Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   browse to save virus (https://www.trojaner-board.de/129720-browse-to-save-virus.html)

siskat 17.01.2013 22:02
browse to save virus
 
halihalo
hab auch dieses problem und schon mal otl runtergeladen und laufen lassen.
hab zwar schon so einen thread gelesenn aber ich hab das so verstanden dass das bei jedem anders zu löschen ist?! na jedenfalls bin ich nicht grad die schlauste auf dem gebiet und hoff auf hilfe =)

edit
ogott ich hab ja lauter errors -.-


Code:
OTL logfile created on: 17.01.2013 20:54:12 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\grinsekathze\Desktop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,60 Gb Total Physical Memory | 0,27 Gb Available Physical Memory | 16,64% Memory free
3,21 Gb Paging File | 1,08 Gb Available in Paging File | 33,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,84 Gb Total Space | 176,52 Gb Free Space | 62,41% Space Free | Partition Type: NTFS
Drive D: | 14,95 Gb Total Space | 1,85 Gb Free Space | 12,35% Space Free | Partition Type: NTFS
 
Computer Name: GRINSEKATHZE-PC | User Name: grinsekathze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\grinsekathze\Desktop\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\program files (x86)\avira\antivir desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe ()
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\program files (x86)\avira\antivir desktop\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FreemiumSystemStoreService) -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0B0FtDyD0C0C0E0FtBzytN0D0Tzu0CtAyByDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1302105681
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.at/"
FF - prefs.js..extensions.enabledAddons: 501e6fa18edf8%40501e6fa18ee31.info:1.0
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 08:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.13 13:46:30 | 000,000,000 | ---D | M]
 
[2011.11.24 14:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\Extensions
[2013.01.15 20:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\Firefox\Profiles\00ave1we.default\extensions
[2012.08.05 14:07:13 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\Firefox\Profiles\00ave1we.default\extensions\501e6fa18edf8@501e6fa18ee31.info
[2013.01.15 20:41:53 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.02.20 12:00:03 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\DivXWebPlayer@divx.com.xpi
[2013.01.15 20:37:18 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.01.15 20:41:53 | 000,533,036 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.01.15 20:41:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.10 20:28:13 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011.12.01 19:17:22 | 000,002,289 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\ecosia.xml
[2011.11.24 14:09:31 | 000,002,314 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\forestle-de.xml
[2013.01.09 16:06:00 | 000,002,329 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\Funmoods.xml
[2012.08.05 14:07:24 | 000,003,915 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\sweetim.xml
[2012.09.17 10:41:06 | 000,002,399 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\Web Search.xml
[2013.01.11 08:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.11 08:34:24 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.18 08:21:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 16:58:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.18 08:21:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.18 08:21:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.18 08:21:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.18 08:21:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Codecv Class) - {2D588057-BD3F-075B-B569-0C8FC43F046B} - C:\ProgramData\Codecv\bhoclass.dll File not found
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\grinsekathze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F7FB87-78B2-4A8C-A823-CC7F3395D176}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2d81870e-1dd0-11e1-830f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2d81870e-1dd0-11e1-830f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2d818754-1dd0-11e1-830f-101f745606e1}\Shell - "" = AutoRun
O33 - MountPoints2\{2d818754-1dd0-11e1-830f-101f745606e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dfdfc172-6525-11e1-88ed-d0df9abf4704}\Shell - "" = AutoRun
O33 - MountPoints2\{dfdfc172-6525-11e1-88ed-d0df9abf4704}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.17 11:22:58 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\.thumbnails
[2013.01.17 11:19:36 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\fontconfig
[2013.01.17 11:19:32 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\gegl-0.2
[2013.01.17 11:19:32 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\.gimp-2.8
[2013.01.17 11:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.01.15 19:49:52 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\Desktop\OSTTIROL WICHTIG
[2013.01.14 06:52:06 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\Desktop\ideen & upcycling
[2013.01.11 08:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.10 15:05:33 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.10 15:05:33 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.10 15:05:11 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.10 15:04:48 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.09 16:05:28 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Roaming\Funmoods
[2013.01.09 16:04:11 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\PutLockerDownloader
[2013.01.09 16:03:44 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
[2013.01.06 12:19:59 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Roaming\iScreensaver
[2013.01.05 14:36:47 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\WinZip
[2012.12.21 21:42:07 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.21 21:42:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.21 21:42:05 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.21 21:42:05 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.17 19:41:35 | 000,406,381 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0005.JPG
[2013.01.17 19:38:58 | 000,703,061 | ---- | M] () -- C:\Users\grinsekathze\Desktop\AP_A1_Umzugsservice.pdf
[2013.01.17 12:51:27 | 000,670,791 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0009.JPG
[2013.01.17 12:51:20 | 000,564,667 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0007.JPG
[2013.01.17 12:51:17 | 000,661,282 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0008.JPG
[2013.01.17 11:43:04 | 000,000,924 | ---- | M] () -- C:\Users\grinsekathze\Desktop\GIMP 2.lnk
[2013.01.17 11:42:54 | 000,275,565 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0126.png
[2013.01.17 11:42:54 | 000,002,118 | ---- | M] () -- C:\Users\grinsekathze\AppData\Local\recently-used.xbel
[2013.01.17 11:37:45 | 000,000,485 | ---- | M] () -- C:\Windows\cdplayer.ini
[2013.01.17 11:37:39 | 000,001,534 | ---- | M] () -- C:\ProgramData\ss.ini
[2013.01.17 11:36:16 | 000,737,137 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0126.xcf
[2013.01.17 09:20:33 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.17 09:20:33 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.17 09:20:33 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.17 09:20:33 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.17 09:20:33 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.16 23:26:45 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 23:26:45 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 23:19:26 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.01.16 23:18:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.11 03:21:01 | 000,296,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.09 16:04:46 | 000,368,102 | ---- | M] () -- C:\Users\grinsekathze\AppData\Local\funmoods-speeddial_sf.crx
[2013.01.09 16:04:46 | 000,031,465 | ---- | M] () -- C:\Users\grinsekathze\AppData\Local\funmoods.crx
[2013.01.09 16:03:44 | 000,000,924 | ---- | M] () -- C:\Users\grinsekathze\Desktop\Movie2KDownloader.lnk
[2012.12.20 08:29:39 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.12.20 08:29:16 | 000,701,576 | ---- | M] () -- C:\Users\grinsekathze\Desktop\Hochkar-Panoramakarte_DE.jpg
[2012.12.19 23:03:42 | 000,843,391 | ---- | M] () -- C:\Users\grinsekathze\Desktop\BAGS Kollektivvertrag 2012.pdf
[2012.12.19 13:39:53 | 000,279,411 | ---- | M] () -- C:\Users\grinsekathze\Desktop\Lebenslauf Kathrin Blumauer.pdf
 
========== Files Created - No Company Name ==========
 
[2013.01.17 19:41:35 | 000,406,381 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0005.JPG
[2013.01.17 19:08:43 | 000,703,061 | ---- | C] () -- C:\Users\grinsekathze\Desktop\AP_A1_Umzugsservice.pdf
[2013.01.17 12:51:06 | 000,670,791 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0009.JPG
[2013.01.17 12:51:06 | 000,564,667 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0007.JPG
[2013.01.17 12:51:05 | 000,661,282 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0008.JPG
[2013.01.17 11:42:54 | 000,002,118 | ---- | C] () -- C:\Users\grinsekathze\AppData\Local\recently-used.xbel
[2013.01.17 11:42:52 | 000,275,565 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0126.png
[2013.01.17 11:34:52 | 000,737,137 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0126.xcf
[2013.01.17 11:19:25 | 000,000,924 | ---- | C] () -- C:\Users\grinsekathze\Desktop\GIMP 2.lnk
[2013.01.17 11:15:17 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013.01.09 16:05:28 | 000,368,102 | ---- | C] () -- C:\Users\grinsekathze\AppData\Local\funmoods-speeddial_sf.crx
[2013.01.09 16:05:26 | 000,031,465 | ---- | C] () -- C:\Users\grinsekathze\AppData\Local\funmoods.crx
[2013.01.09 16:03:44 | 000,000,924 | ---- | C] () -- C:\Users\grinsekathze\Desktop\Movie2KDownloader.lnk
[2013.01.06 12:19:50 | 006,658,246 | ---- | C] () -- C:\Users\grinsekathze\Desktop\gezeitenweltglobus.EXE
[2012.12.20 08:29:09 | 000,701,576 | ---- | C] () -- C:\Users\grinsekathze\Desktop\Hochkar-Panoramakarte_DE.jpg
[2012.12.19 23:03:42 | 000,843,391 | ---- | C] () -- C:\Users\grinsekathze\Desktop\BAGS Kollektivvertrag 2012.pdf
[2012.12.19 13:39:48 | 000,279,411 | ---- | C] () -- C:\Users\grinsekathze\Desktop\Lebenslauf Kathrin Blumauer.pdf
[2012.12.07 11:56:23 | 000,000,485 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.12.07 11:32:59 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2012.02.25 21:59:17 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.12.11 17:37:20 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.28 12:49:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.11.24 17:20:17 | 000,007,599 | ---- | C] () -- C:\Users\grinsekathze\AppData\Local\Resmon.ResmonCfg
[2011.08.16 13:51:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.10 08:55:07 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.06.15 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Freemium
[2013.01.09 16:05:28 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Funmoods
[2013.01.06 12:19:59 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\iScreensaver
[2011.11.24 14:58:03 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Jens Lorek
[2012.10.09 12:51:15 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\OpenCandy
[2012.01.19 12:07:35 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\OpenOffice.org
[2012.11.08 12:49:48 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\pdfforge
[2012.01.19 11:57:55 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\SoftGrid Client
[2012.03.03 13:31:55 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Sony
[2011.11.24 14:03:21 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Synaptics
[2011.12.03 18:06:17 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\T-Mobile
[2011.12.11 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\TP
[2012.10.09 13:41:27 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\TuneUp Software
[2013.01.17 21:02:48 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >


Code:
OTL Extras logfile created on: 17.01.2013 20:54:12 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\grinsekathze\Desktop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,60 Gb Total Physical Memory | 0,27 Gb Available Physical Memory | 16,64% Memory free
3,21 Gb Paging File | 1,08 Gb Available in Paging File | 33,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,84 Gb Total Space | 176,52 Gb Free Space | 62,41% Space Free | Partition Type: NTFS
Drive D: | 14,95 Gb Total Space | 1,85 Gb Free Space | 12,35% Space Free | Partition Type: NTFS
 
