Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen (https://www.trojaner-board.de/133820-trojaner-heur-exploit-java-cve-2012-0507-gen.html)

tseb 16.04.2013 21:26
Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen
 
Hallo,

habe vorgerstern eine vollständige Systemuntersuchung durch Kaspersky durchgeführt. Hierbei wurde folgende "Malware" gefunden:

HEUR:Exploit.Java.CVE-2012-0507.gen

Der Status steht auf "gefunden, nicht verarbeitet". Ich glaube unmittelbar nach der Systemuntersuchung ergänzte Kaspersky auch "irreparabel". Löschen kann ich den Trojaner also nicht.

Was mir am PC aufgefallen ist in den letzten Tagen / Wochen:
- Videos (YouTube) laden sehr langsam
- Bilder in eBay lassen sich nicht öffen bzw. werden nicht angezeigt (geht mittlerweile wieder)
- sehr viele Spam-Emails in meinem web.de-Postfach (hatte ich früher eigentlich nie Probleme mit), Betreff immer ganz profan: "Hi" oder so in der Art, wurde aber immer als Spam erkannt und sofort gelöscht, nie geöffnet

Was kann ich jetzt tun? Ich bin leider kein Experte was Comuter angeht (wenn möglich nicht mit Fachbegriffen erklären :lach:)

Gruß

cosinus 17.04.2013 14:52
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

tseb 17.04.2013 20:25
Liste der Anhänge anzeigen (Anzahl: 2)
Hallo cosinus,

ja, wenn ich unter "Erkannte Bedrohungen" gehe wird einiges aus der Vergangenheit aufgelistet (wurde aber von Kaspersky immer auf "Inaktiv" gesetzt, die o.g. Malware ist die erste die als "Gefunden, nicht verarbeitet" angezeigt wird. Ist einiges, hier ein Screenshot:
(wie kann ich in Kaspersky den genauen Bericht zum Fund aufrufen und hier einstellen?)

cosinus 18.04.2013 12:57
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

tseb 18.04.2013 22:38
Hallo cosinus,

hier die beiden Logfiles:OTL Logfile:
Code:
OTL logfile created on: 4/18/2013 11:14:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\XYZ\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 56.85% Memory free
6.00 Gb Paging File | 4.32 Gb Available in Paging File | 72.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890.41 Gb Total Space | 803.84 Gb Free Space | 90.28% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
 
Computer Name: XYZ | User Name: XYZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XYZ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\BackStage.exe (Conduit Ltd.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                          )
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB04
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{432C657B-AB37-491E-8C53-C4B369D39B1B}: "URL" = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{4D3A3268-0704-4E74-8AF4-A180761461D7}: "URL" = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE415
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{A291A10C-3FC2-4308-A71D-A28B9849B72A}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB04
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{C31C8515-CC6B-4FA7-B621-A7AA4DE7497E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{FC3A14B0-228A-4D08-988E-AEBAC666BE78}: "URL" = hxxp://go.mail.com/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/21 19:05:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/01/21 19:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/01/21 22:13:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\toolbar@web.de: C:\Program Files\WEB.DE Toolbar IE8\Firefox\WEBDE_toolbar [2011/03/30 12:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/30 18:47:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/10/30 18:47:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/10/30 18:47:57 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB_DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1463205399-554048611-282685520-1000..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF3F26A8-CAA2-45C6-9B8B-7AC9D5B5A0FF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{62f5894c-976f-11e1-932c-6c626d5ce55e}\Shell - "" = AutoRun
O33 - MountPoints2\{62f5894c-976f-11e1-932c-6c626d5ce55e}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/18 22:14:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XYZ\Desktop\OTL.exe
[2013/04/10 18:28:28 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/04/10 18:28:25 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/04/10 18:28:25 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/04/10 18:28:24 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/04/10 18:28:20 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013/04/10 18:28:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013/04/10 18:28:10 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/10 18:28:10 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/04/10 18:28:09 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/04/10 18:28:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/04/10 18:28:09 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/04/10 18:28:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/10 18:28:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/10 18:28:08 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/10 18:28:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/04/10 18:28:08 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/10 18:28:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/04/10 18:28:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/04/04 10:07:59 | 000,000,000 | R--D | C] -- C:\Users\XYZ\Desktop
[2013/04/03 22:30:35 | 000,000,000 | ---D | C] -- C:\Users\XYZ\Auto
[2013/03/28 21:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Becker Content Manager
[2013/03/26 19:38:19 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[211 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/18 23:17:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/18 22:14:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XYZ\Desktop\OTL.exe
[2013/04/18 22:11:38 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/18 22:11:38 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/18 22:04:15 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/18 22:04:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/18 22:03:53 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/11 23:25:54 | 000,693,922 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2013/04/11 23:25:54 | 000,691,660 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013/04/11 23:25:54 | 000,690,194 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013/04/11 23:25:54 | 000,689,576 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2013/04/11 23:25:54 | 000,679,810 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2013/04/11 23:25:54 | 000,654,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/04/11 23:25:54 | 000,632,648 | ---- | M] () -- C:\Windows\System32\perfh00E.dat
[2013/04/11 23:25:54 | 000,616,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/11 23:25:54 | 000,610,670 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2013/04/11 23:25:54 | 000,148,520 | ---- | M] () -- C:\Windows\System32\perfc00E.dat
[2013/04/11 23:25:54 | 000,137,272 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2013/04/11 23:25:54 | 000,135,050 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013/04/11 23:25:54 | 000,133,962 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2013/04/11 23:25:54 | 000,133,150 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013/04/11 23:25:54 | 000,130,208 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/04/11 23:25:54 | 000,127,354 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2013/04/11 23:25:54 | 000,121,736 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2013/04/11 23:25:54 | 000,106,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/10 20:44:17 | 000,368,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/04 00:49:24 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat
[2013/03/28 21:50:07 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Becker Content Manager.lnk
[211 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/04 00:49:24 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2013/03/28 21:50:07 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Becker Content Manager.lnk
[2012/04/14 22:22:34 | 000,000,288 | ---- | C] () -- C:\Users\XYZ\AppData\Roaming\.backup.dm
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Techno Kit
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tables
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\Users\XYZ\AppData\Roaming\System Image Utility
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\Users\XYZ\AppData\Roaming\Synth Textures
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\Users\XYZ\AppData\Roaming\Synth Pads
[2012/03/18 18:02:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/03/18 18:02:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/03/18 18:02:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Vocal Transformer
[2012/03/18 18:02:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\User Pictures
[2012/03/18 18:02:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\URLs
[2012/03/18 18:02:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/01/14 19:53:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012/01/07 23:15:01 | 000,004,096 | -H-- | C] () -- C:\Users\XYZ\AppData\Local\keyfile3.drm
[2011/12/27 22:33:11 | 000,017,408 | ---- | C] () -- C:\Users\XYZ\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


