg - ok
13:54:11.0042 4724  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:54:11.0073 4724  PNRPsvc - ok
13:54:11.0120 4724  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:54:11.0182 4724  PolicyAgent - ok
13:54:11.0229 4724  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
13:54:11.0291 4724  Power - ok
13:54:11.0338 4724  [ 843BA5F09A391D52AC1F8486C5FC3D4F ] PowerSavingUtilityService C:\Program Files\Fujitsu\PSUtility\PSUService.exe
13:54:11.0354 4724  PowerSavingUtilityService - ok
13:54:11.0385 4724  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:54:11.0447 4724  PptpMiniport - ok
13:54:11.0463 4724  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
13:54:11.0479 4724  Processor - ok
13:54:11.0510 4724  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:54:11.0541 4724  ProfSvc - ok
13:54:11.0557 4724  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:54:11.0572 4724  ProtectedStorage - ok
13:54:11.0603 4724  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:54:11.0650 4724  Psched - ok
13:54:11.0697 4724  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:54:11.0775 4724  ql2300 - ok
13:54:11.0791 4724  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:54:11.0806 4724  ql40xx - ok
13:54:11.0837 4724  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
13:54:11.0869 4724  QWAVE - ok
13:54:11.0900 4724  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:54:11.0915 4724  QWAVEdrv - ok
13:54:11.0947 4724  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:54:11.0993 4724  RasAcd - ok
13:54:12.0009 4724  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:54:12.0071 4724  RasAgileVpn - ok
13:54:12.0087 4724  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
13:54:12.0149 4724  RasAuto - ok
13:54:12.0165 4724  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:54:12.0227 4724  Rasl2tp - ok
13:54:12.0274 4724  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
13:54:12.0337 4724  RasMan - ok
13:54:12.0352 4724  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:54:12.0415 4724  RasPppoe - ok
13:54:12.0446 4724  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:54:12.0524 4724  RasSstp - ok
13:54:12.0539 4724  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:54:12.0602 4724  rdbss - ok
13:54:12.0633 4724  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
13:54:12.0664 4724  rdpbus - ok
13:54:12.0680 4724  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:54:12.0742 4724  RDPCDD - ok
13:54:12.0758 4724  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:54:12.0820 4724  RDPENCDD - ok
13:54:12.0836 4724  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:54:12.0898 4724  RDPREFMP - ok
13:54:12.0929 4724  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:54:12.0976 4724  RdpVideoMiniport - ok
13:54:13.0007 4724  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:54:13.0054 4724  RDPWD - ok
13:54:13.0101 4724  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:54:13.0117 4724  rdyboost - ok
13:54:13.0163 4724  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:54:13.0226 4724  RemoteAccess - ok
13:54:13.0257 4724  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:54:13.0319 4724  RemoteRegistry - ok
13:54:13.0366 4724  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:54:13.0413 4724  RFCOMM - ok
13:54:13.0444 4724  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:54:13.0491 4724  RpcEptMapper - ok
13:54:13.0522 4724  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
13:54:13.0553 4724  RpcLocator - ok
13:54:13.0585 4724  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
13:54:13.0631 4724  RpcSs - ok
13:54:13.0663 4724  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:54:13.0725 4724  rspndr - ok
13:54:13.0756 4724  [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
13:54:13.0787 4724  RSUSBSTOR - ok
13:54:13.0834 4724  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:54:13.0850 4724  RTL8167 - ok
13:54:13.0865 4724  RtsUIR - ok
13:54:13.0881 4724  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
13:54:13.0897 4724  SamSs - ok
13:54:13.0928 4724  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:54:13.0943 4724  sbp2port - ok
13:54:13.0975 4724  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:54:14.0021 4724  SCardSvr - ok
13:54:14.0037 4724  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:54:14.0099 4724  scfilter - ok
13:54:14.0131 4724  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
13:54:14.0224 4724  Schedule - ok
13:54:14.0240 4724  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:54:14.0302 4724  SCPolicySvc - ok
13:54:14.0318 4724  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:54:14.0333 4724  SDRSVC - ok
13:54:14.0365 4724  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:54:14.0427 4724  secdrv - ok
13:54:14.0458 4724  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
13:54:14.0505 4724  seclogon - ok
13:54:14.0536 4724  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
13:54:14.0614 4724  SENS - ok
13:54:14.0630 4724  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:54:14.0677 4724  SensrSvc - ok
13:54:14.0708 4724  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:54:14.0739 4724  Serenum - ok
13:54:14.0755 4724  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
13:54:14.0786 4724  Serial - ok
13:54:14.0801 4724  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:54:14.0833 4724  sermouse - ok
13:54:14.0864 4724  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:54:14.0942 4724  SessionEnv - ok
13:54:14.0989 4724  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:54:15.0004 4724  sffdisk - ok
13:54:15.0035 4724  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:54:15.0082 4724  sffp_mmc - ok
13:54:15.0098 4724  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:54:15.0129 4724  sffp_sd - ok
13:54:15.0176 4724  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:54:15.0191 4724  sfloppy - ok
13:54:15.0238 4724  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:54:15.0301 4724  SharedAccess - ok
13:54:15.0332 4724  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:54:15.0410 4724  ShellHWDetection - ok
13:54:15.0441 4724  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:54:15.0457 4724  SiSRaid2 - ok
13:54:15.0472 4724  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:54:15.0488 4724  SiSRaid4 - ok
13:54:15.0519 4724  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:54:15.0597 4724  Smb - ok
13:54:15.0644 4724  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:54:15.0691 4724  SNMPTRAP - ok
13:54:15.0706 4724  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:54:15.0722 4724  spldr - ok
13:54:15.0769 4724  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