Computer Name: GRINSEKATHZE-PC | User Name: grinsekathze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13EEA3A6-E516-4194-A8CE-717DA7B76D75}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2268A202-11C0-49F9-9C95-759875048BDA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{539FF5B6-5F05-478D-8269-9BBE0D206530}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{540939FC-3ED2-4A9E-A670-847215014E2C}" = rport=139 | protocol=6 | dir=out | app=system |
"{561061A0-97E3-4C9C-9F0E-8F67AAE55EFA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6457E410-9D31-4B8B-A7D1-0F0ED27E3EF0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6A350EE5-D3F7-4A45-B487-F165E12A15F2}" = lport=445 | protocol=6 | dir=in | app=system |
"{6CD84F12-28D6-4A94-B43E-C844C5ED8AA1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F7B7847-2B6F-4717-8956-248F2BE83111}" = rport=445 | protocol=6 | dir=out | app=system |
"{801618EB-A544-4901-8103-15C9472A867E}" = lport=139 | protocol=6 | dir=in | app=system |
"{84050A94-2CFF-48DF-84B4-4DD06C822FF0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8992A69C-A922-4071-A185-DADBDDFDFDCE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89BA3465-7CB5-426B-92C1-9EBF0A7D8550}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FF5F538-755F-49B3-B4B4-B8F79B322488}" = lport=137 | protocol=17 | dir=in | app=system |
"{96AA3A6D-4BA5-4822-B9FE-510C6280B224}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5A4C60C-8DF7-4C28-A661-EF49464E43C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB8FE59C-23B6-483C-AEBA-1DF54E48DA13}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C559004E-6364-446C-A1AA-69AAD8FD307E}" = rport=138 | protocol=17 | dir=out | app=system |
"{CB5ED033-54AD-4DAD-A55E-2D63CB825E37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D130D9B6-774F-49ED-8BAB-A7CBF5D31E1D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D44AF393-0566-4F4A-B7FF-0053CE790234}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D488656A-AFD4-495C-967F-36381AB2E6BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D52E1818-3EFF-4504-98F0-3DA6F7AA512E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ECAB0EFA-F12F-464F-84D8-F577D58DC191}" = lport=138 | protocol=17 | dir=in | app=system |
"{F473DAB7-4097-40D5-A95C-35C6DEE72B51}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026440B1-F5E6-4CF8-A4A5-184550AF4840}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{03756458-D0EF-49D1-80FB-0BB566795FF3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{079676D3-E9B1-4B9C-B328-48C8C26948CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1681DB2E-D50D-46D4-AB22-7F62312A7C22}" = protocol=17 | dir=in | app=c:\users\grinsekathze\appdata\local\temp\icreinstall\cnet2_caesar4_demo_en_exe.exe |
"{1C679E14-C62F-4D5D-99FC-605625A6616B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1EE95607-215E-4413-B499-7F11B3FCE57A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2630B676-75AC-4E86-A153-FD0D42AFFFCC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{368FD8D7-C361-4F9A-89D8-D7F3F89DC708}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{4677EF26-E74A-41D8-B816-6D8EDF883509}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53A1595F-526E-4C05-BCE1-52A28B87B16E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{59D97E3A-C86A-466C-9D87-F17A80C6506A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5A966CD3-A561-471D-B945-9297A2C7EBCE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{627AFF59-12B3-4CB3-845A-0B312586CC40}" = protocol=6 | dir=out | app=system |
"{69BD1719-1FA8-478D-9CD4-8721E52D4425}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6DA3B3E1-8145-471C-AD72-4C1466029568}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7257FB07-DCF0-4F10-B8D7-F2902EEEFD8B}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{74C68BD7-7394-491B-A7DE-D6821A89FCEB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{80F24660-0A69-42FB-8681-BA9152D96DBC}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{84C85B64-9AA5-4FD1-923B-248089C83A06}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9A9D6371-B611-43D0-9E62-7D1ECB85DCFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A428ACA6-9BBD-48E7-B803-4FB5315D75A7}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{A5A0FD3C-FC9E-4504-AB4A-1F5260DAD400}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A5DC2E51-FA28-4A2C-BD6A-A0BA1D87D0E5}" = protocol=6 | dir=in | app=c:\users\grinsekathze\appdata\local\temp\icreinstall\cnet2_caesar4_demo_en_exe.exe |
"{B6CC1895-0E53-4C8C-BF8E-17F4D6B8F698}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BE6DBFC1-0CD2-428B-929F-2FEC4C560E2D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C29A2CB7-B77F-4F32-B2B9-4B66D5FE99B8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D07AF249-AD70-43C0-942A-62478836C5CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1295660-6AFE-4BE0-B7A5-DC729CBAA2E7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D52E7DA4-91FF-4D8D-BEA4-49162CE7A3EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9AD44F7-1DFE-410E-B0FB-82B5A0CE82A7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DFA2248A-76ED-482A-8181-28D4BFED8034}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0FF9D22-6C06-46B8-AF2C-D15E1FBDFF87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB087712-4227-4562-9932-61DC9DD65422}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{C929FC29-7BAE-455B-97C6-D5E9425949CC}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"TCP Query User{DD914C7F-E884-4C32-9807-E27542C866CD}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{448AA499-95F4-4FCE-ADFF-02686BB4A52A}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"UDP Query User{9266BB6F-CBB5-43AB-92FF-3988CAB6750A}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E6BEFE9-0AFF-C09F-24A8-AA1CB05869BF}" = WMV9/VC-1 Video Playback
"{76A7DF87-2F94-A068-96B1-D5A392B785E1}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1250C3B-8953-8A3F-9FCF-D43BB6AE0051}" = AMD Fuel
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E04A3037-2F82-C518-D6CA-A63497D3872F}" = ATI Catalyst Install Manager
"GIMP-2_is1" = GIMP 2.8.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR 4.10 beta 2 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E73CF7-3B8E-49F6-B09C-3FB122B3938A}" = HP Software Framework
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26C4E5F1-314C-F3DF-2294-3685BF5F9E05}" = CCC Help Czech
"{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}" = HP Documentation
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP 3.92
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F1042D-1423-81C6-299B-C21FAB216F93}" = CCC Help Italian
"{6137C043-93EA-6769-90EA-01E87B041117}" = CCC Help Norwegian
"{6265A4F4-91FE-FFEC-1ECA-E5639B80ECB3}" = CCC Help French
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{657BD928-2C0B-7EFA-7740-DE8BC937FEF4}" = CCC Help Thai
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E30DB0-A342-F453-D14D-827B454A9E4A}" = CCC Help Swedish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6833708F-D07C-34AA-B195-698FA0C8879C}" = CCC Help Polish
"{687DB473-1A0F-5B1D-D0E0-A73258207AB2}" = ccc-core-static
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C92846D-67BA-5B17-38F4-E1318A0272B7}" = CCC Help Greek
"{6D437C07-418F-9E01-96EB-DC55F780A198}" = CCC Help Turkish
"{710E96D5-98A1-6732-8768-8F4ACCA520C1}" = CCC Help Portuguese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9299A9E5-4A0F-C936-76BD-62BCBD38CC21}" = CCC Help English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9B04A7CC-F80E-72C6-8B9E-83A88A5B479B}" = CCC Help Japanese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6A200F-90D7-F262-9639-16D640298E32}" = CCC Help Finnish
"{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}" = HP Support Assistant
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A37E63B7-29E5-CAF4-A81D-0A67946924E0}" = Catalyst Control Center Graphics Previews Common
"{A5449F23-80E8-04D2-EB41-7BE229CCB37B}" = Catalyst Control Center InstallProxy
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B97E3520-C726-475E-BC0C-7561952633AB}" = HP Power Manager
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C0838AAC-DF3E-5865-88D3-E43864E2B065}" = CCC Help Korean
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C257F891-7975-979B-3EDD-D3E74F1F583B}" = CCC Help Hungarian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CBD74B80-E1A2-08A1-69D9-DE37BFA265EF}" = CCC Help German
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA26698F-3E4F-FBAE-8219-5C3D3C1ECA92}" = CCC Help Spanish
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E13D5C1F-EA6D-E340-85A9-0EA7221F31E9}" = CCC Help Danish
"{E1D1E335-C6CE-C9A5-12B8-587D561E8B30}" = Catalyst Control Center Localization All
"{E3FE0FA5-D813-14AB-DE7B-594257E9550B}" = CCC Help Chinese Traditional
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E774EEC0-18E6-49C8-A271-07654C0A2047}" = Catalyst Control Center - Branding
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0C4AAC9-C7B6-59B3-789D-D2CA4E0CFCD1}" = CCC Help Dutch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5468CFB-F146-12D8-913B-513145180028}" = CCC Help Russian
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA2509E9-7197-8FB8-B35E-090A4F81CA6A}" = CCC Help Chinese Standard
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1ClickDownload" = Movie2KDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.11.2012 09:08:00 | Computer Name = grinsekathze-pc | Source = MsiInstaller | ID = 10005
Description =
 
Error - 09.11.2012 06:12:45 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
 
Error - 10.11.2012 05:54:51 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
 
Error - 12.11.2012 09:20:01 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
 
Error - 13.11.2012 06:27:03 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
 
Error - 14.11.2012 02:55:02 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
 
Error - 14.11.2012 05:14:04 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
 
Error - 14.11.2012 16:16:41 | Computer Name = grinsekathze-pc | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.2.4680,
 Zeitstempel: 0x50882871  Name des fehlerhaften Moduls: xul.dll, Version: 16.0.2.4680,
 Zeitstempel: 0x508827d6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00130ef7  ID des fehlerhaften
 Prozesses: 0xe6c  Startzeit der fehlerhaften Anwendung: 0x01cdc28333a79e11  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 332bf822-2e98-11e2-a968-101f745606e1
 
Error - 16.11.2012 05:27:46 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
 
Error - 16.11.2012 08:14:18 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
 
Error - 18.11.2012 05:57:53 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
 
[ Hewlett-Packard Events ]
Error - 23.04.2012 09:12:15 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041223031211.xml
 File not created by asset agent
 
Error - 17.06.2012 06:12:04 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061217121201.xml
 File not created by asset agent
 
Error - 13.08.2012 04:43:58 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081213104339.xml
 File not created by asset agent
 
Error - 20.08.2012 01:38:55 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081220073849.xml
 File not created by asset agent
 
Error - 02.09.2012 12:36:35 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091202063626.xml
 File not created by asset agent
 
Error - 16.09.2012 12:35:19 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091216063507.xml
 File not created by asset agent
 
Error - 23.09.2012 12:24:17 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091223062413.xml
 File not created by asset agent
 
Error - 02.10.2012 07:31:02 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101202013056.xml
 File not created by asset agent
 
Error - 17.10.2012 05:33:01 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101217113257.xml
 File not created by asset agent
 
Error - 05.01.2013 07:34:23 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011305123418.xml
 File not created by asset agent
 
[ HP Wireless Assistant Events ]
Error - 24.11.2011 09:35:14 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)    bei System.Management.ManagementScope.InitializeGuts(Object
 o)    bei System.Management.ManagementScope.Initialize()    bei System.Management.ManagementObject.Initialize(Boolean
 getObject)    bei System.Management.ManagementBaseObject.get_Properties()    bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)    bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 24.11.2011 09:35:20 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)    bei System.Management.ManagementScope.InitializeGuts(Object
 o)    bei System.Management.ManagementScope.Initialize()    bei System.Management.ManagementObject.Initialize(Boolean
 getObject)    bei System.Management.ManagementBaseObject.get_Properties()    bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)    bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 24.11.2011 09:36:25 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)    bei System.Management.ManagementScope.InitializeGuts(Object
 o)    bei System.Management.ManagementScope.Initialize()    bei System.Management.ManagementObject.Initialize(Boolean
 getObject)    bei System.Management.ManagementBaseObject.get_Properties()    bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)    bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 24.11.2011 09:36:30 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)    bei System.Management.ManagementScope.InitializeGuts(Object
 o)    bei System.Management.ManagementScope.Initialize()    bei System.Management.ManagementObject.Initialize(Boolean
 getObject)    bei System.Management.ManagementBaseObject.get_Properties()    bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)    bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 24.11.2011 09:37:35 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)    bei System.Management.ManagementScope.InitializeGuts(Object
 o)    bei System.Management.ManagementScope.Initialize()    bei System.Management.ManagementObject.Initialize(Boolean
 getObject)    bei System.Management.ManagementBaseObject.get_Properties()    bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)    bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 24.11.2011 09:37:40 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)    bei System.Management.ManagementScope.InitializeGuts(Object
 o)    bei System.Management.ManagementScope.Initialize()    bei System.Management.ManagementObject.Initialize(Boolean
 getObject)    bei System.Management.ManagementBaseObject.get_Properties()    bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)    bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 15.12.2011 16:34:57 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)    bei System.Management.ManagementObject.Initialize(Boolean
 getObject)    bei System.Management.ManagementBaseObject.get_Properties()    bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)    bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 10.02.2012 12:07:49 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Starten des Servers fehlgeschlagen
 (Ausnahme von HRESULT: 0x80080005 (CO_E_SERVER_EXEC_FAILURE))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)    bei System.Management.ManagementScope.InitializeGuts(Object
 o)    bei System.Management.ManagementScope.Initialize()    bei System.Management.ManagementObject.Initialize(Boolean
 getObject)    bei System.Management.ManagementBaseObject.get_Properties()    bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)    bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 20.08.2012 07:28:09 | Computer Name = grinsekathze-pc | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)    bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)    bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 20.08.2012 07:28:13 | Computer Name = grinsekathze-pc | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
[ System Events ]
Error - 16.01.2013 05:36:50 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 16.01.2013 05:37:01 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 16.01.2013 05:37:17 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 16.01.2013 05:37:17 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 16.01.2013 16:57:39 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 16.01.2013 18:19:03 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Media Center Extender-Dienst" ist vom Dienst "PnP-X-IP-Busenumerator"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 16.01.2013 18:19:03 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 16.01.2013 18:19:17 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 16.01.2013 18:19:34 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 16.01.2013 18:19:34 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
 
< End of report >

so..ich hoffe ich hab bis jetzt mal alles richtig gemacht.

grüssleins
kat

markusg 17.01.2013 22:33
hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

siskat 18.01.2013 11:25
schönen guten morgen =)

ich hoff das passt so...:crazy:

Code:
11:02:51.0861 2700  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:02:52.0189 2700  ============================================================
11:02:52.0189 2700  Current date / time: 2013/01/18 11:02:52.0189
11:02:52.0189 2700  SystemInfo:
11:02:52.0189 2700 
11:02:52.0189 2700  OS Version: 6.1.7601 ServicePack: 1.0
11:02:52.0189 2700  Product type: Workstation
11:02:52.0189 2700  ComputerName: GRINSEKATHZE-PC
11:02:52.0189 2700  UserName: grinsekathze
11:02:52.0189 2700  Windows directory: C:\Windows
11:02:52.0189 2700  System windows directory: C:\Windows
11:02:52.0189 2700  Running under WOW64
11:02:52.0189 2700  Processor architecture: Intel x64
11:02:52.0189 2700  Number of processors: 2
11:02:52.0189 2700  Page size: 0x1000
11:02:52.0189 2700  Boot type: Normal boot
11:02:52.0189 2700  ============================================================
11:02:53.0343 2700  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:02:53.0359 2700  ============================================================
11:02:53.0359 2700  \Device\Harddisk0\DR0:
11:02:53.0359 2700  MBR partitions:
11:02:53.0359 2700  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:02:53.0359 2700  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x235AF000
11:02:53.0359 2700  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23613000, BlocksNum 0x1DE7800
11:02:53.0359 2700  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
11:02:53.0359 2700  ============================================================
11:02:53.0375 2700  C: <-> \Device\Harddisk0\DR0\Partition2
11:02:53.0406 2700  D: <-> \Device\Harddisk0\DR0\Partition3
11:02:53.0406 2700  ============================================================
11:02:53.0406 2700  Initialize success
11:02:53.0406 2700  ============================================================
11:03:29.0954 1020  ============================================================
11:03:29.0954 1020  Scan started
11:03:29.0954 1020  Mode: Manual; SigCheck; TDLFS;
11:03:29.0954 1020  ============================================================
11:03:31.0374 1020  ================ Scan system memory ========================
11:03:31.0374 1020  System memory - ok
11:03:31.0374 1020  ================ Scan services =============================
11:03:32.0232 1020  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:03:32.0793 1020  1394ohci - ok
11:03:32.0840 1020  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:03:32.0887 1020  ACPI - ok
11:03:32.0949 1020  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
11:03:33.0105 1020  AcpiPmi - ok
11:03:33.0277 1020  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:03:33.0324 1020  AdobeARMservice - ok
11:03:33.0386 1020  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
11:03:33.0449 1020  adp94xx - ok
11:03:33.0511 1020  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
11:03:33.0558 1020  adpahci - ok
11:03:33.0667 1020  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
11:03:33.0714 1020  adpu320 - ok
11:03:33.0776 1020  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
11:03:34.0135 1020  AeLookupSvc - ok
11:03:34.0213 1020  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
11:03:34.0229 1020  AERTFilters - ok
11:03:34.0307 1020  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
11:03:34.0416 1020  AFD - ok
11:03:34.0494 1020  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:03:34.0541 1020  agp440 - ok
11:03:34.0619 1020  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
11:03:34.0712 1020  ALG - ok
11:03:34.0759 1020  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:03:34.0790 1020  aliide - ok
11:03:34.0837 1020  [ F4F8D818F8BB7EAFB7B9A259D6CBFE68 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:03:34.0977 1020  AMD External Events Utility - ok
11:03:35.0040 1020  AMD FUEL Service - ok
11:03:35.0055 1020  [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
11:03:35.0087 1020  AMD Reservation Manager - ok
11:03:35.0133 1020  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:03:35.0165 1020  amdide - ok
11:03:35.0196 1020  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
11:03:35.0352 1020  amdiox64 - ok
11:03:35.0399 1020  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
11:03:35.0461 1020  AmdK8 - ok
11:03:35.0726 1020  [ E93230B4214A90854BE7F27E61C1E8FD ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
11:03:36.0132 1020  amdkmdag - ok
11:03:36.0210 1020  [ 2B614A1CB27F36C5B2D96E554472A809 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
11:03:36.0272 1020  amdkmdap - ok
11:03:36.0303 1020  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:03:36.0366 1020  AmdPPM - ok
11:03:36.0413 1020  [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata        C:\Windows\system32\drivers\amdsata.sys
11:03:36.0459 1020  amdsata - ok
11:03:36.0573 1020  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
11:03:36.0623 1020  amdsbs - ok
11:03:36.0653 1020  [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
11:03:36.0683 1020  amdxata - ok
11:03:36.0713 1020  [ 80A508D0C7A21BC13C01D4C671541203 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
11:03:36.0733 1020  amd_sata - ok
11:03:36.0753 1020  [ 2BE940F3A632A1A301B22B096BF221F1 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
11:03:36.0783 1020  amd_xata - ok
11:03:36.0843 1020  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:03:36.0893 1020  AntiVirSchedulerService - ok
11:03:36.0963 1020  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:03:36.0983 1020  AntiVirService - ok
11:03:37.0023 1020  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
11:03:37.0243 1020  AppID - ok
11:03:37.0283 1020  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:03:37.0373 1020  AppIDSvc - ok
11:03:37.0413 1020  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
11:03:37.0523 1020  Appinfo - ok
11:03:37.0573 1020  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\drivers\arc.sys
11:03:37.0603 1020  arc - ok
11:03:37.0633 1020  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:03:37.0673 1020  arcsas - ok
11:03:37.0693 1020  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:03:37.0793 1020  AsyncMac - ok
11:03:37.0833 1020  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
11:03:37.0873 1020  atapi - ok
11:03:37.0933 1020  [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort      C:\Windows\system32\DRIVERS\btath_flt.sys
11:03:37.0973 1020  AthBTPort - ok
11:03:38.0043 1020  [ 4C4A576818EA028257C624AE36FF7A03 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
11:03:38.0073 1020  Atheros Bt&Wlan Coex Agent - ok
11:03:38.0093 1020  [ 684B36CA4067DA7000CF95771A3CF0E7 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
11:03:38.0113 1020  AtherosSvc - ok
11:03:38.0223 1020  [ 7C2D67E273E76ADC3ADB621B8404C5FB ] athr            C:\Windows\system32\DRIVERS\athrx.sys
11:03:38.0433 1020  athr - ok
11:03:38.0503 1020  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:03:38.0543 1020  AtiHDAudioService - ok
11:03:38.0594 1020  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:03:38.0703 1020  AudioEndpointBuilder - ok
11:03:38.0735 1020  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:03:38.0813 1020  AudioSrv - ok
11:03:38.0859 1020  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
11:03:38.0906 1020  avgntflt - ok
11:03:38.0937 1020  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
11:03:38.0984 1020  avipbb - ok
11:03:39.0015 1020  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
11:03:39.0047 1020  avkmgr - ok
11:03:39.0093 1020  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:03:39.0218 1020  AxInstSV - ok
11:03:39.0265 1020  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
11:03:39.0343 1020  b06bdrv - ok
11:03:39.0374 1020  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:03:39.0468 1020  b57nd60a - ok
11:03:39.0546 1020  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX        C:\Windows\system32\DRIVERS\bcmwl664.sys
11:03:39.0655 1020  BCM43XX - ok
11:03:39.0686 1020  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:03:39.0764 1020  BDESVC - ok
11:03:39.0795 1020  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:03:39.0873 1020  Beep - ok
11:03:39.0951 1020  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
11:03:40.0092 1020  BFE - ok
11:03:40.0154 1020  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
11:03:40.0295 1020  BITS - ok
11:03:40.0326 1020  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
11:03:40.0373 1020  blbdrive - ok
11:03:40.0435 1020  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:03:40.0466 1020  Bonjour Service - ok
11:03:40.0513 1020  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:03:40.0591 1020  bowser - ok
11:03:40.0622 1020  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
11:03:40.0669 1020  BrFiltLo - ok
11:03:40.0700 1020  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
11:03:40.0747 1020  BrFiltUp - ok
11:03:40.0778 1020  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
11:03:40.0872 1020  Browser - ok
11:03:40.0919 1020  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
11:03:41.0028 1020  Brserid - ok
11:03:41.0059 1020  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:03:41.0106 1020  BrSerWdm - ok
11:03:41.0153 1020  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:03:41.0199 1020  BrUsbMdm - ok
11:03:41.0215 1020  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:03:41.0262 1020  BrUsbSer - ok
11:03:41.0324 1020  [ 227C8F308DE4AF4808E587465CEAB838 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
11:03:41.0371 1020  BTATH_A2DP - ok
11:03:41.0418 1020  [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS      C:\Windows\system32\DRIVERS\btath_bus.sys
11:03:41.0433 1020  BTATH_BUS - ok
11:03:41.0465 1020  [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
11:03:41.0511 1020  BTATH_HCRP - ok
11:03:41.0527 1020  [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT    C:\Windows\system32\DRIVERS\btath_lwflt.sys
11:03:41.0558 1020  BTATH_LWFLT - ok
11:03:41.0574 1020  [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP      C:\Windows\system32\DRIVERS\btath_rcp.sys
11:03:41.0605 1020  BTATH_RCP - ok
11:03:41.0652 1020  [ FF8B065F96E4D9525AA7227299FBD05C ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
11:03:41.0699 1020  BtFilter - ok
11:03:41.0745 1020  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum        C:\Windows\system32\drivers\BthEnum.sys
11:03:41.0823 1020  BthEnum - ok
11:03:41.0855 1020  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:03:41.0917 1020  BTHMODEM - ok
11:03:41.0964 1020  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
11:03:42.0026 1020  BthPan - ok
11:03:42.0073 1020  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
11:03:42.0151 1020  BTHPORT - ok
11:03:42.0198 1020  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
11:03:42.0291 1020  bthserv - ok
11:03:42.0323 1020  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
11:03:42.0385 1020  BTHUSB - ok
11:03:42.0416 1020  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:03:42.0510 1020  cdfs - ok
11:03:42.0572 1020  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
11:03:42.0635 1020  cdrom - ok
11:03:42.0681 1020  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
11:03:42.0791 1020  CertPropSvc - ok
11:03:42.0837 1020  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
11:03:42.0931 1020  circlass - ok
11:03:43.0009 1020  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
11:03:43.0040 1020  CLFS - ok
11:03:43.0118 1020  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:03:43.0149 1020  clr_optimization_v2.0.50727_32 - ok
11:03:43.0212 1020  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:03:43.0259 1020  clr_optimization_v2.0.50727_64 - ok
11:03:43.0274 1020  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd          C:\Windows\system32\DRIVERS\clwvd.sys
11:03:43.0305 1020  clwvd - ok
11:03:43.0352 1020  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
11:03:43.0399 1020  CmBatt - ok
11:03:43.0415 1020  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:03:43.0446 1020  cmdide - ok
11:03:43.0493 1020  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
11:03:43.0586 1020  CNG - ok
11:03:43.0617 1020  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
11:03:43.0664 1020  Compbatt - ok
11:03:43.0711 1020  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:03:43.0758 1020  CompositeBus - ok
11:03:43.0773 1020  COMSysApp - ok
11:03:43.0805 1020  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
11:03:43.0836 1020  crcdisk - ok
11:03:43.0898 1020  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:03:43.0992 1020  CryptSvc - ok
11:03:44.0054 1020  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:03:44.0148 1020  DcomLaunch - ok
11:03:44.0179 1020  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
11:03:44.0304 1020  defragsvc - ok
11:03:44.0319 1020  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:03:44.0429 1020  DfsC - ok
11:03:44.0491 1020  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:03:44.0616 1020  Dhcp - ok
11:03:44.0663 1020  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
11:03:44.0741 1020  discache - ok
11:03:44.0803 1020  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
11:03:44.0834 1020  Disk - ok
11:03:44.0881 1020  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:03:44.0959 1020  Dnscache - ok
11:03:45.0006 1020  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
11:03:45.0115 1020  dot3svc - ok
11:03:45.0146 1020  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
11:03:45.0240 1020  DPS - ok
11:03:45.0287 1020  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
11:03:45.0333 1020  drmkaud - ok
11:03:45.0380 1020  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
11:03:45.0458 1020  DXGKrnl - ok
11:03:45.0489 1020  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
11:03:45.0599 1020  EapHost - ok
11:03:45.0723 1020  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\drivers\evbda.sys
11:03:45.0973 1020  ebdrv - ok
11:03:46.0004 1020  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
11:03:46.0082 1020  EFS - ok
11:03:46.0176 1020  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
11:03:46.0285 1020  ehRecvr - ok
11:03:46.0301 1020  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
11:03:46.0363 1020  ehSched - ok
11:03:46.0410 1020  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
11:03:46.0472 1020  elxstor - ok
11:03:46.0488 1020  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:03:46.0550 1020  ErrDev - ok
11:03:46.0597 1020  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
11:03:46.0706 1020  EventSystem - ok
11:03:46.0753 1020  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
11:03:46.0847 1020  exfat - ok
11:03:46.0862 1020  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
11:03:46.0971 1020  fastfat - ok
11:03:47.0018 1020  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
11:03:47.0096 1020  Fax - ok
11:03:47.0112 1020  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\drivers\fdc.sys
11:03:47.0190 1020  fdc - ok
11:03:47.0221 1020  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
11:03:47.0299 1020  fdPHost - ok
11:03:47.0315 1020  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:03:47.0424 1020  FDResPub - ok
11:03:47.0471 1020  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:03:47.0502 1020  FileInfo - ok
11:03:47.0533 1020  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
11:03:47.0627 1020  Filetrace - ok
11:03:47.0673 1020  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
11:03:47.0705 1020  flpydisk - ok
11:03:47.0720 1020  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:03:47.0783 1020  FltMgr - ok
11:03:47.0845 1020  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
11:03:47.0970 1020  FontCache - ok
11:03:48.0032 1020  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:03:48.0079 1020  FontCache3.0.0.0 - ok
11:03:48.0344 1020  [ EAE9B4318A46C08037BDB5CFE3053CF2 ] FreemiumSystemStoreService C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe
11:03:48.0776 1020  FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - warning
11:03:48.0776 1020  FreemiumSystemStoreService - detected UnsignedFile.Multi.Generic (1)
11:03:48.0826 1020  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
11:03:48.0866 1020  FsDepends - ok
11:03:48.0896 1020  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:03:48.0926 1020  Fs_Rec - ok
11:03:48.0956 1020  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:03:48.0996 1020  fvevol - ok
11:03:49.0036 1020  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:03:49.0076 1020  gagp30kx - ok
11:03:49.0136 1020  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
11:03:49.0256 1020  gpsvc - ok
11:03:49.0276 1020  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:03:49.0346 1020  hcw85cir - ok