:kaffee: :kaffee: :kaffee:

Hier der 2.:OTL Logfile:
Code:
OTL Extras logfile created on: 4/18/2013 11:14:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\XYZ\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 56.85% Memory free
6.00 Gb Paging File | 4.32 Gb Available in Paging File | 72.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890.41 Gb Total Space | 803.84 Gb Free Space | 90.28% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
 
Computer Name: XYZ | User Name: XYZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B74180-D76A-4C8F-A6F6-3103E109E941}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07646CDD-4BD2-4800-94BF-8D1DDF9C754B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C96CB0D-2A7A-4A88-AFE0-BA38E61B4FE9}" = rport=445 | protocol=6 | dir=out | app=system |
"{1310D265-A30C-4FCE-9A40-94039462C0CD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1ABA908A-78FE-4717-8768-7E751053645B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BCF41E0-8F66-4F4A-A7C7-ABA7FB11B270}" = rport=138 | protocol=17 | dir=out | app=system |
"{30FCB229-31D0-4705-AD07-8B7E61490568}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5787F921-5431-4BA2-A3E2-0FAD3C661A8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D2B11F8-A097-4992-A229-DC6AA51A9A22}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73BC6293-9162-4966-82B4-3042E2D74DEB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7714FED0-79FC-4D57-B4DD-B98B4A1A9DC6}" = lport=139 | protocol=6 | dir=in | app=system |
"{7B3AE9FE-3D74-4F90-B772-FF9ABF0FC216}" = lport=138 | protocol=17 | dir=in | app=system |
"{8C1A9568-F520-4BBC-AB24-8B809B571F84}" = lport=445 | protocol=6 | dir=in | app=system |
"{93D50508-69FE-4C5E-B532-0C511EB50E75}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9ACDED70-11A1-4D4C-8ECD-A482449B92AA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0CC27A7-9A11-4826-925A-6F85F9A33CAF}" = rport=139 | protocol=6 | dir=out | app=system |
"{A15040A5-2E7D-47D3-B496-55133D56F708}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A35DC2EA-9E0D-4F08-8681-48AD467A2981}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF10D220-3861-4641-BCDB-ACFA81EDF20A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3F7F406-992C-4FD0-B448-970A8BAABB26}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D964598F-3CD9-4F7E-BB08-767C59DCB4A4}" = rport=137 | protocol=17 | dir=out | app=system |
"{DE2E95B6-C0E2-4763-9E92-2496398CEE48}" = lport=137 | protocol=17 | dir=in | app=system |
"{DFEABD30-BFC3-4CCE-A191-7C4D90990D82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F66BCFBD-B2E1-443A-AE50-D696DE926991}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC471ED0-36BF-403A-98C6-924DDDA231A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053BC0F2-836E-4A84-B8F6-7A6A083BE34E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{056F4C23-7EB4-468C-AD6E-11CD8DCEE687}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{087EFD99-E62A-4F9F-84EA-5F639E1BA320}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0972544F-A9EF-4820-A959-BC5652A47D61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B5B3474-02D5-41FB-8BE7-1A00B93CB5BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0DD76F02-0CB6-4CEE-965F-16849E1338F5}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{18D5E152-030D-433B-8459-F85965F86922}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1E8312E3-AD9C-4571-81CA-096E569236F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{26B4EB06-280F-4994-B6CC-B3DA46B68444}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{2B14787F-8F01-49ED-9062-8067830607BF}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{2F1F19AA-2CC0-4CF2-A561-4F7E64587125}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{34307912-13DA-47F9-84BD-EEFC76C89661}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4342EE36-DF66-48A8-BF20-4E7C975ADC6F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{47113460-FF6D-44AB-A9F0-8CD28615B7DC}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{57B951B6-CC36-4F94-9D41-52F345B58648}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5BC15063-A98C-42EF-8687-F2C22B1E6D91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BFE8A42-CCD1-4057-8B4D-DF256BE8C2FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6F2811AE-0F27-4702-9F6F-3C9333937DD9}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{6F71CB98-89D4-4E4D-B6A8-18EB3F758F9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{708A2176-7AFC-4F3E-8458-55C8DF4B08F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9BF3B4EF-16AF-4778-874A-5D57E96D710B}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{9D9FCCDC-E783-484A-B2CE-DBF502633089}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1AC82B1-4E9F-49D1-896E-27467F231803}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A60207D4-5143-47B2-BEB6-1CD7EC4F8017}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{AFE24910-1896-442A-A6D7-335F4C877CB1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B5197E2F-C93E-449B-A3FB-0C37728F25F8}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{BAF72E62-8F83-4521-9CC8-5D5DEB333F70}" = protocol=6 | dir=out | app=system |
"{C1EF6C8D-FC59-418B-95FE-4931E86AC009}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C687FEEC-0745-40B9-81DB-A81853269CF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D0CAABE8-6F10-45E2-95D6-6EB995F26B48}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{DC23138F-AB29-4B58-BCCD-F6B2B4D8BD89}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{F9063565-9DE5-418F-986D-848F6E68A389}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD006F46-67D8-44BB-986F-3772F16FD129}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28F11027-A8BC-44D3-A59A-CA018ED73E8C}" = Compact&Easy
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80D847BF-3610-4BE4-9F05-970BADEADB9A}" = Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CA7DA5E-B8BD-4E9F-A6F2-BAF53D503498}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{BE7785D6-045F-44FB-A1E4-3FA555874415}" = pdfforge Toolbar v7.0
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{EB788378-C27A-468F-BEAC-00C123D216E6}" = WEB.DE Toolbar MSVC90 CRT
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Becker Content Manager" = Becker Content Manager 5.20.1008
"Content Manager 2" = Content Manager 2
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"ICQToolbar" = ICQ Toolbar
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/12/2013 2:55:47 PM | Computer Name = XYZ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.17267,
 Zeitstempel: 0x51317269  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000004  ID des fehlerhaften
 Prozesses: 0x14c4  Startzeit der fehlerhaften Anwendung: 0x01ce37aeda71f89a  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 9563d935-a3a2-11e2-92d1-6c626d5ce55e
 
Error - 4/12/2013 3:27:42 PM | Computer Name = XYZ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.17267,
 Zeitstempel: 0x51317269  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000004  ID des fehlerhaften
 Prozesses: 0xbac  Startzeit der fehlerhaften Anwendung: 0x01ce37af57feb79d  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 0b21c64b-a3a7-11e2-92d1-6c626d5ce55e
 
Error - 4/12/2013 3:47:16 PM | Computer Name = XYZ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.17267,
 Zeitstempel: 0x51317269  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000004  ID des fehlerhaften
 Prozesses: 0x127c  Startzeit der fehlerhaften Anwendung: 0x01ce37b60e9df6ac  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: c6c3603a-a3a9-11e2-92d1-6c626d5ce55e
 
Error - 4/14/2013 11:22:35 PM | Computer Name = XYZ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Spigot\Search Settings\SearchSettings64.exe".  Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 4/15/2013 1:08:41 AM | Computer Name = XYZ | Source = VSS | ID = 13
Description =
 