13:54:15.0815 4724  Spooler - ok
13:54:15.0925 4724  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
13:54:16.0081 4724  sppsvc - ok
13:54:16.0096 4724  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:54:16.0159 4724  sppuinotify - ok
13:54:16.0190 4724  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:54:16.0237 4724  srv - ok
13:54:16.0252 4724  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:54:16.0283 4724  srv2 - ok
13:54:16.0299 4724  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:54:16.0330 4724  srvnet - ok
13:54:16.0393 4724  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
13:54:16.0439 4724  ssadbus - ok
13:54:16.0455 4724  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
13:54:16.0486 4724  ssadmdfl - ok
13:54:16.0517 4724  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
13:54:16.0564 4724  ssadmdm - ok
13:54:16.0611 4724  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:54:16.0689 4724  SSDPSRV - ok
13:54:16.0705 4724  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:54:16.0751 4724  SstpSvc - ok
13:54:16.0798 4724  Steam Client Service - ok
13:54:16.0814 4724  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:54:16.0829 4724  stexstor - ok
13:54:16.0892 4724  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:54:16.0985 4724  stisvc - ok
13:54:17.0001 4724  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:54:17.0017 4724  swenum - ok
13:54:17.0048 4724  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
13:54:17.0110 4724  swprv - ok
13:54:17.0157 4724  [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
13:54:17.0173 4724  SynTP - ok
13:54:17.0453 4724  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
13:54:17.0594 4724  SysMain - ok
13:54:17.0609 4724  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:54:17.0641 4724  TabletInputService - ok
13:54:17.0687 4724  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:54:17.0812 4724  TapiSrv - ok
13:54:17.0828 4724  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
13:54:17.0921 4724  TBS - ok
13:54:17.0999 4724  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:54:18.0124 4724  Tcpip - ok
13:54:18.0233 4724  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:54:18.0296 4724  TCPIP6 - ok
13:54:18.0327 4724  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:54:18.0389 4724  tcpipreg - ok
13:54:18.0421 4724  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:54:18.0467 4724  TDPIPE - ok
13:54:18.0499 4724  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:54:18.0530 4724  TDTCP - ok
13:54:18.0561 4724  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:54:18.0623 4724  tdx - ok
13:54:18.0670 4724  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:54:18.0686 4724  TermDD - ok
13:54:18.0811 4724  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
13:54:18.0920 4724  TermService - ok
13:54:18.0920 4724  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
13:54:18.0951 4724  Themes - ok
13:54:18.0998 4724  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
13:54:19.0060 4724  THREADORDER - ok
13:54:19.0107 4724  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
13:54:19.0138 4724  TPM - ok
13:54:19.0169 4724  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
13:54:19.0232 4724  TrkWks - ok
13:54:19.0357 4724  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:54:19.0435 4724  TrustedInstaller - ok
13:54:19.0466 4724  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:54:19.0544 4724  tssecsrv - ok
13:54:19.0606 4724  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:54:19.0653 4724  TsUsbFlt - ok
13:54:19.0669 4724  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:54:19.0700 4724  TsUsbGD - ok
13:54:19.0731 4724  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:54:19.0793 4724  tunnel - ok
13:54:19.0856 4724  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:54:19.0887 4724  uagp35 - ok
13:54:19.0934 4724  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:54:20.0012 4724  udfs - ok
13:54:20.0043 4724  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:54:20.0059 4724  UI0Detect - ok
13:54:20.0090 4724  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:54:20.0105 4724  uliagpkx - ok
13:54:20.0137 4724  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:54:20.0183 4724  umbus - ok
13:54:20.0215 4724  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:54:20.0246 4724  UmPass - ok
13:54:20.0636 4724  [ 41118D920B2B268C0ADC36421248CDCF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:54:20.0776 4724  UNS ( UnsignedFile.Multi.Generic ) - warning
13:54:20.0776 4724  UNS - detected UnsignedFile.Multi.Generic (1)
13:54:20.0807 4724  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
13:54:20.0870 4724  upnphost - ok
13:54:20.0917 4724  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:54:20.0963 4724  usbaudio - ok
13:54:20.0979 4724  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:54:21.0041 4724  usbccgp - ok
13:54:21.0041 4724  USBCCID - ok
13:54:21.0104 4724  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:54:21.0166 4724  usbcir - ok
13:54:21.0213 4724  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
13:54:21.0260 4724  usbehci - ok
13:54:21.0291 4724  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:54:21.0322 4724  usbhub - ok
13:54:21.0338 4724  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:54:21.0353 4724  usbohci - ok
13:54:21.0400 4724  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:54:21.0431 4724  usbprint - ok
13:54:21.0463 4724  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:54:21.0494 4724  usbscan - ok
13:54:21.0525 4724  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:54:21.0587 4724  USBSTOR - ok
13:54:21.0619 4724  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:54:21.0650 4724  usbuhci - ok
13:54:21.0712 4724  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:54:21.0775 4724  usbvideo - ok
13:54:21.0821 4724  [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
13:54:21.0868 4724  usb_rndisx - ok
13:54:21.0884 4724  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
13:54:21.0962 4724  UxSms - ok
13:54:22.0009 4724  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:54:22.0024 4724  VaultSvc - ok
13:54:22.0087 4724  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:54:22.0102 4724  vdrvroot - ok
13:54:22.0180 4724  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
13:54:22.0289 4724  vds - ok
13:54:22.0399 4724  [ D9656445499625B0ED88C0B203F3C16F ] VFPRadioSupportService C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
13:54:22.0414 4724  VFPRadioSupportService - ok
13:54:22.0461 4724  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:54:22.0477 4724  vga - ok