11:03:49.0396 1020  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:03:49.0466 1020  HdAudAddService - ok
11:03:49.0496 1020  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:03:49.0546 1020  HDAudBus - ok
11:03:49.0596 1020  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
11:03:49.0646 1020  HidBatt - ok
11:03:49.0686 1020  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:03:49.0736 1020  HidBth - ok
11:03:49.0766 1020  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\drivers\hidir.sys
11:03:49.0806 1020  HidIr - ok
11:03:49.0846 1020  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
11:03:49.0946 1020  hidserv - ok
11:03:50.0006 1020  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:03:50.0046 1020  HidUsb - ok
11:03:50.0066 1020  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:03:50.0176 1020  hkmsvc - ok
11:03:50.0206 1020  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:03:50.0316 1020  HomeGroupListener - ok
11:03:50.0356 1020  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:03:50.0446 1020  HomeGroupProvider - ok
11:03:50.0556 1020  [ 7A24AD37416B91E4B5E5B46BD25C075F ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
11:03:50.0586 1020  HP Health Check Service - ok
11:03:50.0656 1020  [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
11:03:50.0676 1020  HP Wireless Assistant Service - ok
11:03:50.0722 1020  [ 03431817C7236371433D3C860810FE8A ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:03:50.0753 1020  HPDrvMntSvc.exe - ok
11:03:50.0784 1020  [ CC518F83732860997C3FAF56D15627A7 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:03:50.0831 1020  hpqwmiex - ok
11:03:50.0847 1020  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:03:50.0878 1020  HpSAMD - ok
11:03:50.0956 1020  [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:03:50.0971 1020  HPWMISVC - ok
11:03:51.0034 1020  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:03:51.0143 1020  HTTP - ok
11:03:51.0159 1020  hwdatacard - ok
11:03:51.0174 1020  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:03:51.0221 1020  hwpolicy - ok
11:03:51.0268 1020  hwusbdev - ok
11:03:51.0318 1020  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:03:51.0358 1020  i8042prt - ok
11:03:51.0418 1020  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
11:03:51.0478 1020  iaStorV - ok
11:03:51.0598 1020  [ E4693409D06785477A49FB34AFAE1B92 ] IconMan_R      C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
11:03:53.0869 1020  IconMan_R ( UnsignedFile.Multi.Generic ) - warning
11:03:53.0869 1020  IconMan_R - detected UnsignedFile.Multi.Generic (1)
11:03:53.0963 1020  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:03:54.0057 1020  idsvc - ok
11:03:54.0088 1020  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
11:03:54.0135 1020  iirsp - ok
11:03:54.0166 1020  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:03:54.0306 1020  IKEEXT - ok
11:03:54.0400 1020  [ 336C3A6BF14D5A9AF35AF07C6B6B29CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:03:54.0634 1020  IntcAzAudAddService - ok
11:03:54.0696 1020  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
11:03:54.0743 1020  intelide - ok
11:03:54.0790 1020  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
11:03:54.0852 1020  intelppm - ok
11:03:54.0899 1020  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
11:03:55.0008 1020  IPBusEnum - ok
11:03:55.0039 1020  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:03:55.0133 1020  IpFilterDriver - ok
11:03:55.0180 1020  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:03:55.0273 1020  iphlpsvc - ok
11:03:55.0305 1020  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
11:03:55.0351 1020  IPMIDRV - ok
11:03:55.0383 1020  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
11:03:55.0492 1020  IPNAT - ok
11:03:55.0523 1020  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:03:55.0570 1020  IRENUM - ok
11:03:55.0601 1020  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:03:55.0632 1020  isapnp - ok
11:03:55.0679 1020  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:03:55.0726 1020  iScsiPrt - ok
11:03:55.0757 1020  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:03:55.0788 1020  kbdclass - ok
11:03:55.0819 1020  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
11:03:55.0866 1020  kbdhid - ok
11:03:55.0882 1020  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
11:03:55.0913 1020  KeyIso - ok
11:03:55.0944 1020  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:03:55.0975 1020  KSecDD - ok
11:03:56.0007 1020  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
11:03:56.0038 1020  KSecPkg - ok
11:03:56.0069 1020  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
11:03:56.0163 1020  ksthunk - ok
11:03:56.0209 1020  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
11:03:56.0319 1020  KtmRm - ok
11:03:56.0381 1020  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:03:56.0490 1020  LanmanServer - ok
11:03:56.0537 1020  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:03:56.0646 1020  LanmanWorkstation - ok
11:03:56.0693 1020  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:03:56.0787 1020  lltdio - ok
11:03:56.0818 1020  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
11:03:56.0927 1020  lltdsvc - ok
11:03:56.0974 1020  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
11:03:57.0083 1020  lmhosts - ok
11:03:57.0114 1020  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:03:57.0161 1020  LSI_FC - ok
11:03:57.0223 1020  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
11:03:57.0270 1020  LSI_SAS - ok
11:03:57.0301 1020  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
11:03:57.0333 1020  LSI_SAS2 - ok
11:03:57.0364 1020  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:03:57.0395 1020  LSI_SCSI - ok
11:03:57.0442 1020  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
11:03:57.0551 1020  luafv - ok
11:03:57.0582 1020  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
11:03:57.0645 1020  Mcx2Svc - ok
11:03:57.0691 1020  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\drivers\megasas.sys
11:03:57.0723 1020  megasas - ok
11:03:57.0754 1020  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
11:03:57.0801 1020  MegaSR - ok
11:03:57.0832 1020  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
11:03:57.0941 1020  MMCSS - ok
11:03:57.0972 1020  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
11:03:58.0066 1020  Modem - ok
11:03:58.0097 1020  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
11:03:58.0159 1020  monitor - ok
11:03:58.0206 1020  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:03:58.0237 1020  mouclass - ok
11:03:58.0269 1020  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:03:58.0331 1020  mouhid - ok
11:03:58.0347 1020  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:03:58.0378 1020  mountmgr - ok
11:03:58.0456 1020  [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:03:58.0503 1020  MozillaMaintenance - ok
11:03:58.0534 1020  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:03:58.0581 1020  mpio - ok
11:03:58.0627 1020  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:03:58.0737 1020  mpsdrv - ok
11:03:58.0799 1020  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:03:58.0939 1020  MpsSvc - ok
11:03:58.0971 1020  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:03:59.0033 1020  MRxDAV - ok
11:03:59.0080 1020  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:03:59.0173 1020  mrxsmb - ok
11:03:59.0205 1020  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:03:59.0251 1020  mrxsmb10 - ok
11:03:59.0283 1020  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:03:59.0345 1020  mrxsmb20 - ok
11:03:59.0376 1020  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:03:59.0407 1020  msahci - ok
11:03:59.0439 1020  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
11:03:59.0485 1020  msdsm - ok
11:03:59.0517 1020  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
11:03:59.0610 1020  MSDTC - ok
11:03:59.0673 1020  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:03:59.0766 1020  Msfs - ok
11:03:59.0813 1020  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
11:03:59.0891 1020  mshidkmdf - ok
11:03:59.0938 1020  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:03:59.0985 1020  msisadrv - ok
11:04:00.0016 1020  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
11:04:00.0203 1020  MSiSCSI - ok
11:04:00.0219 1020  msiserver - ok
11:04:00.0297 1020  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
11:04:00.0390 1020  MSKSSRV - ok
11:04:00.0421 1020  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:04:00.0531 1020  MSPCLOCK - ok
11:04:00.0546 1020  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
11:04:00.0624 1020  MSPQM - ok
11:04:00.0671 1020  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
11:04:00.0718 1020  MsRPC - ok
11:04:00.0796 1020  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:04:00.0811 1020  mssmbios - ok
11:04:00.0827 1020  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
11:04:00.0936 1020  MSTEE - ok
11:04:00.0967 1020  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
11:04:01.0014 1020  MTConfig - ok
11:04:01.0046 1020  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
11:04:01.0077 1020  Mup - ok
11:04:01.0124 1020  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
11:04:01.0217 1020  napagent - ok
11:04:01.0264 1020  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
11:04:01.0342 1020  NativeWifiP - ok
11:04:01.0404 1020  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:04:01.0451 1020  NDIS - ok
11:04:01.0498 1020  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
11:04:01.0592 1020  NdisCap - ok
11:04:01.0638 1020  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:04:01.0732 1020  NdisTapi - ok
11:04:01.0763 1020  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
11:04:01.0872 1020  Ndisuio - ok
11:04:01.0904 1020  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
11:04:01.0997 1020  NdisWan - ok
11:04:02.0013 1020  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
11:04:02.0091 1020  NDProxy - ok
11:04:02.0138 1020  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
11:04:02.0294 1020  NetBIOS - ok
11:04:02.0340 1020  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
11:04:02.0418 1020  NetBT - ok
11:04:02.0434 1020  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
11:04:02.0465 1020  Netlogon - ok
11:04:02.0512 1020  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
11:04:02.0606 1020  Netman - ok
11:04:02.0637 1020  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
11:04:02.0762 1020  netprofm - ok
11:04:02.0793 1020  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:04:02.0840 1020  NetTcpPortSharing - ok
11:04:02.0871 1020  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
11:04:02.0918 1020  nfrd960 - ok
11:04:02.0964 1020  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:04:03.0074 1020  NlaSvc - ok
11:04:03.0105 1020  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:04:03.0183 1020  Npfs - ok
11:04:03.0214 1020  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
11:04:03.0292 1020  nsi - ok
11:04:03.0308 1020  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:04:03.0370 1020  nsiproxy - ok
11:04:03.0448 1020  [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:04:03.0573 1020  Ntfs - ok
11:04:03.0620 1020  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
11:04:03.0682 1020  Null - ok
11:04:03.0713 1020  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
11:04:03.0776 1020  NVENETFD - ok
11:04:03.0822 1020  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:04:03.0869 1020  nvraid - ok
11:04:03.0885 1020  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:04:03.0932 1020  nvstor - ok
11:04:03.0963 1020  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:04:04.0010 1020  nv_agp - ok
11:04:04.0025 1020  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:04:04.0056 1020  ohci1394 - ok
11:04:04.0103 1020  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:04:04.0181 1020  p2pimsvc - ok
11:04:04.0244 1020  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:04:04.0322 1020  p2psvc - ok
11:04:04.0353 1020  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\drivers\parport.sys
11:04:04.0400 1020  Parport - ok
11:04:04.0431 1020  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
11:04:04.0462 1020  partmgr - ok
11:04:04.0493 1020  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:04:04.0571 1020  PcaSvc - ok
11:04:04.0602 1020  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
11:04:04.0649 1020  pci - ok
11:04:04.0665 1020  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
11:04:04.0696 1020  pciide - ok
11:04:04.0727 1020  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:04:04.0774 1020  pcmcia - ok
11:04:04.0805 1020  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
11:04:04.0836 1020  pcw - ok
11:04:04.0868 1020  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:04:04.0992 1020  PEAUTH - ok
11:04:05.0117 1020  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:04:05.0164 1020  PerfHost - ok
11:04:05.0242 1020  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
11:04:05.0382 1020  pla - ok
11:04:05.0445 1020  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:04:05.0507 1020  PlugPlay - ok
11:04:05.0538 1020  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
11:04:05.0601 1020  PNRPAutoReg - ok
11:04:05.0632 1020  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
11:04:05.0663 1020  PNRPsvc - ok
11:04:05.0710 1020  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
11:04:05.0819 1020  PolicyAgent - ok
11:04:05.0866 1020  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
11:04:05.0960 1020  Power - ok
11:04:05.0991 1020  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:04:06.0100 1020  PptpMiniport - ok
11:04:06.0116 1020  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\drivers\processr.sys
11:04:06.0162 1020  Processor - ok
11:04:06.0194 1020  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc        C:\Windows\system32\profsvc.dll
11:04:06.0303 1020  ProfSvc - ok
11:04:06.0318 1020  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:04:06.0350 1020  ProtectedStorage - ok
11:04:06.0381 1020  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:04:06.0443 1020  Psched - ok
11:04:06.0521 1020  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:04:06.0615 1020  ql2300 - ok
11:04:06.0630 1020  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:04:06.0693 1020  ql40xx - ok
11:04:06.0755 1020  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
11:04:06.0818 1020  QWAVE - ok
11:04:06.0849 1020  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:04:06.0911 1020  QWAVEdrv - ok
11:04:06.0927 1020  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:04:07.0020 1020  RasAcd - ok
11:04:07.0052 1020  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
11:04:07.0145 1020  RasAgileVpn - ok
11:04:07.0176 1020  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
11:04:07.0270 1020  RasAuto - ok
11:04:07.0317 1020  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
11:04:07.0410 1020  Rasl2tp - ok
11:04:07.0457 1020  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
11:04:07.0551 1020  RasMan - ok
11:04:07.0582 1020  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:04:07.0691 1020  RasPppoe - ok
11:04:07.0707 1020  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
11:04:07.0816 1020  RasSstp - ok
11:04:07.0847 1020  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
11:04:07.0956 1020  rdbss - ok
11:04:07.0972 1020  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
11:04:08.0034 1020  rdpbus - ok
11:04:08.0066 1020  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:04:08.0128 1020  RDPCDD - ok
11:04:08.0144 1020  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:04:08.0237 1020  RDPENCDD - ok
11:04:08.0253 1020  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:04:08.0331 1020  RDPREFMP - ok
11:04:08.0362 1020  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
11:04:08.0440 1020  RDPWD - ok
11:04:08.0487 1020  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:04:08.0534 1020  rdyboost - ok
11:04:08.0565 1020  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:04:08.0658 1020  RemoteAccess - ok
11:04:08.0705 1020  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:04:08.0814 1020  RemoteRegistry - ok
11:04:08.0877 1020  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
11:04:08.0924 1020  RFCOMM - ok
11:04:08.0955 1020  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:04:09.0048 1020  RpcEptMapper - ok
11:04:09.0080 1020  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
11:04:09.0126 1020  RpcLocator - ok
11:04:09.0158 1020  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
11:04:09.0236 1020  RpcSs - ok