Error - 4/15/2013 1:08:41 AM | Computer Name = XYZ | Source = VSS | ID = 8193
Description =
 
Error - 4/15/2013 1:08:41 AM | Computer Name = XYZ | Source = VSS | ID = 13
Description =
 
Error - 4/15/2013 1:08:41 AM | Computer Name = XYZ | Source = VSS | ID = 8193
Description =
 
Error - 4/16/2013 4:11:52 PM | Computer Name = XYZ | Source = Application Hang | ID = 1002
Description = Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 128c    Startzeit: 01ce3ad73a94ae92    Endzeit: 0    Anwendungspfad:
C:\Windows\system32\rundll32.exe    Berichts-ID: 
 
Error - 4/16/2013 4:11:52 PM | Computer Name = XYZ | Source = Application Hang | ID = 1002
Description = Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 9cc    Startzeit: 01ce3ad73cb106f0    Endzeit: 0    Anwendungspfad: C:\Windows\system32\rundll32.exe

Berichts-ID:
 
 
[ System Events ]
Error - 4/14/2013 11:37:31 PM | Computer Name = XYZ | Source = Microsoft-Windows-LanguagePackSetup | ID = 1043
Description = Das Sprachpaket für tr-TR kann von CBS nicht entfernt werden. Zurückgegebener
 CBS-Fehlercode: 0x80073701.
 
Error - 4/14/2013 11:38:32 PM | Computer Name = XYZ | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description = CBS-Fehler 0x80073701 '' bei Verwendung des Benutzeroberflächen-Sprachpakets
 für hu-HU.
 
Error - 4/14/2013 11:38:32 PM | Computer Name = XYZ | Source = Microsoft-Windows-LanguagePackSetup | ID = 1043
Description = Das Sprachpaket für hu-HU kann von CBS nicht entfernt werden. Zurückgegebener
 CBS-Fehlercode: 0x80073701.
 
Error - 4/15/2013 1:08:15 AM | Computer Name = XYZ | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7
 
Error - 4/16/2013 4:30:53 PM | Computer Name = XYZ | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7
 
Error - 4/17/2013 3:02:20 PM | Computer Name = XYZ | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?04.?2013 um 22:30:16 unerwartet heruntergefahren.
 
Error - 4/17/2013 3:24:55 PM | Computer Name = XYZ | Source = DCOM | ID = 10016
Description =
 
Error - 4/17/2013 3:24:55 PM | Computer Name = XYZ | Source = DCOM | ID = 10016
Description =
 
Error - 4/17/2013 5:43:06 PM | Computer Name = XYZ | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7
 
Error - 4/18/2013 4:04:04 PM | Computer Name = XYZ | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?04.?2013 um 23:43:08 unerwartet heruntergefahren.
 
 
< End of report >
--- --- ---

cosinus 19.04.2013 01:03
Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

tseb 19.04.2013 21:41
Hallo,

Schritt 1) Rootkitscan mit GMER hat funkioniert.

Zu Schritt 2) Malwarebytes Anti-Rootkit (MBAR) habe ich Fragen / Verständnisprobleme. Ich habe das MBAR auf dem Desktop gespeichert. Es ist ein ZIP-Ordner.

Was meinst du mit "Entpacke das Archiv auf deinem Desktop"? Das verstehe ich nicht. Dann: "Im neu erstellten Ordner starte bitte die mbar.exe" - meinst du in diesem ZIP-Ordner die Anwendung mbar? Wenn ich das drücke wird angezeigt, dass die Dateien vorher extrahiert werden müssen (was heißt das)?

cosinus 20.04.2013 17:18
Zitat:
Schritt 1) Rootkitscan mit GMER hat funkioniert.
Und wo ist das Log?

Zitat:
Was meinst du mit "Entpacke das Archiv auf deinem Desktop"? Das verstehe ich nicht
Hast du noch nie was von komprimierten Dateien gehört? :confused:
Zb ZIP-Dateiformat ? Wikipedia oder 7-Zip ? Wikipedia

7zip Download: mit 7-Zip Dateien packen und entpacken

http://uckanleitungen.de/7-zip/snapshots/7-zip10.png

tseb 20.04.2013 18:01
Hier das Log zu Schritt 1:

GMER Logfile:
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-19 21:54:26
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JP4O 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\XYZ\AppData\Local\Temp\uxlcypod.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwAdjustPrivilegesToken [0x8CCDD392]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwAlpcConnectPort [0x8CCF824A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwAlpcCreatePort [0x8CCF8580]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwAlpcSendWaitReceivePort [0x8CCF88F6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwClose [0x8CCDDE0C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwConnectPort [0x8CCF7F32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwCreateEvent [0x8CCDE37E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwCreateMutant [0x8CCDE26C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwCreatePort [0x8CCF83F0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwCreateSection [0x8CCDD14E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwCreateSemaphore [0x8CCDE496]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwCreateThread [0x8CCDD9C2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwCreateThreadEx [0x8CCDDB32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwCreateUserProcess [0x8CCDE5AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwCreateWaitablePort [0x8CCF84B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwDebugActiveProcess [0x8CCDE856]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwDeviceIoControlFile [0x8CCDDE4E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwDuplicateObject [0x8CCDF858]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwLoadDriver [0x8CCDE948]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwMapViewOfSection [0x8CCDEEB4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwNotifyChangeKey [0x8CCF6722]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwOpenEvent [0x8CCDE410]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwOpenMutant [0x8CCDE2F8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwOpenProcess [0x8CCDD5CC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwOpenSection [0x8CCDEC98]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwOpenSemaphore [0x8CCDE528]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwOpenThread [0x8CCDD4C0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwQueryDirectoryObject [0x8CCDE664]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwQueryObject [0x8CCF691A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwQuerySection [0x8CCDF1DA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwQueueApcThread [0x8CCDEAE8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwReplyPort [0x8CCF86E4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwReplyWaitReceivePort [0x8CCF8632]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwRequestWaitReplyPort [0x8CCF8750]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwResumeThread [0x8CCDF6FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwSecureConnectPort [0x8CCF80BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwSetContextThread [0x8CCDDCAC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwSetInformationToken [0x8CCDE702]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwSetSystemInformation [0x8CCDF32A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwSuspendProcess [0x8CCDF41E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwSuspendThread [0x8CCDF558]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwSystemDebugControl [0x8CCDE778]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwTerminateProcess [0x8CCDD76C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwTerminateThread [0x8CCDD6C2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwUnmapViewOfSection [0x8CCDF092]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                          ZwWriteVirtualMemory [0x8CCDD858]

---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!ZwRollbackTransaction + 13F9                                                                      83487829 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                          834AC132 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!RtlSidHashLookup + 230                                                                            834B3910 4 Bytes  [92, D3, CD, 8C]
.text          ntkrnlpa.exe!RtlSidHashLookup + 258                                                                            834B3938 8 Bytes  [4A, 82, CF, 8C, 80, 85, CF, ...]
.text          ntkrnlpa.exe!RtlSidHashLookup + 29C                                                                            834B397C 4 Bytes  [F6, 88, CF, 8C]
.text          ntkrnlpa.exe!RtlSidHashLookup + 2C8                                                                            834B39A8 4 Bytes  [0C, DE, CD, 8C] {OR AL, 0xde; INT 0x8c}
.text          ntkrnlpa.exe!RtlSidHashLookup + 2EC                                                                            834B39CC 4 Bytes  [32, 7F, CF, 8C]
.text          ...                                                                                                           
.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                                        section is writeable [0x92C31000, 0x2FBAB4, 0xE8000020]