13:54:22.0492 4724  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:54:22.0555 4724  VgaSave - ok
13:54:22.0586 4724  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:54:22.0601 4724  vhdmp - ok
13:54:22.0633 4724  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:54:22.0648 4724  viaide - ok
13:54:22.0679 4724  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:54:22.0695 4724  volmgr - ok
13:54:22.0726 4724  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:54:22.0757 4724  volmgrx - ok
13:54:22.0804 4724  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:54:22.0851 4724  volsnap - ok
13:54:22.0882 4724  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:54:22.0898 4724  vsmraid - ok
13:54:23.0163 4724  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
13:54:23.0303 4724  VSS - ok
13:54:23.0366 4724  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:54:23.0444 4724  vwifibus - ok
13:54:23.0459 4724  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:54:23.0522 4724  vwififlt - ok
13:54:23.0553 4724  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
13:54:23.0569 4724  vwifimp - ok
13:54:23.0600 4724  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
13:54:23.0678 4724  W32Time - ok
13:54:23.0709 4724  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:54:23.0725 4724  WacomPen - ok
13:54:23.0756 4724  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:54:23.0849 4724  WANARP - ok
13:54:23.0849 4724  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:54:23.0896 4724  Wanarpv6 - ok
13:54:24.0052 4724  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
13:54:24.0193 4724  wbengine - ok
13:54:24.0208 4724  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:54:24.0239 4724  WbioSrvc - ok
13:54:24.0302 4724  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:54:24.0380 4724  wcncsvc - ok
13:54:24.0427 4724  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:54:24.0442 4724  WcsPlugInService - ok
13:54:24.0473 4724  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
13:54:24.0505 4724  Wd - ok
13:54:24.0567 4724  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:54:24.0645 4724  Wdf01000 - ok
13:54:24.0692 4724  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:54:24.0817 4724  WdiServiceHost - ok
13:54:24.0832 4724  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:54:24.0848 4724  WdiSystemHost - ok
13:54:24.0895 4724  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
13:54:24.0926 4724  WebClient - ok
13:54:24.0941 4724  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:54:25.0004 4724  Wecsvc - ok
13:54:25.0035 4724  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:54:25.0082 4724  wercplsupport - ok
13:54:25.0113 4724  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:54:25.0160 4724  WerSvc - ok
13:54:25.0191 4724  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:54:25.0238 4724  WfpLwf - ok
13:54:25.0253 4724  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:54:25.0269 4724  WIMMount - ok
13:54:25.0285 4724  WinDefend - ok
13:54:25.0300 4724  WinHttpAutoProxySvc - ok
13:54:25.0394 4724  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:54:25.0503 4724  Winmgmt - ok
13:54:25.0659 4724  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
13:54:25.0799 4724  WinRM - ok
13:54:25.0846 4724  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:54:25.0877 4724  WinUsb - ok
13:54:26.0018 4724  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:54:26.0096 4724  Wlansvc - ok
13:54:26.0345 4724  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:54:26.0486 4724  wlidsvc - ok
13:54:26.0517 4724  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:54:26.0548 4724  WmiAcpi - ok
13:54:26.0579 4724  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:54:26.0611 4724  wmiApSrv - ok
13:54:26.0642 4724  WMPNetworkSvc - ok
13:54:26.0673 4724  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:54:26.0689 4724  WPCSvc - ok
13:54:26.0704 4724  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:54:26.0720 4724  WPDBusEnum - ok
13:54:26.0751 4724  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:54:26.0813 4724  ws2ifsl - ok
13:54:26.0860 4724  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
13:54:26.0891 4724  wscsvc - ok
13:54:26.0891 4724  WSearch - ok
13:54:27.0375 4724  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:54:27.0500 4724  wuauserv - ok
13:54:27.0515 4724  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:54:27.0547 4724  WudfPf - ok
13:54:27.0593 4724  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:54:27.0609 4724  WUDFRd - ok
13:54:27.0625 4724  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:54:27.0656 4724  wudfsvc - ok
13:54:27.0671 4724  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:54:27.0703 4724  WwanSvc - ok
13:54:27.0749 4724  ================ Scan global ===============================
13:54:27.0781 4724  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:54:27.0796 4724  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:54:27.0812 4724  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:54:27.0843 4724  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:54:27.0874 4724  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:54:27.0874 4724  [Global] - ok
13:54:27.0874 4724  ================ Scan MBR ==================================
13:54:27.0905 4724  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:54:28.0732 4724  \Device\Harddisk0\DR0 - ok
13:54:28.0732 4724  ================ Scan VBR ==================================
13:54:28.0779 4724  [ 0A936B485AE1DB8F13FB6124BD5BF3AC ] \Device\Harddisk0\DR0\Partition1
13:54:28.0779 4724  \Device\Harddisk0\DR0\Partition1 - ok
13:54:28.0795 4724  [ 6961590AD28749F465417238D89F14E9 ] \Device\Harddisk0\DR0\Partition2
13:54:28.0795 4724  \Device\Harddisk0\DR0\Partition2 - ok
13:54:28.0795 4724  ============================================================
13:54:28.0795 4724  Scan finished
13:54:28.0795 4724  ============================================================
13:54:28.0810 0656  Detected object count: 4
13:54:28.0810 0656  Actual detected object count: 4
13:58:17.0631 0656  LMS ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:17.0631 0656  LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:58:17.0647 0656  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:17.0647 0656  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:58:17.0647 0656  PFNService ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:17.0647 0656  PFNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:58:17.0647 0656  UNS ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:17.0647 0656  UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg · 13.08.2013, 17:11