11:04:09.0282 1020  [ 546D7F426776090B90EF5F195B6AE662 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
11:04:09.0314 1020  RSPCIESTOR - ok
11:04:09.0360 1020  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:04:09.0438 1020  rspndr - ok
11:04:09.0485 1020  [ 3372196F61AF48503656EF6AA3E92D1B ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
11:04:09.0548 1020  RTL8167 - ok
11:04:09.0563 1020  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
11:04:09.0594 1020  SamSs - ok
11:04:09.0610 1020  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:04:09.0657 1020  sbp2port - ok
11:04:09.0688 1020  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:04:09.0782 1020  SCardSvr - ok
11:04:09.0797 1020  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:04:09.0906 1020  scfilter - ok
11:04:09.0953 1020  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
11:04:10.0109 1020  Schedule - ok
11:04:10.0140 1020  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
11:04:10.0203 1020  SCPolicySvc - ok
11:04:10.0250 1020  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
11:04:10.0312 1020  sdbus - ok
11:04:10.0359 1020  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:04:10.0452 1020  SDRSVC - ok
11:04:10.0484 1020  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:04:10.0577 1020  secdrv - ok
11:04:10.0608 1020  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
11:04:10.0686 1020  seclogon - ok
11:04:10.0718 1020  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
11:04:10.0811 1020  SENS - ok
11:04:10.0842 1020  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:04:10.0920 1020  SensrSvc - ok
11:04:10.0952 1020  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\drivers\serenum.sys
11:04:10.0998 1020  Serenum - ok
11:04:11.0030 1020  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
11:04:11.0076 1020  Serial - ok
11:04:11.0123 1020  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:04:11.0154 1020  sermouse - ok
11:04:11.0217 1020  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:04:11.0310 1020  SessionEnv - ok
11:04:11.0342 1020  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
11:04:11.0373 1020  sffdisk - ok
11:04:11.0404 1020  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:04:11.0451 1020  sffp_mmc - ok
11:04:11.0466 1020  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
11:04:11.0513 1020  sffp_sd - ok
11:04:11.0560 1020  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
11:04:11.0607 1020  sfloppy - ok
11:04:11.0654 1020  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:04:11.0794 1020  SharedAccess - ok
11:04:11.0841 1020  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:04:11.0950 1020  ShellHWDetection - ok
11:04:11.0981 1020  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
11:04:12.0012 1020  SiSRaid2 - ok
11:04:12.0044 1020  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:04:12.0075 1020  SiSRaid4 - ok
11:04:12.0137 1020  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
11:04:12.0231 1020  Smb - ok
11:04:12.0293 1020  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:04:12.0340 1020  SNMPTRAP - ok
11:04:12.0356 1020  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
11:04:12.0387 1020  spldr - ok
11:04:12.0418 1020  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler        C:\Windows\System32\spoolsv.exe
11:04:12.0527 1020  Spooler - ok
11:04:12.0621 1020  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
11:04:12.0824 1020  sppsvc - ok
11:04:12.0855 1020  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
11:04:12.0933 1020  sppuinotify - ok
11:04:12.0980 1020  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
11:04:13.0058 1020  srv - ok
11:04:13.0089 1020  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:04:13.0167 1020  srv2 - ok
11:04:13.0198 1020  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA      C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:04:13.0245 1020  SrvHsfHDA - ok
11:04:13.0292 1020  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92      C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:04:13.0401 1020  SrvHsfV92 - ok
11:04:13.0432 1020  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac    C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:04:13.0494 1020  SrvHsfWinac - ok
11:04:13.0526 1020  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:04:13.0572 1020  srvnet - ok
11:04:13.0604 1020  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
11:04:13.0697 1020  SSDPSRV - ok
11:04:13.0713 1020  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
11:04:13.0806 1020  SstpSvc - ok
11:04:13.0838 1020  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
11:04:13.0869 1020  stexstor - ok
11:04:13.0931 1020  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
11:04:14.0009 1020  stisvc - ok
11:04:14.0040 1020  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:04:14.0072 1020  swenum - ok
11:04:14.0118 1020  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
11:04:14.0228 1020  swprv - ok
11:04:14.0306 1020  [ EC4DCA6539EB97376F1A1743D209D842 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
11:04:14.0399 1020  SynTP - ok
11:04:14.0462 1020  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
11:04:14.0602 1020  SysMain - ok
11:04:14.0633 1020  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:04:14.0696 1020  TabletInputService - ok
11:04:14.0711 1020  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
11:04:14.0805 1020  TapiSrv - ok
11:04:14.0820 1020  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
11:04:14.0898 1020  TBS - ok
11:04:14.0992 1020  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
11:04:15.0164 1020  Tcpip - ok
11:04:15.0226 1020  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:04:15.0288 1020  TCPIP6 - ok
11:04:15.0335 1020  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:04:15.0429 1020  tcpipreg - ok
11:04:15.0444 1020  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:04:15.0507 1020  TDPIPE - ok
11:04:15.0538 1020  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
11:04:15.0569 1020  TDTCP - ok
11:04:15.0600 1020  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
11:04:15.0694 1020  tdx - ok
11:04:15.0725 1020  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:04:15.0772 1020  TermDD - ok
11:04:15.0819 1020  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
11:04:15.0944 1020  TermService - ok
11:04:15.0959 1020  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
11:04:16.0006 1020  Themes - ok
11:04:16.0022 1020  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
11:04:16.0100 1020  THREADORDER - ok
11:04:16.0115 1020  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
11:04:16.0224 1020  TrkWks - ok
11:04:16.0287 1020  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:04:16.0365 1020  TrustedInstaller - ok
11:04:16.0412 1020  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:04:16.0505 1020  tssecsrv - ok
11:04:16.0552 1020  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:04:16.0614 1020  TsUsbFlt - ok
11:04:16.0630 1020  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
11:04:16.0677 1020  TsUsbGD - ok
11:04:16.0739 1020  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:04:16.0848 1020  tunnel - ok
11:04:16.0880 1020  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:04:16.0926 1020  uagp35 - ok
11:04:16.0958 1020  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:04:17.0067 1020  udfs - ok
11:04:17.0098 1020  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
11:04:17.0145 1020  UI0Detect - ok
11:04:17.0176 1020  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:04:17.0223 1020  uliagpkx - ok
11:04:17.0254 1020  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
11:04:17.0332 1020  umbus - ok
11:04:17.0363 1020  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
11:04:17.0410 1020  UmPass - ok
11:04:17.0457 1020  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
11:04:17.0550 1020  upnphost - ok
11:04:17.0582 1020  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
11:04:17.0613 1020  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
11:04:17.0613 1020  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
11:04:17.0644 1020  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
11:04:17.0691 1020  usbccgp - ok
11:04:17.0738 1020  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:04:17.0784 1020  usbcir - ok
11:04:17.0831 1020  [ 74EE782B1D9C241EFE425565854C661C ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
11:04:17.0878 1020  usbehci - ok
11:04:17.0909 1020  [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter      C:\Windows\system32\DRIVERS\usbfilter.sys
11:04:17.0940 1020  usbfilter - ok
11:04:17.0972 1020  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:04:18.0050 1020  usbhub - ok
11:04:18.0081 1020  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
11:04:18.0112 1020  usbohci - ok
11:04:18.0143 1020  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:04:18.0190 1020  usbprint - ok
11:04:18.0237 1020  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
11:04:18.0284 1020  usbscan - ok
11:04:18.0299 1020  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:04:18.0346 1020  USBSTOR - ok
11:04:18.0362 1020  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
11:04:18.0408 1020  usbuhci - ok
11:04:18.0440 1020  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
11:04:18.0502 1020  usbvideo - ok
11:04:18.0533 1020  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
11:04:18.0627 1020  UxSms - ok
11:04:18.0642 1020  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
11:04:18.0674 1020  VaultSvc - ok
11:04:18.0705 1020  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:04:18.0736 1020  vdrvroot - ok
11:04:18.0783 1020  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
11:04:18.0892 1020  vds - ok
11:04:18.0939 1020  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
11:04:18.0986 1020  vga - ok
11:04:19.0001 1020  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
11:04:19.0095 1020  VgaSave - ok
11:04:19.0142 1020  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
11:04:19.0173 1020  vhdmp - ok
11:04:19.0204 1020  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:04:19.0235 1020  viaide - ok
11:04:19.0266 1020  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:04:19.0313 1020  volmgr - ok
11:04:19.0360 1020  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
11:04:19.0407 1020  volmgrx - ok
11:04:19.0422 1020  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
11:04:19.0469 1020  volsnap - ok
11:04:19.0500 1020  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
11:04:19.0547 1020  vsmraid - ok
11:04:19.0625 1020  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
11:04:19.0812 1020  VSS - ok
11:04:19.0859 1020  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:04:19.0937 1020  vwifibus - ok
11:04:19.0968 1020  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:04:20.0031 1020  vwififlt - ok
11:04:20.0062 1020  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
11:04:20.0156 1020  W32Time - ok
11:04:20.0187 1020  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:04:20.0249 1020  WacomPen - ok
11:04:20.0280 1020  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:04:20.0390 1020  WANARP - ok
11:04:20.0405 1020  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:04:20.0483 1020  Wanarpv6 - ok
11:04:20.0546 1020  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
11:04:20.0655 1020  WatAdminSvc - ok
11:04:20.0733 1020  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
11:04:20.0889 1020  wbengine - ok
11:04:20.0904 1020  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:04:20.0967 1020  WbioSrvc - ok
11:04:21.0014 1020  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
11:04:21.0076 1020  wcncsvc - ok
11:04:21.0107 1020  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:04:21.0170 1020  WcsPlugInService - ok
11:04:21.0185 1020  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
11:04:21.0216 1020  Wd - ok
11:04:21.0279 1020  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:04:21.0357 1020  Wdf01000 - ok
11:04:21.0372 1020  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:04:21.0544 1020  WdiServiceHost - ok
11:04:21.0544 1020  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
11:04:21.0591 1020  WdiSystemHost - ok
11:04:21.0606 1020  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
11:04:21.0731 1020  WebClient - ok
11:04:21.0794 1020  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:04:21.0918 1020  Wecsvc - ok
11:04:21.0934 1020  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
11:04:22.0012 1020  wercplsupport - ok
11:04:22.0059 1020  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:04:22.0137 1020  WerSvc - ok
11:04:22.0184 1020  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:04:22.0246 1020  WfpLwf - ok
11:04:22.0277 1020  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:04:22.0308 1020  WIMMount - ok
11:04:22.0340 1020  WinDefend - ok
11:04:22.0355 1020  WinHttpAutoProxySvc - ok
11:04:22.0433 1020  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
11:04:22.0527 1020  Winmgmt - ok
11:04:22.0620 1020  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
11:04:22.0839 1020  WinRM - ok
11:04:22.0901 1020  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:04:22.0964 1020  WinUsb - ok
11:04:23.0026 1020  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
11:04:23.0104 1020  Wlansvc - ok
11:04:23.0276 1020  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:04:23.0416 1020  wlidsvc - ok
11:04:23.0463 1020  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
11:04:23.0494 1020  WmiAcpi - ok
11:04:23.0541 1020  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:04:23.0603 1020  wmiApSrv - ok
11:04:23.0634 1020  WMPNetworkSvc - ok
11:04:23.0681 1020  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:04:23.0744 1020  WPCSvc - ok
11:04:23.0759 1020  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:04:23.0837 1020  WPDBusEnum - ok
11:04:23.0884 1020  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
11:04:23.0978 1020  ws2ifsl - ok
11:04:24.0009 1020  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
11:04:24.0071 1020  wscsvc - ok
11:04:24.0087 1020  WSearch - ok
11:04:24.0180 1020  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:04:24.0305 1020  wuauserv - ok
11:04:24.0336 1020  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:04:24.0414 1020  WudfPf - ok
11:04:24.0477 1020  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:04:24.0586 1020  WUDFRd - ok
11:04:24.0617 1020  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
11:04:24.0695 1020  wudfsvc - ok
11:04:24.0726 1020  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
11:04:24.0789 1020  WwanSvc - ok
11:04:24.0820 1020  ================ Scan global ===============================
11:04:24.0836 1020  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:04:24.0882 1020  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
11:04:24.0914 1020  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
11:04:24.0945 1020  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:04:24.0976 1020  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:04:25.0007 1020  [Global] - ok
11:04:25.0007 1020  ================ Scan MBR ==================================
11:04:25.0023 1020  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:04:25.0569 1020  \Device\Harddisk0\DR0 - ok
11:04:25.0569 1020  ================ Scan VBR ==================================
11:04:25.0584 1020  [ CC19002F1A2549251F24115F36038378 ] \Device\Harddisk0\DR0\Partition1
11:04:25.0584 1020  \Device\Harddisk0\DR0\Partition1 - ok
11:04:25.0616 1020  [ 098F8FD3AFDE6FB790CDB0319490B21D ] \Device\Harddisk0\DR0\Partition2
11:04:25.0616 1020  \Device\Harddisk0\DR0\Partition2 - ok
11:04:25.0662 1020  [ E6678DEA60319DCB04F22FF5B0FAED69 ] \Device\Harddisk0\DR0\Partition3
11:04:25.0662 1020  \Device\Harddisk0\DR0\Partition3 - ok
11:04:25.0694 1020  [ 8C5F7B331DCCB8A00D4AF4C1A8C82F01 ] \Device\Harddisk0\DR0\Partition4
11:04:25.0694 1020  \Device\Harddisk0\DR0\Partition4 - ok
11:04:25.0694 1020  ============================================================
11:04:25.0694 1020  Scan finished
11:04:25.0694 1020  ============================================================
11:04:25.0725 3296  Detected object count: 3
11:04:25.0725 3296  Actual detected object count: 3
11:15:19.0090 3296  FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - skipped by user
11:15:19.0090 3296  FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:15:19.0090 3296  IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
11:15:19.0090 3296  IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:15:19.0100 3296  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
11:15:19.0100 3296  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