---- User code sections - GMER 2.1 ----

?              C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1964] C:\Windows\SYSTEM32\ntdll.dll    time/date stamp mismatch;
.text          C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1964] ntdll.dll!NtProtectVirtualMemory  77465000 5 Bytes  JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll
?              C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1964] C:\Windows\system32\kernel32.dll  time/date stamp mismatch; unknown module: KERNELBASE.dll
.text          C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1964] USER32.dll!NotifyWinEvent + 48B  76B8F724 4 Bytes  [E0, 13, 54, 67]
?              C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2560] C:\Windows\SYSTEM32\ntdll.dll    time/date stamp mismatch;
.text          C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2560] ntdll.dll!NtProtectVirtualMemory  77465000 5 Bytes  JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll
?              C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2560] C:\Windows\system32\kernel32.dll  time/date stamp mismatch; unknown module: KERNELBASE.dll
.text          C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2560] USER32.dll!NotifyWinEvent + 48B  76B8F724 4 Bytes  [E0, 13, 54, 67]
.text          C:\Program Files\Internet Explorer\iexplore.exe[2796] ADVAPI32.dll!RegSetValueExA                              76E21B96 5 Bytes  JMP 5A67BDF0 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text          C:\Program Files\Internet Explorer\iexplore.exe[2796] ADVAPI32.dll!RegSetValueExW                              76E21C82 6 Bytes  JMP 6A8615A4 C:\Program Files\Common Files\Spigot\Search Settings\wth160.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[2796] ADVAPI32.dll!RegSetValueW                                76E3FA72 6 Bytes  JMP 5A67BD70 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text          C:\Program Files\Internet Explorer\iexplore.exe[2796] ADVAPI32.dll!RegSetValueA                                76E6F529 5 Bytes  JMP 5A67BD00 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text          C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!CreateWindowExW                                76B80E51 5 Bytes  JMP 69A58177 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxIndirectParamW                        76BA4AA7 5 Bytes  JMP 69B81FE8 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!TrackPopupMenu                                76BA4B3B 5 Bytes  JMP 5A675D00 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text          C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxParamW                                76BA564A 5 Bytes  JMP 5A671380 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text          C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!TrackPopupMenuEx                              76BA5F72 5 Bytes  JMP 5A675D80 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text          C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxParamA                                76BBCF6A 5 Bytes  JMP 69B81F85 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxIndirectParamA                        76BBD29C 5 Bytes  JMP 69B8204B C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxIndirectA                            76BCE8C9 5 Bytes  JMP 69B81F1A C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxIndirectW                            76BCE9C3 5 Bytes  JMP 69B81EAF C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxExA                                  76BCEA29 5 Bytes  JMP 69B81E4D C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxExW                                  76BCEA4D 5 Bytes  JMP 69B81DEB C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] ADVAPI32.dll!RegSetValueExA                              76E21B96 5 Bytes  JMP 5A67BDF0 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] ADVAPI32.dll!RegSetValueExW                              76E21C82 6 Bytes  JMP 6A8615A4 C:\Program Files\Common Files\Spigot\Search Settings\wth160.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CreateDialogParamW                            76B79BFF 5 Bytes  JMP 699AC5A8 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!EnableWindow                                  76B7A72E 5 Bytes  JMP 699AC523 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!GetAsyncKeyState                              76B7C09A 5 Bytes  JMP 6996D6D9 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!UnhookWindowsHookEx                            76B7CC7B 5 Bytes  JMP 69A683A2 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CallNextHookEx                                76B7CC8F 5 Bytes  JMP 69A49D5C C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CreateWindowExW                                76B80E51 5 Bytes  JMP 69A58177 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!SetWindowsHookExW                              76B8210A 5 Bytes  JMP 69A0464B C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!GetKeyState                                    76B84FDA 5 Bytes  JMP 699AD79A C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!IsDialogMessageW                              76B86F06 5 Bytes  JMP 69974274 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CreateDialogParamA                            76B93E79 5 Bytes  JMP 69B82BE9 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!IsDialogMessage                                76B9407A 5 Bytes  JMP 69B8248A C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CreateDialogIndirectParamA                    76B99110 5 Bytes  JMP 69B82C20 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CreateDialogIndirectParamW                    76BA08AD 5 Bytes  JMP 69B82C57 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!DialogBoxIndirectParamW                        76BA4AA7 5 Bytes  JMP 69B81FE8 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!TrackPopupMenu                                76BA4B3B 5 Bytes  JMP 5A675D00 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!EndDialog                                      76BA555C 5 Bytes  JMP 69975AD9 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!DialogBoxParamW                                76BA564A 5 Bytes  JMP 5A671380 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!TrackPopupMenuEx                              76BA5F72 5 Bytes  JMP 5A675D80 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!SetKeyboardState                              76BA6B52 5 Bytes  JMP 69B827EF C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!SendInput                                      76BA7055 5 Bytes  JMP 69B833B4 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!SetCursorPos                                  76BBC1D8 5 Bytes  JMP 69B8340C C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!DialogBoxParamA                                76BBCF6A 5 Bytes  JMP 69B81F85 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!DialogBoxIndirectParamA                        76BBD29C 5 Bytes  JMP 69B8204B C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!MessageBoxIndirectA                            76BCE8C9 5 Bytes  JMP 69B81F1A C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!MessageBoxIndirectW                            76BCE9C3 5 Bytes  JMP 69B81EAF C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!MessageBoxExA                                  76BCEA29 5 Bytes  JMP 69B81E4D C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!MessageBoxExW                                  76BCEA4D 5 Bytes  JMP 69B81DEB C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!keybd_event                                    76BCEC9B 5 Bytes  JMP 69B8373F C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] SHELL32.dll!SHChangeNotification_Lock + 45BA              7590B440 4 Bytes  [11, 36, 05, 6B]
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] SHELL32.dll!SHChangeNotification_Lock + 45C2              7590B448 8 Bytes  [5F, 35, 05, 6B, D0, 73, 04, ...] {POP EDI; XOR EAX, 0x73d06b05; ADD AL, 0x6b}
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] ole32.dll!OleLoadFromStream                              772C5BF6 3 Bytes  JMP 69B82346 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] ole32.dll!OleLoadFromStream + 4                          772C5BFA 1 Byte  [F2]
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] ole32.dll!CoCreateInstance                                7731590C 5 Bytes  JMP 69A58C65 C:\Windows\system32\IEFRAME.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!closesocket                                    76F93BED 5 Bytes  JMP 5F6141DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!socket                                        76F93F00 5 Bytes  JMP 5F61354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!recv                                          76F947DF 5 Bytes  JMP 5F614549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!connect                                        76F948BE 5 Bytes  JMP 5F6135DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!getaddrinfo                                    76F96737 5 Bytes  JMP 5F613704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
.text          C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!send                                          76F9C4C8 5 Bytes  JMP 5F613B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                        kl1.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                                        kl1.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                      kl1.sys