Hi,
versuch mal bitte folgenes.
combofix.exe löschen, neu laden.
Starte neu, drücke f8 wähle abgebsicherter Modus.
Melde dich in deinem Konto an, führe Combofix erneut aus.
wenn alles klappt, starte in den normalen Modus, poste das Log, bzw falls nich,die Info das es einen Fehler gab.

DanSkorksi · 13.08.2013, 22:57

Hi,
jetzt gent leider gar nichts mehr. Blue Screen nach Neustart. Weder normales Booten noch über die Systemwiederherstellung möglich.

Systemwiederherstellung war Jetzt doch möglich.

DanSkorksi · 15.08.2013, 12:26

Ok, nach der Systemwiederherstellung auf einen älteren Stand konnte ich combofix jetzt normal ausführen.

Code:

ATTFilter

ComboFix 13-08-14.02 - * 15.08.2013  12:54:35.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3893.2260 [GMT 2:00]
ausgeführt von:: c:\users\*\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-15 bis 2013-08-15  ))))))))))))))))))))))))))))))
.
.
2013-08-15 11:01 . 2013-08-15 11:01	--------	d-----w-	c:\users\TxR\AppData\Local\temp
2013-08-15 11:01 . 2013-08-15 11:01	--------	d-----w-	c:\users\systemprofile\AppData\Local\temp
2013-08-15 11:01 . 2013-08-15 11:01	--------	d-----w-	c:\users\RegBack\AppData\Local\temp
2013-08-15 11:01 . 2013-08-15 11:01	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-08-15 11:01 . 2013-08-15 11:01	--------	d-----w-	c:\users\Journal\AppData\Local\temp
2013-08-15 11:01 . 2013-08-15 11:01	--------	d-----w-	c:\users\Internetkonto\AppData\Local\temp
2013-08-15 11:01 . 2013-08-15 11:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-13 17:00 . 2013-08-13 17:00	--------	d-----w-	c:\users\*\AppData\Roaming\OpenOffice
2013-08-09 18:18 . 2013-08-09 18:18	--------	d-----w-	C:\FRST
2013-08-08 12:10 . 2013-08-09 17:37	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-08-08 12:10 . 2013-08-13 10:48	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2013-08-06 16:34 . 2013-07-02 08:34	9460976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A6B3CEE-E943-4B18-B824-89DA4A1A5F5B}\mpengine.dll
2013-08-06 16:16 . 2013-06-07 03:22	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-08-06 15:59 . 2013-06-04 06:00	624128	----a-w-	c:\windows\system32\qedit.dll
2013-08-06 15:59 . 2013-06-04 04:53	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2013-08-06 15:41 . 2013-08-06 15:41	--------	d-----w-	c:\users\Internetkonto\AppData\Roaming\RCP 6
2013-08-06 15:33 . 2013-08-06 15:33	--------	d-----w-	C:\ConversionOutput
2013-08-06 15:18 . 2013-08-06 15:18	--------	d-----w-	c:\users\Internetkonto\AppData\Local\PictureConverter
2013-08-06 09:39 . 2013-08-06 09:39	--------	d-----w-	c:\program files (x86)\OpenOffice 4
2013-08-06 09:14 . 2013-08-06 09:14	--------	d-----w-	c:\windows\en
2013-08-06 09:14 . 2013-08-06 09:14	--------	d-----w-	c:\windows\de
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-06 16:19 . 2011-12-25 20:04	78185248	----a-w-	c:\windows\system32\MRT.exe
2013-08-06 09:30 . 2012-04-03 22:00	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-06 09:30 . 2011-12-28 20:46	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-08 21:02 . 2013-07-08 21:02	312232	----a-w-	c:\windows\system32\javaws.exe
2013-07-08 21:02 . 2013-07-08 21:02	189352	----a-w-	c:\windows\system32\javaw.exe
2013-07-08 21:02 . 2013-07-08 21:02	188840	----a-w-	c:\windows\system32\java.exe
2013-07-08 21:02 . 2013-07-08 21:02	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-08 21:02 . 2011-12-28 20:48	972712	----a-w-	c:\windows\system32\deployJava1.dll
2013-07-08 21:02 . 2011-12-28 20:48	1093032	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-06-09 19:59 . 2013-07-10 13:38	216064	----a-w-	c:\windows\SysWow64\gcapi_dll.dll
2013-05-24 05:25 . 2013-05-24 05:25	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-24 05:25 . 2013-05-24 05:25	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-05-24 05:25 . 2013-05-24 05:25	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-05-24 05:25 . 2013-05-24 05:25	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-05-24 05:25 . 2013-05-24 05:25	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-05-24 05:25 . 2013-05-24 05:25	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-05-24 05:25 . 2013-05-24 05:25	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-05-24 05:25 . 2013-05-24 05:25	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-05-24 05:25 . 2013-05-24 05:25	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-05-24 05:25 . 2013-05-24 05:25	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-05-24 05:25 . 2013-05-24 05:25	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-05-24 05:25 . 2013-05-24 05:25	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-24 05:25 . 2013-05-24 05:25	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-05-24 05:25 . 2013-05-24 05:25	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-05-24 05:25 . 2013-05-24 05:25	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-05-24 05:25 . 2013-05-24 05:25	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-05-24 05:25 . 2013-05-24 05:25	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-05-24 05:25 . 2013-05-24 05:25	441856	----a-w-	c:\windows\system32\html.iec
2013-05-24 05:25 . 2013-05-24 05:25	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-05-24 05:25 . 2013-05-24 05:25	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-05-24 05:25 . 2013-05-24 05:25	216064	----a-w-	c:\windows\system32\msls31.dll
2013-05-24 05:25 . 2013-05-24 05:25	197120	----a-w-	c:\windows\system32\msrating.dll
2013-05-24 05:25 . 2013-05-24 05:25	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-05-24 05:25 . 2013-05-24 05:25	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-05-24 05:25 . 2013-05-24 05:25	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-05-24 05:25 . 2013-05-24 05:25	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-05-24 05:25 . 2013-05-24 05:25	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-05-24 05:25 . 2013-05-24 05:25	81408	----a-w-	c:\windows\system32\icardie.dll
2013-05-24 05:25 . 2013-05-24 05:25	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-05-24 05:25 . 2013-05-24 05:25	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-05-24 05:25 . 2013-05-24 05:25	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-05-24 05:25 . 2013-05-24 05:25	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-05-24 05:25 . 2013-05-24 05:25	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-05-24 05:25 . 2013-05-24 05:25	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-05-24 05:25 . 2013-05-24 05:25	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-05-24 05:25 . 2013-05-24 05:25	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-24 05:25 . 2013-05-24 05:25	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-05-24 05:25 . 2013-05-24 05:25	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-05-24 05:25 . 2013-05-24 05:25	235008	----a-w-	c:\windows\system32\url.dll
2013-05-24 05:25 . 2013-05-24 05:25	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-05-24 05:25 . 2013-05-24 05:25	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-05-24 05:25 . 2013-05-24 05:25	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-24 05:25 . 2013-05-24 05:25	149504	----a-w-	c:\windows\system32\occache.dll
2013-05-24 05:25 . 2013-05-24 05:25	144896	----a-w-	c:\windows\system32\wextract.exe
2013-05-24 05:25 . 2013-05-24 05:25	13824	----a-w-	c:\windows\system32\mshta.exe
2013-05-24 05:25 . 2013-05-24 05:25	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-05-24 05:25 . 2013-05-24 05:25	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-05-24 05:25 . 2013-05-24 05:25	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-05-24 05:25 . 2013-05-24 05:25	102912	----a-w-	c:\windows\system32\inseng.dll
2013-05-23 14:03 . 2013-05-23 14:02	5	----a-w-	c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2012-09-04 15:26 . 2012-09-04 15:26	1562480	----a-w-	c:\program files\setup_Mein_CEWE_FOTOBUCH.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-10 11:42	220632	----a-w-	c:\users\*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-10 11:42	220632	----a-w-	c:\users\*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-10 11:42	220632	----a-w-	c:\users\*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-08 36712]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912]
"DeskUpdateNotifier"="c:\fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe" [2013-02-26 102968]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [x]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe;c:\program files\Fujitsu\PSUtility\PSUService.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VFPRadioSupportService;Unterstützung für Bluetooth-Funktionen;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys;c:\windows\SYSNATIVE\DRIVERS\FUJ02E3.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 09:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-10 11:42	244696	----a-w-	c:\users\*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-10 11:42	244696	----a-w-	c:\users\*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-10 11:42	244696	----a-w-	c:\users\*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-12 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-12 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-12 410136]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-06-24 6310912]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-30 188264]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-12-24 535440]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\31qy4b1e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-SDTray - c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe
c:\users\Internetkonto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
c:\users\Internetkonto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-ImgBurn - c:\program files (x86)\ImgBurn\uninstall.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1 - c:\program files (x86)\Spybot - Search & Destroy 2\unins000.exe
AddRemove-{BEE64C14-BEF1-4610-8A68-A16EAA47B882} - c:\program files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2742597350-2926104813-441540862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-15  13:05:00
ComboFix-quarantined-files.txt  2013-08-15 11:04
.
Vor Suchlauf: 14 Verzeichnis(se), 13.836.128.256 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 13.811.937.280 Bytes frei
.
- - End Of File - - 09169855F598B629A9DB63EA8BF54083
D41D8CD98F00B204E9800998ECF8427E