wegen den vielen errors...liegt das daran das ich mal (weil ich einen work pc hab) per internetanleitung einige angeblich unnötige sachen deaktiviert hab, wodurch er anscheinend schneller werden soll ?

DANKE schonmal!
liebe grüsleins

markusg 18.01.2013 18:14
Hi
das man fehlermeldungen hatt, in der event anzeige ist normal.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

siskat 18.01.2013 20:46
Code:
ComboFix 13-01-17.04 - grinsekathze 18.01.2013  20:21:22.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.1643.893 [GMT 1:00]
ausgeführt von:: c:\users\grinsekathze\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Codecv
c:\programdata\Codecv\background.html
c:\programdata\Codecv\content.js
c:\programdata\Codecv\cpbmkibemaidoekhhilpbncccjlanopj.crx
c:\programdata\Codecv\data\content.js
c:\programdata\Codecv\data\jsondb.js
c:\programdata\Codecv\settings.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-18 bis 2013-01-18  ))))))))))))))))))))))))))))))
.
.
2013-01-18 19:30 . 2013-01-18 19:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-01-18 09:52 . 2013-01-08 05:32        9161176        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F51BAE48-AE8A-402E-955C-A431863DC46C}\mpengine.dll
2013-01-17 10:22 . 2013-01-17 10:22        --------        d-----w-        c:\users\grinsekathze\.thumbnails
2013-01-17 10:19 . 2013-01-17 10:19        --------        d-----w-        c:\users\grinsekathze\AppData\Local\fontconfig
2013-01-17 10:19 . 2013-01-17 11:00        --------        d-----w-        c:\users\grinsekathze\.gimp-2.8
2013-01-17 10:19 . 2013-01-17 10:19        --------        d-----w-        c:\users\grinsekathze\AppData\Local\gegl-0.2
2013-01-17 10:13 . 2013-01-17 10:15        --------        d-----w-        c:\program files\GIMP 2
2013-01-10 14:05 . 2012-11-09 05:45        750592        ----a-w-        c:\windows\system32\win32spl.dll
2013-01-10 14:05 . 2012-11-09 04:43        492032        ----a-w-        c:\windows\SysWow64\win32spl.dll
2013-01-10 14:05 . 2012-11-01 05:43        2002432        ----a-w-        c:\windows\system32\msxml6.dll
2013-01-10 14:05 . 2012-11-01 05:43        1882624        ----a-w-        c:\windows\system32\msxml3.dll
2013-01-10 14:05 . 2012-11-01 04:47        1389568        ----a-w-        c:\windows\SysWow64\msxml6.dll
2013-01-10 14:05 . 2012-11-01 04:47        1236992        ----a-w-        c:\windows\SysWow64\msxml3.dll
2013-01-10 14:05 . 2012-11-20 05:48        307200        ----a-w-        c:\windows\system32\ncrypt.dll
2013-01-10 14:05 . 2012-11-20 04:51        220160        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2013-01-10 14:04 . 2012-11-23 03:13        68608        ----a-w-        c:\windows\system32\taskhost.exe
2013-01-10 14:04 . 2012-11-23 03:26        3149824        ----a-w-        c:\windows\system32\win32k.sys
2013-01-09 15:05 . 2013-01-09 15:05        --------        d-----w-        c:\users\grinsekathze\AppData\Roaming\Funmoods
2013-01-09 15:04 . 2013-01-09 15:04        --------        d-----w-        c:\users\grinsekathze\AppData\Local\PutLockerDownloader
2013-01-06 11:19 . 2013-01-06 11:19        --------        d-----w-        c:\users\grinsekathze\AppData\Roaming\iScreensaver
2013-01-05 13:36 . 2013-01-05 13:36        --------        d-----w-        c:\users\grinsekathze\AppData\Local\WinZip
2012-12-21 20:42 . 2012-12-16 17:11        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-21 20:42 . 2012-12-16 14:13        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-21 20:42 . 2012-12-16 14:45        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-21 20:42 . 2012-12-16 14:13        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 07:06 . 2012-12-12 23:58        17811968        ----a-w-        c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 23:58        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 23:59        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 23:59        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 23:59        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 23:59        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 23:59        237056        ----a-w-        c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 23:59        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 23:59        816640        ----a-w-        c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 23:59        599040        ----a-w-        c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 23:59        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 23:59        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 23:59        729088        ----a-w-        c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 23:59        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 23:59        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 23:59        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 23:59        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 23:59        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 23:59        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 23:59        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 23:59        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 23:59        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 09:43        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 09:43        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 09:42        478208        ----a-w-        c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 09:42        376832        ----a-w-        c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\grinsekathze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-06 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-06 298144]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-06 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-06 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-06 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-06 279200]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-26 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-12 77952]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-12 37504]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-04 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-12 86224]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-06 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-06 53920]
S2 FreemiumSystemStoreService;Freemium System Store Service;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe  -displayname Freemium System Store Service -servicename:FreemiumSystemStoreService [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-01 115216]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-06 28832]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-02-09 31088]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-06 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-06 379040]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.at/
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0B0FtDyD0C0C0E0FtBzytN0D0Tzu0CtAyByDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1302105681
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0B0FtDyD0C0C0E0FtBzytN0D0Tzu0CtAyByDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1302105681
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0B0FtDyD0C0C0E0FtBzytN0D0Tzu0CtAyByDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1302105681&q=
FF - user.js: extensions.funmoods.id - D0DF9ABF05CCEF29
FF - user.js: extensions.funmoods.instlDay - 15714
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2216:4:42
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{2D588057-BD3F-075B-B569-0C8FC43F046B} - c:\programdata\Codecv\bhoclass.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-1ClickDownload - c:\program files (x86)\Movie2KDownloader.com\uninst.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FreemiumSystemStoreService]
"ImagePath"="\"c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe\"  -displayname \"Freemium System Store Service\" -servicename:FreemiumSystemStoreService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-118737067-2683697216-1242472475-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:76,d1,19,14,b5,30,fd,69,cd,83,74,41,da,e3,ac,7d,ee,c9,d9,d9,8a,c8,b2,
  f6,17,19,92,75,e5,fd,cb,8b,a6,4a,92,8f,bc,bb,b1,be,f4,5a,d3,8e,a9,09,f9,0a,\
"??"=hex:f7,a7,5b,65,81,72,06,82,12,46,31,47,31,e1,b6,f8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-18  20:40:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-18 19:40
.
Vor Suchlauf: 8 Verzeichnis(se), 193.322.848.256 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 195.542.134.784 Bytes frei
.
- - End Of File - - 168E2C9F4172BF5CE777795C92D16A99


hatte keine fehlermeldung beim neustart

browse to save is noch da =(

mir fällt grad ein..mal ned wichtige frage...

was is das genau? trojaner oder was? was richtet es an auf meinem laptop?
spioniert das alles aus was ich mache?
d.h. sollt ich mir sorgen machen wegen passwörtern, netbanking etc?
wie gefährlich is das ding?

danke und lg

markusg 19.01.2013 18:15
Hi
das ist adware, sorgen musst du dir keine machen.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

siskat 20.01.2013 13:19
hier das log von malwarebytes

leider ist browse to save noch immmer da

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.20.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
grinsekathze :: GRINSEKATHZE-PC [Administrator]

20.01.2013 10:39:25
mbam-log-2013-01-20 (10-39-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 322813
Laufzeit: 1 Stunde(n), 44 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 11
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\ProgramData\Codec\Codec.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\grinsekathze\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\grinsekathze\AppData\Local\funmoods.crx (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\grinsekathze\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\grinsekathze\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\grinsekathze\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

lg

markusg 20.01.2013 20:06
Hi
dafür aber einige anderen Toolbars, wir kommen voran.
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

siskat 21.01.2013 12:11
Code:
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        17.01.2013        6,00MB        11.4.402.278        UNNÖTIG BZW UNBEKANNT weiß nicht wie wichtig und für was es gut ist
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        17.01.2013        6,00MB        11.4.402.287        UNNÖTIG BZW UNBEKANNT weiß nicht wie wichtig und für was es gut ist
Adobe Reader XI (11.0.01) - Deutsch        Adobe Systems Incorporated        13.01.2013        133MB        11.0.01        NOTWENDIG
Atheros Driver Installation Program        Atheros        16.08.2011                9.2                        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
ATI Catalyst Install Manager        ATI Technologies, Inc.        16.08.2011        22,4MB        3.0.808.0        NOTWENDIG ?? ati = grafikkarte?
Avira Free Antivirus        Avira        17.01.2013        105MB        12.1.9.1236                        UNNÖTIG
Bluetooth Win7 Suite (64)        Atheros Communications        16.08.2011        59,4MB        7.02.000.55        UNNÖTIG
Bonjour        Apple Inc.        26.12.2011        2,04MB        3.0.0.10                                        UNNÖTIG BZW UNBEKANNT weiß nicht wie wichtig und für was es gut ist
CCleaner        Piriform        19.12.2012                3.26                                        NOTWENDIG
Cisco EAP-FAST Module        Cisco Systems, Inc.        16.08.2011        1,55MB        2.2.14        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Cisco LEAP Module        Cisco Systems, Inc.        16.08.2011        644KB        1.0.19                UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Cisco PEAP Module        Cisco Systems, Inc.        16.08.2011        1,23MB        1.1.6        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
CyberLink YouCam        CyberLink Corp.        16.08.2011        102MB        3.2.1.3726                UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Energy Star Digital Logo        Hewlett-Packard        16.08.2011        300KB        1.0.1                UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
FreeRIP 3.92        GreenTree Applications SRL        17.01.2013                3.92                UNNÖTIG
GIMP 2.8.2        The GIMP Team        17.01.2013        244MB        2.8.2                        UNNÖTIG
HP Documentation        Hewlett-Packard        10.05.2011        304MB        1.1.0.0                                UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind
HP On Screen Display        Hewlett-Packard Company        10.05.2011        1,43MB        1.0.7                UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind
HP Power Manager        Hewlett-Packard Company        16.08.2011        3,61MB        1.2.1                UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind
HP Quick Launch        Hewlett-Packard Company        10.05.2011        7,14MB        2.3.6                        UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind
HP Setup        Hewlett-Packard Company        10.05.2011                8.5.4526.3645                UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind
HP Software Framework        Hewlett-Packard Company        10.05.2011        2,80MB        4.0.108.1        UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind
HP Support Assistant        Hewlett-Packard Company        10.05.2011        62,9MB        5.1.11.1                UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind
HP Wireless Assistant        Hewlett-Packard        10.05.2011        5,60MB        4.0.10.0                        NOTWENDIG - wlan
Java(TM) 6 Update 22        Oracle        10.05.2011        97,0MB        6.0.220                                UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Java(TM) 6 Update 22 (64-bit)        Oracle        10.05.2011        90,6MB        6.0.220                        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
JDownloader 0.9        AppWork GmbH        19.01.2013                0.9                        UNNÖTIG
Malwarebytes Anti-Malware Version 1.70.0.1100        Malwarebytes Corporation        20.01.2013        18,4MB        1.70.0.1100        NOTWENDIG sollt ich ev. behalten?
Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        12.09.2012        90,8MB        12.0.4518.1014        NOTWENDIG
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        10.05.2011        1,69MB        3.1.0000        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        03.03.2012        338KB        8.0.59193                UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        16.08.2011        620KB        8.0.59192        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2005 Redistributable - KB2467175        Microsoft Corporation        03.03.2012        308KB        8.0.51011                UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        10.05.2011        788KB        9.0.30729        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        16.08.2011        788KB        9.0.30729.4148        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        08.11.2012        788KB        9.0.30729.6161        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        16.08.2011        592KB        9.0.30729.4148        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        08.11.2012        600KB        9.0.30729.6161        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        16.08.2011        13,6MB        10.0.30319        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        24.11.2011        11,1MB        10.0.40219        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft_VC90_CRT_x86        Microsoft Corporation        10.05.2011        1,37MB        1.0.0                                                        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Mozilla Firefox 18.0.1 (x86 de)        Mozilla        19.01.2013        52,1MB        18.0.1                                        NOTWENDIG
Mozilla Maintenance Service        Mozilla        19.01.2013        330KB        18.0.1                                                UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
OpenOffice.org 3.4.1        Apache Software Foundation        08.11.2012        331MB        3.41.9593                NOTWENDIG
Realtek Ethernet Controller Driver        Realtek        16.08.2011                7.42.304.2011                                UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist (router???)
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        16.08.2011                6.0.1.6287        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Realtek PCIE Card Reader        Realtek Semiconductor Corp.        16.08.2011                6.1.7600.77                UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Sandboxie 3.76 (64-bit)        SANDBOXIE L.T.D        20.01.2013                3.76                                NOTWENDIG
Skype™ 5.1        Skype Technologies S.A.        10.05.2011        22,5MB        5.1.104                                        UNNÖTIG
Synaptics Pointing Device Driver        Synaptics Incorporated        16.08.2011        46,4MB        15.2.4.3                        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
VLC media player 2.0.4        VideoLAN        08.11.2012                2.0.4                                                NOTWENGIG
Windows Live Essentials        Microsoft Corporation        10.05.2011                15.4.3508.1109                        UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Windows Media Player Firefox Plugin        Microsoft Corp        21.01.2012        296KB        1.0.0.8                                UNNÖTIG
WinRAR 4.10 beta 2 (64-bit)        win.rar GmbH        14.12.2011                4.10.2                                UNNÖTIG
WinZip 14.5        WinZip Computing, S.L.        24.11.2011        19,9MB        14.5.9095                                UNNÖTIG
µTorrent                17.01.2013                3.0.0                                                                UNNÖTIG


....bei den meisten blinkt zwar ein lamperl in meinem kopf wenn ichs les, weiß aber einfach nicht wozu es gut ist ..sorry :crazy:

hab auch schon überlegt neu aufzusetzen aber das hab ich noch nie gemacht und hab davor bisschen schiss, zumal die recovery auf laufwerk D is und ich keine cd hab --> null plan^^

sandboxie hat mir mein bruder empfohlen und benutz ich jez auch seit samstag

aja, mein laptop is übrigens seit dem herumgelösche etc um einiges langsamer geworden bzw er reagiertt irgendwie langsamer ... :confused:

grüsleins

edit
mir fällt grad ein dass ich ja vor einigen tagen in der msconfig die meisten "nicht-microsoft-dienste" deaktiviert hab...auf anraten mit begründung dass er dann schneller läuft....hmm...läuft er deshalb jetzt vielleicht langsamer??

markusg 21.01.2013 13:01
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader download - All versions
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
CyberLink
FreeRIP
GIMP
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
JDownloader
Windows Live : für dich unnötige.
µTorrent

Öffne mal malwarebytes, und gucke, ob der Hintergrund wächter aktiv ist, falls ja, deaktivieren, neustarten und testen.
öffne CCleaner, extras, autostart liste, pals txt speichern inhalt posten.
warum konfigurierst du irgendwas an dem gerät, frag doch einfach mal vorher...
macht mir die arbeit nicht unbedingt einfacher.
Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

siskat 21.01.2013 13:36
bei freerip:

error: 2 - das system kann die angegebene datei nicht finden.

bei jdownloader steht
no JVM could be found on your system.
please define EXEJ_JAVA_HOME
to point to an installed 32-bit JDK or JRE or download a JRE from www.java.com


mc afee security scan plus hats trotzdem installiert obwohl ich den haken weggeklickt habe..