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                          unknown MBR code

---- EOF - GMER 2.1 ----
--- --- ---


:kaffee: :kaffee: :kaffee:

Schritt 2): Es wurde keine Malware gefunden! WIe kann das denn sein? Hier das Logfile dazu:


Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.20.08

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
XYZ :: XYZ [administrator]

20.04.2013 18:56:45
mbar-log-2013-04-20 (18-56-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30405
Time elapsed: 14 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus 20.04.2013 18:03
aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

tseb 20.04.2013 22:17
Gibt es in diesen Protokollen außer dem Namen noch weitere Daten die zwecks Datenschutz zu entfernen sind wenn ich sie hier einstelle?

aswMBR:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-20 22:44:34
-----------------------------
22:44:34.436 OS Version: Windows 6.1.7600
22:44:34.436 Number of processors: 2 586 0x170A
22:44:34.436 ComputerName: XYZ UserName:
22:44:38.446 Initialize success
22:52:52.689 AVAST engine defs: 13042000
23:06:32.408 The log file has been saved successfully to "C:\Users\XYZ\Desktop\aswMBR.txt"




TDSS-Killer:

23:08:21.0 4804 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:08:21.0950 4804 ============================================================
23:08:21.0950 4804 Current date / time: 2013/04/20 23:08:21.0950
23:08:21.0950 4804 SystemInfo:
23:08:21.0950 4804
23:08:21.0950 4804 OS Version: 6.1.7600 ServicePack: 0.0
23:08:21.0950 4804 Product type: Workstation
23:08:21.0950 4804 ComputerName: XYZ
23:08:21.0950 4804 UserName: XYZ
23:08:21.0950 4804 Windows directory: C:\Windows
23:08:21.0950 4804 System windows directory: C:\Windows
23:08:21.0950 4804 Processor architecture: Intel x86
23:08:21.0950 4804 Number of processors: 2
23:08:21.0950 4804 Page size: 0x1000
23:08:21.0950 4804 Boot type: Normal boot
23:08:21.0950 4804 ============================================================
23:08:22.0543 4804 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:08:22.0543 4804 ============================================================
23:08:22.0543 4804 \Device\Harddisk0\DR0:
23:08:22.0543 4804 MBR partitions:
23:08:22.0543 4804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:08:22.0543 4804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F4D3000
23:08:22.0543 4804 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6F505800, BlocksNum 0x5000000
23:08:22.0543 4804 ============================================================
23:08:22.0574 4804 C: <-> \Device\Harddisk0\DR0\Partition2
23:08:22.0637 4804 D: <-> \Device\Harddisk0\DR0\Partition3
23:08:22.0637 4804 ============================================================
23:08:22.0637 4804 Initialize success
23:08:22.0637 4804 ============================================================
23:08:38.0097 6284 ============================================================
23:08:38.0097 6284 Scan started
23:08:38.0097 6284 Mode: Manual;
23:08:38.0097 6284 ============================================================
23:08:39.0704 6284 ================ Scan system memory ========================
23:08:39.0704 6284 System memory - ok
23:08:39.0704 6284 ================ Scan services =============================
23:08:39.0923 6284 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:08:39.0923 6284 1394ohci - ok
23:08:40.0063 6284 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:08:40.0063 6284 ACDaemon - ok
23:08:40.0125 6284 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
23:08:40.0125 6284 ACPI - ok
23:08:40.0172 6284 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
23:08:40.0188 6284 AcpiPmi - ok
23:08:40.0297 6284 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:08:40.0297 6284 adp94xx - ok
23:08:40.0391 6284 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:08:40.0391 6284 adpahci - ok
23:08:40.0453 6284 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:08:40.0469 6284 adpu320 - ok
23:08:40.0500 6284 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:08:40.0500 6284 AeLookupSvc - ok
23:08:40.0625 6284 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
23:08:40.0625 6284 AFD - ok
23:08:40.0656 6284 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
23:08:40.0718 6284 agp440 - ok
23:08:40.0734 6284 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
23:08:40.0749 6284 aic78xx - ok
23:08:40.0765 6284 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
23:08:40.0765 6284 ALG - ok
23:08:40.0781 6284 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
23:08:40.0812 6284 aliide - ok
23:08:40.0827 6284 [ 60201AD353105D8C6796C1B69E6C49F0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:08:40.0843 6284 AMD External Events Utility - ok
23:08:40.0859 6284 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
23:08:40.0874 6284 amdagp - ok