markusg · 15.08.2013, 15:34

Sorry, war gestern nicht zuhaus.
es sind 3 Logs zu erstellen, bitte gleichzeitg posten, wenn möglich.
1.
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Neustarten.
2.

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

neustarten.
3.
Hitmanpro laden:
HitmanPro - Download - Filepony
Doppelklicken, Scan klicken. Log pseichern und posten, bzw als XML exportieren, packen und anhängen.

DanSkorksi · 16.08.2013, 15:34

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 16/08/2013 um 15:51:26 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : * - *-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Internetkonto\AppData\Roaming\Mozilla\Firefox\Profiles\2bvwygqm.default\foxydeal.sqlite
Ordner Gelöscht : C:\Users\*\AppData\Local\PackageAware

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=29dc6f1c-d78c-409e-8a81-3391a0e2bb65&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=29dc6f1c-d78c-409e-8a81-3391a0e2bb65&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\31qy4b1e.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Internetkonto\AppData\Roaming\Mozilla\Firefox\Profiles\2bvwygqm.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [3470 octets] - [25/11/2012 10:55:01]
AdwCleaner[S2].txt - [1790 octets] - [16/08/2013 15:51:26]

########## EOF - C:\AdwCleaner[S2].txt - [1850 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.6 (08.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by * on 16.08.2013 at 16:02:05,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricegong_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricegong_rasmancs