markusg 21.01.2013 13:42
hi
die Deinstalation mal hiermit versuchen:
http://www.hijackthis-forum.de/tipps...installer.html

siskat 21.01.2013 15:02
adw cleaner nach neustart

Code:
# AdwCleaner v2.106 - Datei am 21/01/2013 um 14:52:26 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : grinsekathze - GRINSEKATHZE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\grinsekathze\Desktop\adwcleaner06.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\funmoods.xml
Datei Gefunden : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\SweetIm.xml
Datei Gefunden : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\Web Search.xml
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\ProgramData\FreeRIP
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Premium
Ordner Gefunden : C:\Users\grinsekathze\AppData\Local\Conduit
Ordner Gefunden : C:\Users\grinsekathze\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\grinsekathze\AppData\Roaming\Funmoods
Ordner Gefunden : C:\Users\grinsekathze\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\grinsekathze\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\1ClickDownload
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\Software\InstallCore
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Schlüssel Gefunden : HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\prefs.js

Gefunden : user_pref("extensions.501e6fa18eea5.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gefunden : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Gefunden : user_pref("extensions.enabledAddons", "501e6fa18edf8%40501e6fa18ee31.info:1.0,DivXWebPlayer%40divx.c[...]
Gefunden : user_pref("extensions.ffxtlbr@funmoods.com.install-event-fired", true);
Gefunden : user_pref("extensions.ffxtlbra@softonic.com.install-event-fired", true);
Gefunden : user_pref("extensions.funmoods.aflt", "nv1");
Gefunden : user_pref("extensions.funmoods.autoRvrt", false);
Gefunden : user_pref("extensions.funmoods.cntry", "AT");
Gefunden : user_pref("extensions.funmoods.cv", "cv5");
Gefunden : user_pref("extensions.funmoods.dfltLng", "");
Gefunden : user_pref("extensions.funmoods.dfltSrch", true);
Gefunden : user_pref("extensions.funmoods.dnsErr", true);
Gefunden : user_pref("extensions.funmoods.envrmnt", "production");
Gefunden : user_pref("extensions.funmoods.excTlbr", false);
Gefunden : user_pref("extensions.funmoods.hdrMd5", "95A62F3E1104E70F6B5ADABB17E13675");
Gefunden : user_pref("extensions.funmoods.hmpg", true);
Gefunden : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1[...]
Gefunden : user_pref("extensions.funmoods.id", "D0DF9ABF05CCEF29");
Gefunden : user_pref("extensions.funmoods.instlDay", "15714");
Gefunden : user_pref("extensions.funmoods.instlRef", "nv1");
Gefunden : user_pref("extensions.funmoods.isdcmntcmplt", true);
Gefunden : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2216:4:42");
Gefunden : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Gefunden : user_pref("extensions.funmoods.newTab", true);
Gefunden : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2[...]
Gefunden : user_pref("extensions.funmoods.prdct", "funmoods");
Gefunden : user_pref("extensions.funmoods.prtnrId", "funmoods");
Gefunden : user_pref("extensions.funmoods.sg", "none");
Gefunden : user_pref("extensions.funmoods.smplGrp", "none");
Gefunden : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Gefunden : user_pref("extensions.funmoods.tlbrId", "base");
Gefunden : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEt[...]
Gefunden : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Gefunden : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2216:4:42");
Gefunden : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Gefunden : user_pref("extensions.funmoods_i.newTab", true);
Gefunden : user_pref("extensions.funmoods_i.smplGrp", "none");
Gefunden : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:4:42");
Gefunden : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gefunden : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gefunden : user_pref("extensions.softonic_i.aflt", "SD");
Gefunden : user_pref("extensions.softonic_i.dfltLng", "de");
Gefunden : user_pref("extensions.softonic_i.excTlbr", false);
Gefunden : user_pref("extensions.softonic_i.id", "6eacef29000000000000d0df9abf4704");
Gefunden : user_pref("extensions.softonic_i.instlDay", "15395");
Gefunden : user_pref("extensions.softonic_i.instlRef", "MON00016");
Gefunden : user_pref("extensions.softonic_i.newTab", false);
Gefunden : user_pref("extensions.softonic_i.prdct", "softonic");
Gefunden : user_pref("extensions.softonic_i.prtnrId", "softonic");
Gefunden : user_pref("extensions.softonic_i.smplGrp", "eng7");
Gefunden : user_pref("extensions.softonic_i.tlbrId", "de12JANdefault_chrome");
Gefunden : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00016/tb_v1?SearchSour[...]
Gefunden : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Gefunden : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.521:56:21");
Gefunden : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
Gefunden : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&[...]

*************************

AdwCleaner[R1].txt - [10860 octets] - [20/01/2013 18:38:10]
AdwCleaner[R2].txt - [10663 octets] - [21/01/2013 14:52:26]

########## EOF - C:\AdwCleaner[R2].txt - [10724 octets] ##########

ccleaner autostartliste nach neustart

Code:
Ja        HKCU:Run        SandboxieControl        SANDBOXIE L.T.D        "C:\Program Files\Sandboxie\SbieCtrl.exe"
Ja        HKLM:Run        Adobe ARM        Adobe Systems Incorporated        "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja        HKLM:Run        AthBtTray        Atheros Commnucations        "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
Ja        HKLM:Run        AtherosBtStack        Atheros Communications        "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
Ja        HKLM:Run        avgnt        Avira Operations GmbH & Co. KG        "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Ja        HKLM:Run        HP Quick Launch        Hewlett-Packard Development Company, L.P.        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
Ja        HKLM:Run        HPOSD        Hewlett-Packard Development Company, L.P.        C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
Ja        HKLM:Run        HPWirelessAssistant                C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
Ja        HKLM:Run        RTHDVCPL        Realtek Semiconductor        C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
Ja        HKLM:Run        SynTPEnh        Synaptics Incorporated        %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Ja        Startup User        OpenOffice.org 3.4.1.lnk                C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

jdownloader entfernen hat funktioniert mit revo
freerip is aus der deinstal liste bei ccleaner verschwunden, wurde aba nicht deinstalliert...finde freerip auch mit revo nichtmehr

soll ich die quarantäneliste von malwarebytes löschen?

achja hab auch gleich mit revo den mc afee sec scan gelöscht

hintergrundwächter find ich nicht bei malwarebytes

thx

markusg 21.01.2013 15:11
ccleaner Autostart, alle Haken raus, außer:
SandboxieControl
avgnt
HPWirelessAssistant
SynTPEnh
und den haken bei startup raus.
neustarten.


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)


neustarten, teste, wie der PC läuft + Programme wie browser.

siskat 21.01.2013 17:22
ja, mein lappi is definitiv wieder schneller :Boogie:

log nach 1xneustart

Code:
# AdwCleaner v2.106 - Datei am 21/01/2013 um 17:04:18 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : grinsekathze - GRINSEKATHZE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\grinsekathze\Desktop\adwcleaner06.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\funmoods.xml
Datei Gelöscht : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\FreeRIP
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\grinsekathze\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\grinsekathze\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\grinsekathze\AppData\Roaming\Funmoods
Ordner Gelöscht : C:\Users\grinsekathze\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\grinsekathze\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\prefs.js

C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.501e6fa18eea5.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gelöscht : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Gelöscht : user_pref("extensions.enabledAddons", "501e6fa18edf8%40501e6fa18ee31.info:1.0,DivXWebPlayer%40divx.c[...]
Gelöscht : user_pref("extensions.ffxtlbr@funmoods.com.install-event-fired", true);
Gelöscht : user_pref("extensions.ffxtlbra@softonic.com.install-event-fired", true);
Gelöscht : user_pref("extensions.funmoods.aflt", "nv1");
Gelöscht : user_pref("extensions.funmoods.autoRvrt", false);
Gelöscht : user_pref("extensions.funmoods.cntry", "AT");
Gelöscht : user_pref("extensions.funmoods.cv", "cv5");
Gelöscht : user_pref("extensions.funmoods.dfltLng", "");
Gelöscht : user_pref("extensions.funmoods.dfltSrch", true);
Gelöscht : user_pref("extensions.funmoods.dnsErr", true);
Gelöscht : user_pref("extensions.funmoods.envrmnt", "production");
Gelöscht : user_pref("extensions.funmoods.excTlbr", false);
Gelöscht : user_pref("extensions.funmoods.hdrMd5", "95A62F3E1104E70F6B5ADABB17E13675");
Gelöscht : user_pref("extensions.funmoods.hmpg", true);
Gelöscht : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1[...]
Gelöscht : user_pref("extensions.funmoods.id", "D0DF9ABF05CCEF29");
Gelöscht : user_pref("extensions.funmoods.instlDay", "15714");
Gelöscht : user_pref("extensions.funmoods.instlRef", "nv1");
Gelöscht : user_pref("extensions.funmoods.isdcmntcmplt", true);
Gelöscht : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2216:4:42");
Gelöscht : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.funmoods.newTab", true);
Gelöscht : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2[...]
Gelöscht : user_pref("extensions.funmoods.prdct", "funmoods");
Gelöscht : user_pref("extensions.funmoods.prtnrId", "funmoods");
Gelöscht : user_pref("extensions.funmoods.sg", "none");
Gelöscht : user_pref("extensions.funmoods.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Gelöscht : user_pref("extensions.funmoods.tlbrId", "base");
Gelöscht : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEt[...]
Gelöscht : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2216:4:42");
Gelöscht : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods_i.newTab", true);
Gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:4:42");
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("extensions.softonic_i.aflt", "SD");
Gelöscht : user_pref("extensions.softonic_i.dfltLng", "de");
Gelöscht : user_pref("extensions.softonic_i.excTlbr", false);
Gelöscht : user_pref("extensions.softonic_i.id", "6eacef29000000000000d0df9abf4704");
Gelöscht : user_pref("extensions.softonic_i.instlDay", "15395");
Gelöscht : user_pref("extensions.softonic_i.instlRef", "MON00016");
Gelöscht : user_pref("extensions.softonic_i.newTab", false);
Gelöscht : user_pref("extensions.softonic_i.prdct", "softonic");
Gelöscht : user_pref("extensions.softonic_i.prtnrId", "softonic");
Gelöscht : user_pref("extensions.softonic_i.smplGrp", "eng7");
Gelöscht : user_pref("extensions.softonic_i.tlbrId", "de12JANdefault_chrome");
Gelöscht : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00016/tb_v1?SearchSour[...]
Gelöscht : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Gelöscht : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.521:56:21");
Gelöscht : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
Gelöscht : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&[...]

*************************

AdwCleaner[R1].txt - [10860 octets] - [20/01/2013 18:38:10]
AdwCleaner[R2].txt - [10768 octets] - [21/01/2013 14:52:26]
AdwCleaner[S2].txt - [10690 octets] - [21/01/2013 17:04:18]

########## EOF - C:\AdwCleaner[S2].txt - [10751 octets] ##########

browse to safe noch da ..is ja schräg

edit
browser startet zwar schneller aber switch zwischen den tabs ir ur zach

markusg 21.01.2013 17:38
hi
dann poste mir mal ein neues OTL log. das Teil werden wir schon los.

siskat 21.01.2013 18:13
biddesehr

Code:
OTL logfile created on: 21.01.2013 17:49:11 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\grinsekathze\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,60 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 57,79% Memory free
3,21 Gb Paging File | 2,13 Gb Available in Paging File | 66,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,84 Gb Total Space | 183,55 Gb Free Space | 64,90% Space Free | Partition Type: NTFS
Drive D: | 14,95 Gb Total Space | 1,85 Gb Free Space | 12,35% Space Free | Partition Type: NTFS
 
Computer Name: GRINSEKATHZE-PC | User Name: grinsekathze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\grinsekathze\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (FreemiumSystemStoreService) -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.at/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 09:57:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.21 14:05:24 | 000,000,000 | ---D | M]
 