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{2370E373-1B32-4EDF-B009-A7A600AD76D6}



~~~ FireFox

Emptied folder: C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\31qy4b1e.default\minidumps [24 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.08.2013 at 16:10:50,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

HitmanPro 3.7.7.203
www.hitmanpro.com

   Computer name . . . . : *-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : *-PC\*
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-08-16 16:23:21
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 57s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 13
   Traces  . . . . . . . : 37

   Objects scanned . . . : 1.145.884
   Files scanned . . . . : 16.942
   Remnants scanned  . . : 234.228 files / 894.714 keys

Malware _____________________________________________________________________

   C:\$RECYCLE.BIN\S-1-5-21-2742597350-2926104813-441540862-1000\$RUZ4FPK.exe
      Size . . . . . . . : 1.159.319 bytes
      Age  . . . . . . . : 0.0 days (2013-08-16 15:56:40)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : B95348C64C56A7BDE7EF2CBCBE84C2976BE414A3E98F4A2FCC9D35A454578697
      Product  . . . . . : Junkware Removal Tool
      Publisher  . . . . : Thisisu
      Version  . . . . . : 5.4.6
    > G Data . . . . . . : Trojan.GenericKDV.1184898
    > Ikarus . . . . . . : Virus.Win32.PePatch!IK
      Fuzzy  . . . . . . : 114.0

   C:\Users\*\Desktop\JRT.exe
      Size . . . . . . . : 1.159.319 bytes
      Age  . . . . . . . : 0.0 days (2013-08-16 16:01:20)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : B95348C64C56A7BDE7EF2CBCBE84C2976BE414A3E98F4A2FCC9D35A454578697
      Product  . . . . . : Junkware Removal Tool
      Publisher  . . . . : Thisisu
      Version  . . . . . : 5.4.6
    > G Data . . . . . . : Trojan.GenericKDV.1184898
    > Ikarus . . . . . . : Virus.Win32.PePatch!IK
      Fuzzy  . . . . . . : 114.0


Cookies _____________________________________________________________________

   C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\9G14AMSA.txt
   C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\TH43OGXB.txt
   C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\TSKIYVKJ.txt

markusg · 21.08.2013, 13:59

Hi,
erst mal sorry für die Wartezeit, war unerwartet länger weg.
Kannst du mit Hitmanpro alles gefundene löschen, Browser vorher schließen.
Dann neues FRST Log

DanSkorksi · 22.08.2013, 14:54

Kein Problem, ich bin froh, dass du hilfst.

Code:

ATTFilter

HitmanPro 3.7.7.203
www.hitmanpro.com

   Computer name . . . . : *-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : *-PC\*
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-08-16 16:23:21
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 57s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 13
   Traces  . . . . . . . : 37

   Objects scanned . . . : 1.145.884
   Files scanned . . . . : 16.942
   Remnants scanned  . . : 234.228 files / 894.714 keys

Malware _____________________________________________________________________

   C:\$RECYCLE.BIN\S-1-5-21-2742597350-2926104813-441540862-1000\$RUZ4FPK.exe
      Size . . . . . . . : 1.159.319 bytes
      Age  . . . . . . . : 0.0 days (2013-08-16 15:56:40)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : B95348C64C56A7BDE7EF2CBCBE84C2976BE414A3E98F4A2FCC9D35A454578697
      Product  . . . . . : Junkware Removal Tool
      Publisher  . . . . : Thisisu
      Version  . . . . . : 5.4.6
    > G Data . . . . . . : Trojan.GenericKDV.1184898
    > Ikarus . . . . . . : Virus.Win32.PePatch!IK
      Fuzzy  . . . . . . : 114.0

   C:\Users\*\Desktop\JRT.exe
      Size . . . . . . . : 1.159.319 bytes
      Age  . . . . . . . : 0.0 days (2013-08-16 16:01:20)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : B95348C64C56A7BDE7EF2CBCBE84C2976BE414A3E98F4A2FCC9D35A454578697
      Product  . . . . . : Junkware Removal Tool
      Publisher  . . . . : Thisisu
      Version  . . . . . : 5.4.6
    > G Data . . . . . . : Trojan.GenericKDV.1184898
    > Ikarus . . . . . . : Virus.Win32.PePatch!IK
      Fuzzy  . . . . . . : 114.0


Cookies _____________________________________________________________________

   C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\9G14AMSA.txt
   C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\TH43OGXB.txt
   C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\TSKIYVKJ.txt

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by * (administrator) on 22-08-2013 15:26:38
Running from C:\Users\*\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKCU\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKLM-x32\...\Run: [LoadFUJ02E3] - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.)
HKLM-x32\...\Run: [DeskUpdateNotifier] - c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\31qy4b1e.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - D:\Programme\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - D:\Programme\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - d:\programme\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - d:\programme\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [x]
S2 SDScannerService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [x]
S2 SDUpdateService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [x]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-12-15] (Avira GmbH)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-08-22] ()
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-22 15:18 - 2013-08-22 15:18 - 00032000 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-08-22 15:17 - 2013-08-22 15:17 - 00000476 _____ C:\Windows\system32\.crusader
2013-08-22 15:13 - 2013-08-22 15:13 - 00001911 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-22 15:13 - 2013-08-22 15:13 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-17 11:35 - 2013-08-17 11:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 16:32 - 2013-08-16 16:32 - 00004390 _____ C:\Users\*\Desktop\HitmanPro_20130816_1632.log
2013-08-16 16:22 - 2013-08-22 15:17 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-16 16:21 - 2013-08-16 16:22 - 09853928 _____ (SurfRight B.V.) C:\Users\*\Desktop\HitmanPro_x64.exe
2013-08-16 16:10 - 2013-08-16 16:16 - 00001320 _____ C:\Users\*\Desktop\JRT.txt
2013-08-16 16:02 - 2013-08-16 16:02 - 00000000 ____D C:\Windows\ERUNT