[2011.11.24 14:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\Extensions
[2013.01.15 20:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\Firefox\Profiles\00ave1we.default\extensions
[2012.08.05 14:07:13 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\Firefox\Profiles\00ave1we.default\extensions\501e6fa18edf8@501e6fa18ee31.info
[2013.01.15 20:41:53 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.02.20 12:00:03 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\DivXWebPlayer@divx.com.xpi
[2013.01.15 20:37:18 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.01.15 20:41:53 | 000,533,036 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.01.15 20:41:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.10 20:28:13 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011.12.01 19:17:22 | 000,002,289 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\ecosia.xml
[2011.11.24 14:09:31 | 000,002,314 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\forestle-de.xml
[2013.01.19 09:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.19 09:57:29 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.18 08:21:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 16:58:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.18 08:21:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.18 08:21:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.18 08:21:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.18 08:21:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.18 20:33:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Codecv Class) - {2D588057-BD3F-075B-B569-0C8FC43F046B} - C:\ProgramData\Codecv\bhoclass.dll File not found
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKU\S-1-5-21-118737067-2683697216-1242472475-1002..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Users\grinsekathze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F7FB87-78B2-4A8C-A823-CC7F3395D176}: DhcpNameServer = 10.0.0.138
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.21 17:45:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\grinsekathze\Desktop\OTL.exe
[2013.01.21 16:53:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.01.21 14:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013.01.21 14:25:05 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.01.21 14:24:23 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\grinsekathze\Desktop\revosetup.exe
[2013.01.21 14:10:29 | 001,081,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.01.21 14:10:29 | 000,308,640 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.01.21 14:09:52 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.01.21 14:09:52 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.01.21 14:09:52 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.01.21 14:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.01.21 14:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.21 14:02:28 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.21 14:02:28 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.21 13:59:25 | 032,970,656 | ---- | C] (Oracle Corporation) -- C:\Users\grinsekathze\Desktop\jre-7u11-windows-x64.exe
[2013.01.21 13:48:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.21 11:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.01.21 11:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.21 11:37:05 | 004,178,040 | ---- | C] (Piriform Ltd) -- C:\Users\grinsekathze\Desktop\ccsetup326.exe
[2013.01.20 14:00:56 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\Desktop\progs
[2013.01.20 10:37:44 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Roaming\Malwarebytes
[2013.01.20 10:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.20 10:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.20 10:37:01 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.20 10:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.20 10:35:47 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\grinsekathze\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.20 09:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2013.01.20 09:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2013.01.19 21:52:52 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\JDownloader 0.9
[2013.01.19 09:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.18 20:40:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.18 20:33:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.18 20:18:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.18 20:18:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.18 20:18:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.18 20:18:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.18 20:17:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.18 20:15:15 | 005,023,971 | R--- | C] (Swearware) -- C:\Users\grinsekathze\Desktop\ComboFix.exe
[2013.01.17 11:22:58 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\.thumbnails
[2013.01.17 11:19:36 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\fontconfig
[2013.01.17 11:19:32 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\gegl-0.2
[2013.01.17 11:19:32 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\.gimp-2.8
[2013.01.15 19:49:52 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\Desktop\OSTTIROL WICHTIG
[2013.01.10 15:05:33 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.10 15:05:33 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.10 15:05:11 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.10 15:04:48 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.09 16:04:11 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\PutLockerDownloader
[2013.01.09 16:03:44 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
[2013.01.06 12:19:59 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Roaming\iScreensaver
[2013.01.05 14:36:47 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\WinZip
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.21 17:53:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.21 17:45:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\grinsekathze\Desktop\OTL.exe
[2013.01.21 17:18:06 | 000,001,856 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013.01.21 17:14:54 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 17:14:54 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 17:13:53 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.21 17:13:53 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.21 17:13:53 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.21 17:13:53 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.21 17:13:53 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.21 17:07:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.21 14:51:30 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.01.21 14:25:05 | 000,001,264 | ---- | M] () -- C:\Users\grinsekathze\Desktop\Revo Uninstaller.lnk
[2013.01.21 14:24:28 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\grinsekathze\Desktop\revosetup.exe
[2013.01.21 14:09:32 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.01.21 14:09:31 | 000,308,640 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.01.21 14:09:31 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.01.21 14:09:30 | 001,081,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.01.21 14:09:30 | 000,960,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.01.21 14:09:30 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.01.21 14:05:24 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.21 14:02:28 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.21 14:02:28 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.21 13:59:59 | 032,970,656 | ---- | M] (Oracle Corporation) -- C:\Users\grinsekathze\Desktop\jre-7u11-windows-x64.exe
[2013.01.21 11:38:36 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.21 11:37:09 | 004,178,040 | ---- | M] (Piriform Ltd) -- C:\Users\grinsekathze\Desktop\ccsetup326.exe
[2013.01.20 18:37:11 | 000,574,677 | ---- | M] () -- C:\Users\grinsekathze\Desktop\adwcleaner06.exe
[2013.01.20 10:35:52 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\grinsekathze\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.19 21:56:47 | 000,002,183 | ---- | M] () -- C:\Users\grinsekathze\Desktop\JDownloader.lnk
[2013.01.19 09:04:19 | 000,004,030 | ---- | M] () -- C:\Users\grinsekathze\AppData\Local\recently-used.xbel
[2013.01.18 20:33:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.18 20:15:56 | 005,023,971 | R--- | M] (Swearware) -- C:\Users\grinsekathze\Desktop\ComboFix.exe
[2013.01.17 19:38:58 | 000,703,061 | ---- | M] () -- C:\Users\grinsekathze\Desktop\AP_A1_Umzugsservice.pdf
[2013.01.17 11:43:04 | 000,000,924 | ---- | M] () -- C:\Users\grinsekathze\Desktop\GIMP 2.lnk
[2013.01.17 11:37:45 | 000,000,485 | ---- | M] () -- C:\Windows\cdplayer.ini
[2013.01.17 11:37:39 | 000,001,534 | ---- | M] () -- C:\ProgramData\ss.ini
[2013.01.17 11:36:16 | 000,737,137 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0126.xcf
[2013.01.11 03:21:01 | 000,296,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.01.21 17:31:09 | 000,001,235 | ---- | C] () -- C:\Users\grinsekathze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.01.21 14:25:05 | 000,001,264 | ---- | C] () -- C:\Users\grinsekathze\Desktop\Revo Uninstaller.lnk
[2013.01.21 14:05:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.21 14:05:24 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.21 14:02:29 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.21 11:38:36 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.20 18:37:03 | 000,574,677 | ---- | C] () -- C:\Users\grinsekathze\Desktop\adwcleaner06.exe
[2013.01.20 09:45:28 | 000,001,856 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013.01.19 21:56:47 | 000,002,183 | ---- | C] () -- C:\Users\grinsekathze\Desktop\JDownloader.lnk
[2013.01.19 21:56:47 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.01.19 21:56:46 | 000,002,184 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.01.19 21:56:46 | 000,002,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.01.19 09:04:19 | 000,004,030 | ---- | C] () -- C:\Users\grinsekathze\AppData\Local\recently-used.xbel
[2013.01.18 20:18:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.18 20:18:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.18 20:18:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.18 20:18:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.18 20:18:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.17 19:08:43 | 000,703,061 | ---- | C] () -- C:\Users\grinsekathze\Desktop\AP_A1_Umzugsservice.pdf
[2013.01.17 11:34:52 | 000,737,137 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0126.xcf
[2013.01.17 11:19:25 | 000,000,924 | ---- | C] () -- C:\Users\grinsekathze\Desktop\GIMP 2.lnk
[2013.01.06 12:19:50 | 006,658,246 | ---- | C] () -- C:\Users\grinsekathze\Desktop\gezeitenweltglobus.EXE
[2012.12.07 11:56:23 | 000,000,485 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.12.07 11:32:59 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2012.02.25 21:59:17 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.12.11 17:37:20 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.28 12:49:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.11.24 17:20:17 | 000,007,599 | ---- | C] () -- C:\Users\grinsekathze\AppData\Local\Resmon.ResmonCfg
[2011.08.16 13:51:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.10 08:55:07 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.06.15 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Freemium
[2013.01.06 12:19:59 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\iScreensaver
[2011.11.24 14:58:03 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Jens Lorek
[2012.01.19 12:07:35 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\OpenOffice.org
[2012.01.19 11:57:55 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\SoftGrid Client
[2012.03.03 13:31:55 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Sony
[2011.11.24 14:03:21 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Synaptics
[2011.12.03 18:06:17 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\T-Mobile
[2011.12.11 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\TP
[2012.10.09 13:41:27 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
kann man meine supertolle *workstation* aka billiglappi =) irgendwie schneller, besser machen?
takten??

aja nochwas...hab da im board was gelesen dass avast! gscheiter wär als avira ..und irgendwas von "helf dir bei konfig"
soll ich das runterladen?
und soll ich mir adwcleaner und malwarebytes und ccleaner behalten und öfter mal durchlaufen lassen?

markusg 21.01.2013 18:19
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}ei={inputEncoding}fr=chr-hp-psgtype=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}form=CMNTDFpc=CMNTDFsrc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}ei={inputEncoding}fr=chr-hp-psgtype=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}form=CMNTDFpc=CMNTDFsrc=IE-SearchBox
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}ei={inputEncoding}fr=chr-hp-psgtype=CMNTDF
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}form=CMNTDFpc=CMNTDFsrc=IE-SearchBox
O2 - BHO: (Codecv Class) - {2D588057-BD3F-075B-B569-0C8FC43F046B} - C:\ProgramData\Codecv\bhoclass.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
 :Files
:Commands
[EMPTYFLASH]
[emptytemp]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
firefox lesezeichen sichern:
Lesezeichen sichern und wiederherstellen | Hilfe zu Firefox
firefox sauber deinstlaieren:
Firefox deinstallieren | Hilfe zu Firefox
ordner manuell löschen.
firefox reinstalieren und testen

siskat 21.01.2013 18:49
Code:
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
Registry key HKEY_USERS\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_USERS\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D588057-BD3F-075B-B569-0C8FC43F046B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D588057-BD3F-075B-B569-0C8FC43F046B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: grinsekathze
->Flash cache emptied: 548 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: grinsekathze
->Temp folder emptied: 9957344 bytes
->Temporary Internet Files folder emptied: 400947 bytes
->Java cache emptied: 1581812 bytes
->FireFox cache emptied: 65624232 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13410 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 74,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01212013_184313

Files\Folders moved on Reboot...
C:\Users\grinsekathze\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

so..jetzt deinstalliere ich den firefox

firefox de- und neu instal hat super funktioniert, läuft jetzt wieder gut! danke!

markusg 21.01.2013 20:43
hi
wenn es keine Probleme mehr gibt:
öffne OTL, bereinigen, pc startet neu, Remover werden gelöscht.

Lösche über gebliebene Remover, Logs, Setups, leere den Papierkorb.

PC absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

siskat 22.01.2013 17:09
Code:
SEHOP aktivieren:

Aktivieren von SEHOP (Structured Exception Handling Overwrite Protection) in Windows-Betriebssystemen
Klicke auf "Feature automatisch aktivieren" und folge den Anweisungen.
Code:
Um eine automatische Aktivierung des Features durchzuführen, klicken Sie auf den Link Problem beheben. Klicken Sie anschließend im Dialogfeld Dateidownload auf Ausführen, und befolgen Sie die Schritte im Assistenten.

Problem beheben
Microsoft Fix it 50096


Hinweise

    Der Assistent ist nur für Windows Vista Service Pack 1 und Windows Server 2008 bestimmt.
    Dieser Assistent ist möglicherweise nur in Englisch verfügbar, die automatische Korrektur funktioniert aber auch für andere Sprachversionen von Windows.
    Wenn Sie sich nicht an dem Computer befinden, auf dem das Problem auftritt, können Sie die automatische Korrektur auf ein Flashlaufwerk oder eine CD speichern und anschließend auf dem vom Problem betroffenen Computer ausführen.
ok habs installiert..und dann? da steht :
the microsoft fix it has been processed
da kann ich 3 buttons klicken:
1. click to tell what u think
2. online help
3. read more
...oder close button

hab online help und read more geschaut....da steht was von support und problembereich auswählen :confused:
was soll ich da machen?

ich werde den avast verwenden..
runtergeladen hab ich ihn schon...hab noch nicht installiert. soll ich ganz normal installieren? oder muss ich da auch schon gewisse sachen einstellen?

lg

markusg 22.01.2013 17:13
klicke close.
bevor du avast instalierst, bisheriges AV löschen, ganz normal instalieren, keine extra Konfiguration nötig

siskat 22.01.2013 18:10
ok update einstellungen hab ich mal gemacht und avast installier ich grad..

google chrome mag ich nicht nehmen , is mir voll unsympatisch.
was hätte das für vorteile bzw warum soll man das benutzen?

aja übrigens: browse to save is besiegt q=D dankedankedanke!

markusg 22.01.2013 18:11
hast du den chrome schon getestet? er bietet einige sicherheitsfeatures und sollte auch schneller sein als die meisten andern, ist momentan mit der sicherste Browser.
adblock für chrome:
http://filepony.de/download-adblock_chrome/
damit sollte das leben werbefreier von statten gehen.
ghostery um tracking zu verhindern:
http://filepony.de/download-ghostery_chrome/
HTTPS Everywhere
https://chrome.google.com/webstore/d...jekcdonpmejbdp
wählt, wenn möglich, eine sichere Verbindung
sicher surfen mit chrome:
Sicher surfen mit Google Chrome | Verbraucher sicher online

siskat 22.01.2013 19:21
okok hab mich deinem tip mal angenommen und ich glaub dir natürlich auch dass chrome sehr sicher und schnell ist
ABER
also hab ihn mir geladen und geschaut. hab aber festgestellt dass ich da ein google konto brauche und damit komm ich nicht klar...google is watching you und erst recht mit konto :heulen:


bei DEP:
da blick ich gar nicht durch....welche programme soll ich denn der datenausführungsverhinderungs-ausnahmen-liste hinzufügen?
oder soll ich das erst mal leer lassen und halt nach und nach schaun wo was blockiert wird und dann dazufügen?

markusg 22.01.2013 19:26
bei dep nichts eintragen.
ein google konto brauchst du nicht.
wo steht, dass du ein konto benötigst?
ein Konto brauchst du nur, wenn du zb lesezeichen syncronisieren wolltest

siskat 22.01.2013 19:46
aah ok ja das wollt ich gg

also bei dep lasse ich den haken bei 1.

1. datenausführungsverhinderung nur für erforderliche windows-programme und -dienste einschalten

oder

2. [...] mit ausnahme der ausgewählten einschalten

so ich bin platt für heute..mir raucht der kopf gg

chrome check ich dann morgen
und dann geh ich auch die liste weiter durch


sorry dass ich so viel deiner zeit beanspruche aba ich bin halt leider ein noob :rolleyes:

riesen D A N K E schonmal und angenehmen abend wünsch ich noch =)

grüsleins
kathrin

markusg 23.01.2013 12:45
hi
bei dep option 2 wählen.
nichts eintragen.

siskat 23.01.2013 13:36
tweakUI funktioniert nicht : tweakUI konnte nicht gefunden werden

bei direktem versuch setup auszuführen : cannot setup microsoft windowa power toys

markusg 23.01.2013 18:57
versuch mal die dazugehörige exe einzutragen bei dep
ich würd eh auf solchen tuning quatsch verzichten.
guck mal hier:
C:\WINDOWS\system32\TweakUI.exe
könnte auch unter programme laufen

siskat 31.01.2013 11:56
hello markus,

bin grad voll im umzugsstress deshalb liegt das hier grad mal still..

ich mach weiter wenn alles erledigt ist ;)

greetings
kat

markusg 31.01.2013 12:30
mach einfach, wie du Zeit hast.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131