2013-08-16 15:54 - 2013-08-16 15:54 - 00001884 _____ C:\Users\*\Desktop\AdwCleaner[S2].txt
2013-08-16 15:51 - 2013-08-16 15:51 - 00001919 _____ C:\AdwCleaner[S2].txt
2013-08-16 15:50 - 2013-08-16 15:50 - 00666633 _____ C:\Users\*\Desktop\adwcleaner.exe
2013-08-16 14:49 - 2013-08-16 14:49 - 00005947 _____ C:\Users\Internetkonto\Desktop\Mobilfunkvertrag_Musterkuendigung.zip
2013-08-16 14:46 - 2013-08-16 14:46 - 00000000 ____D C:\Users\Internetkonto\AppData\Roaming\OpenOffice
2013-08-15 13:05 - 2013-08-15 13:05 - 00023376 _____ C:\ComboFix.txt
2013-08-13 22:55 - 2013-08-15 12:51 - 05104931 ____R (Swearware) C:\Users\*\Desktop\ComboFix.exe
2013-08-13 19:01 - 2013-08-13 19:01 - 00013493 _____ C:\Users\*\Desktop\AbbuchungCambioSTornierung.odt
2013-08-13 19:00 - 2013-08-13 19:00 - 00000000 ____D C:\Users\*\AppData\Roaming\OpenOffice
2013-08-13 13:34 - 2013-08-13 13:34 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\*\Desktop\tdsskiller.exe
2013-08-13 12:54 - 2013-08-15 13:05 - 00000000 ____D C:\Qoobox
2013-08-13 12:54 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-13 12:54 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-13 12:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-13 12:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-13 12:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-13 12:54 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-13 12:54 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-13 12:54 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-09 20:19 - 2013-08-09 20:19 - 00022377 _____ C:\Users\*\Desktop\Addition.txt
2013-08-09 20:18 - 2013-08-09 20:18 - 00000000 ____D C:\FRST
2013-08-08 23:10 - 2013-08-08 23:13 - 110344048 _____ C:\Users\*\Desktop\avira_free_antivirus85_de.exe
2013-08-08 18:10 - 2013-08-16 12:13 - 00005290 _____ C:\Windows\PFRO.log
2013-08-08 16:09 - 2013-08-08 16:09 - 00000000 ____D C:\Users\*\Documents\ProcAlyzer Dumps
2013-08-08 14:10 - 2013-08-13 12:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-08 14:10 - 2013-08-09 19:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-08 14:10 - 2013-08-08 14:10 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-08 14:09 - 2013-08-08 14:09 - 01440846 _____ C:\Users\Internetkonto\Desktop\mbam-chameleon-1.62.1.1000.zip
2013-08-08 14:08 - 2013-08-08 14:08 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\Internetkonto\Desktop\spybotsd-2.1.21-SR2.exe
2013-08-06 20:18 - 2013-08-22 15:18 - 00001456 _____ C:\Windows\setupact.log
2013-08-06 20:18 - 2013-08-06 20:18 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 18:16 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-06 18:15 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-06 18:15 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-06 18:15 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-06 18:15 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-06 18:15 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-06 18:15 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-06 18:15 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-06 18:15 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-06 18:15 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-06 18:15 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-06 18:15 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-06 18:15 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-06 18:15 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-06 18:15 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-06 18:15 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-06 18:15 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-06 18:15 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-06 18:15 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-06 18:15 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-06 18:15 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-06 18:15 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-06 18:00 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-06 18:00 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-06 18:00 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-06 18:00 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-06 18:00 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-06 17:59 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-06 17:59 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-06 17:41 - 2013-08-06 17:41 - 00000000 ____D C:\Users\Internetkonto\AppData\Roaming\RCP 6
2013-08-06 17:33 - 2013-08-06 17:33 - 00000000 ____D C:\ConversionOutput
2013-08-06 17:18 - 2013-08-06 17:18 - 00000000 ____D C:\Users\Internetkonto\AppData\Local\PictureConverter
2013-08-06 11:39 - 2013-08-06 11:39 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-06 11:14 - 2013-08-06 11:14 - 00000000 ____D C:\Windows\en
2013-08-06 11:14 - 2013-08-06 11:14 - 00000000 ____D C:\Windows\de
2013-08-06 11:07 - 2013-08-06 11:13 - 143436858 _____ C:\Users\*\Desktop\Apache_OpenOffice_4.0.0_Win_x86_install_en-US.exe

==================== One Month Modified Files and Folders =======

2013-08-22 15:26 - 2013-08-22 15:26 - 01576476 _____ (Farbar) C:\Users\*\Desktop\FRST64.exe
2013-08-22 15:26 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-22 15:26 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-22 15:25 - 2011-02-14 14:57 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-08-22 15:25 - 2011-02-14 14:57 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-08-22 15:25 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-22 15:18 - 2013-08-22 15:18 - 00032000 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-08-22 15:18 - 2013-08-06 20:18 - 00001456 _____ C:\Windows\setupact.log
2013-08-22 15:18 - 2013-01-21 16:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-22 15:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-22 15:17 - 2013-08-22 15:17 - 00000476 _____ C:\Windows\system32\.crusader
2013-08-22 15:17 - 2013-08-16 16:22 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-22 15:17 - 2011-12-26 02:39 - 01359197 _____ C:\Windows\WindowsUpdate.log
2013-08-22 15:13 - 2013-08-22 15:13 - 00001911 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-22 15:13 - 2013-08-22 15:13 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-22 15:01 - 2012-11-21 19:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-19 15:01 - 2012-08-24 12:52 - 00000000 ____D C:\Users\Internetkonto\AppData\Roaming\Dropbox
2013-08-17 11:35 - 2013-08-17 11:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 16:32 - 2013-08-16 16:32 - 00004390 _____ C:\Users\*\Desktop\HitmanPro_20130816_1632.log
2013-08-16 16:22 - 2013-08-16 16:21 - 09853928 _____ (SurfRight B.V.) C:\Users\*\Desktop\HitmanPro_x64.exe
2013-08-16 16:16 - 2013-08-16 16:10 - 00001320 _____ C:\Users\*\Desktop\JRT.txt
2013-08-16 16:02 - 2013-08-16 16:02 - 00000000 ____D C:\Windows\ERUNT
2013-08-16 15:54 - 2013-08-16 15:54 - 00001884 _____ C:\Users\*\Desktop\AdwCleaner[S2].txt
2013-08-16 15:51 - 2013-08-16 15:51 - 00001919 _____ C:\AdwCleaner[S2].txt
2013-08-16 15:50 - 2013-08-16 15:50 - 00666633 _____ C:\Users\*\Desktop\adwcleaner.exe
2013-08-16 14:49 - 2013-08-16 14:49 - 00005947 _____ C:\Users\Internetkonto\Desktop\Mobilfunkvertrag_Musterkuendigung.zip
2013-08-16 14:46 - 2013-08-16 14:46 - 00000000 ____D C:\Users\Internetkonto\AppData\Roaming\OpenOffice
2013-08-16 12:13 - 2013-08-08 18:10 - 00005290 _____ C:\Windows\PFRO.log
2013-08-15 13:05 - 2013-08-15 13:05 - 00023376 _____ C:\ComboFix.txt
2013-08-15 13:05 - 2013-08-13 12:54 - 00000000 ____D C:\Qoobox
2013-08-15 13:01 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-15 12:51 - 2013-08-13 22:55 - 05104931 ____R (Swearware) C:\Users\*\Desktop\ComboFix.exe
2013-08-13 19:01 - 2013-08-13 19:01 - 00013493 _____ C:\Users\*\Desktop\AbbuchungCambioSTornierung.odt
2013-08-13 19:00 - 2013-08-13 19:00 - 00000000 ____D C:\Users\*\AppData\Roaming\OpenOffice
2013-08-13 13:34 - 2013-08-13 13:34 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\*\Desktop\tdsskiller.exe
2013-08-13 12:48 - 2013-08-08 14:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-13 12:46 - 2011-12-30 20:32 - 00000000 ____D C:\Program Files (x86)\Futuremark
2013-08-13 12:46 - 2011-12-26 02:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-09 20:19 - 2013-08-09 20:19 - 00022377 _____ C:\Users\*\Desktop\Addition.txt
2013-08-09 20:18 - 2013-08-09 20:18 - 00000000 ____D C:\FRST
2013-08-09 19:37 - 2013-08-08 14:10 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-08 23:13 - 2013-08-08 23:10 - 110344048 _____ C:\Users\*\Desktop\avira_free_antivirus85_de.exe
2013-08-08 16:09 - 2013-08-08 16:09 - 00000000 ____D C:\Users\*\Documents\ProcAlyzer Dumps
2013-08-08 14:10 - 2013-08-08 14:10 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-08 14:09 - 2013-08-08 14:09 - 01440846 _____ C:\Users\Internetkonto\Desktop\mbam-chameleon-1.62.1.1000.zip
2013-08-08 14:08 - 2013-08-08 14:08 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\Internetkonto\Desktop\spybotsd-2.1.21-SR2.exe
2013-08-06 20:18 - 2013-08-06 20:18 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 19:00 - 2012-09-12 16:32 - 00000000 ____D C:\Users\*\AppData\Local\CrashDumps
2013-08-06 18:57 - 2011-02-14 14:43 - 00000000 ____D C:\Windows\Panther
2013-08-06 18:44 - 2011-12-25 19:05 - 00117024 _____ C:\Users\*\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-06 18:44 - 2011-12-25 19:04 - 00000000 ____D C:\Users\*
2013-08-06 18:43 - 2009-07-14 06:45 - 00461120 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-06 18:42 - 2012-05-19 03:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 18:42 - 2012-05-19 03:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 18:40 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-06 18:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-06 18:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-06 18:19 - 2011-12-25 22:04 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-06 17:41 - 2013-08-06 17:41 - 00000000 ____D C:\Users\Internetkonto\AppData\Roaming\RCP 6
2013-08-06 17:35 - 2011-12-27 00:11 - 00000000 ___RD C:\Users\Internetkonto
2013-08-06 17:33 - 2013-08-06 17:33 - 00000000 ____D C:\ConversionOutput
2013-08-06 17:18 - 2013-08-06 17:18 - 00000000 ____D C:\Users\Internetkonto\AppData\Local\PictureConverter
2013-08-06 12:35 - 2013-07-02 19:01 - 00000000 ____D C:\Users\Internetkonto\AppData\Local\Windows Live
2013-08-06 12:18 - 2011-12-27 00:13 - 00117024 _____ C:\Users\Internetkonto\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-06 11:39 - 2013-08-06 11:39 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-06 11:39 - 2012-01-25 01:43 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-08-06 11:37 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-06 11:34 - 2011-12-25 19:04 - 00000000 ____D C:\Users\*\AppData\Local\Adobe
2013-08-06 11:30 - 2012-11-21 19:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-06 11:30 - 2012-04-04 00:00 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-06 11:30 - 2011-12-28 22:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-06 11:21 - 2011-12-27 00:00 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-06 11:21 - 2011-12-27 00:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-06 11:14 - 2013-08-06 11:14 - 00000000 ____D C:\Windows\en
2013-08-06 11:14 - 2013-08-06 11:14 - 00000000 ____D C:\Windows\de
2013-08-06 11:13 - 2013-08-06 11:07 - 143436858 _____ C:\Users\*\Desktop\Apache_OpenOffice_4.0.0_Win_x86_install_en-US.exe
2013-08-06 11:12 - 2011-12-25 19:07 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-08-06 11:12 - 2011-12-25 19:06 - 00000000 ____D C:\Program Files\Windows Live
2013-07-30 08:50 - 2012-03-13 18:32 - 03864576 ___SH C:\Users\Internetkonto\Desktop\Thumbs.db
2013-07-28 04:46 - 2013-02-23 01:10 - 00000000 ____D C:\Users\Internetkonto\AppData\Roaming\Spotify
2013-07-28 01:23 - 2013-02-23 01:10 - 00000000 ____D C:\Users\Internetkonto\AppData\Local\Spotify

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 15:11

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Logge ich mich auf meinem Nicht-Admin-Account ein, fährt der Rechner jetzt einfach runter.

Logge ich mich auf meinem Nicht-Admin-Account ein, fährt der Rechner jetzt einfach runter.

DanSkorksi · 01.09.2013, 00:31

Sieht das logfile soweit in Ordnung aus?

13.08.2013, 17:11	#6
markusg /// Malware-holic	Pup.Optional.Quick.Share.A gefunden Hi, versuch mal bitte folgenes. combofix.exe löschen, neu laden. Starte neu, drücke f8 wähle abgebsicherter Modus. Melde dich in deinem Konto an, führe Combofix erneut aus. wenn alles klappt, starte in den normalen Modus, poste das Log, bzw falls nich,die Info das es einen Fehler gab. __________________ --> Pup.Optional.Quick.Share.A gefunden

Pup.Optional.Quick.Share.A gefunden

Plagegeister aller Art und deren Bekämpfung: Pup.Optional.Quick.Share.A gefunden