23:08:40.0905 6284 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
23:08:40.0921 6284 amdide - ok
23:08:40.0937 6284 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:08:40.0952 6284 AmdK8 - ok
23:08:41.0061 6284 [ 51610B74A9A1D84DC86FCE1019BEAFF4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:08:41.0108 6284 amdkmdag - ok
23:08:41.0124 6284 [ CD1D86AB81EECE67D7BD6F7EF9786CCC ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:08:41.0139 6284 amdkmdap - ok
23:08:41.0155 6284 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:08:41.0155 6284 AmdPPM - ok
23:08:41.0186 6284 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:08:41.0233 6284 amdsata - ok
23:08:41.0264 6284 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:08:41.0264 6284 amdsbs - ok
23:08:41.0280 6284 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:08:41.0280 6284 amdxata - ok
23:08:41.0295 6284 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
23:08:41.0295 6284 AppID - ok
23:08:41.0327 6284 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:08:41.0327 6284 AppIDSvc - ok
23:08:41.0342 6284 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
23:08:41.0342 6284 Appinfo - ok
23:08:41.0420 6284 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:08:41.0420 6284 Apple Mobile Device - ok
23:08:41.0529 6284 [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
23:08:41.0529 6284 Application Updater - ok
23:08:41.0561 6284 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:08:41.0576 6284 arc - ok
23:08:41.0592 6284 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:08:41.0592 6284 arcsas - ok
23:08:41.0607 6284 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:08:41.0607 6284 AsyncMac - ok
23:08:41.0639 6284 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
23:08:41.0639 6284 atapi - ok
23:08:41.0701 6284 [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
23:08:41.0732 6284 AtiHdmiService - ok
23:08:41.0763 6284 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:08:41.0763 6284 AudioEndpointBuilder - ok
23:08:41.0779 6284 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:08:41.0779 6284 Audiosrv - ok
23:08:41.0810 6284 AVP - ok
23:08:41.0826 6284 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:08:41.0826 6284 AxInstSV - ok
23:08:41.0857 6284 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
23:08:41.0888 6284 b06bdrv - ok
23:08:41.0904 6284 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:08:41.0919 6284 b57nd60x - ok
23:08:41.0966 6284 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
23:08:41.0966 6284 BDESVC - ok
23:08:41.0982 6284 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
23:08:41.0982 6284 Beep - ok
23:08:41.0997 6284 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
23:08:42.0013 6284 BFE - ok
23:08:42.0044 6284 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
23:08:42.0060 6284 BITS - ok
23:08:42.0075 6284 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:08:42.0075 6284 blbdrive - ok
23:08:42.0122 6284 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:08:42.0138 6284 Bonjour Service - ok
23:08:42.0153 6284 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:08:42.0153 6284 bowser - ok
23:08:42.0185 6284 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:08:42.0247 6284 BrFiltLo - ok
23:08:42.0278 6284 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:08:42.0278 6284 BrFiltUp - ok
23:08:42.0309 6284 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
23:08:42.0309 6284 Browser - ok
23:08:42.0325 6284 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:08:42.0356 6284 Brserid - ok
23:08:42.0387 6284 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:08:42.0419 6284 BrSerWdm - ok
23:08:42.0434 6284 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:08:42.0481 6284 BrUsbMdm - ok
23:08:42.0497 6284 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:08:42.0512 6284 BrUsbSer - ok
23:08:42.0528 6284 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:08:42.0543 6284 BTHMODEM - ok
23:08:42.0559 6284 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
23:08:42.0559 6284 bthserv - ok
23:08:42.0590 6284 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:08:42.0590 6284 cdfs - ok
23:08:42.0621 6284 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:08:42.0621 6284 cdrom - ok
23:08:42.0637 6284 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
23:08:42.0637 6284 CertPropSvc - ok
23:08:42.0653 6284 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:08:42.0668 6284 circlass - ok
23:08:42.0684 6284 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
23:08:42.0684 6284 CLFS - ok
23:08:42.0731 6284 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:08:42.0731 6284 clr_optimization_v2.0.50727_32 - ok
23:08:42.0762 6284 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:08:42.0809 6284 clr_optimization_v4.0.30319_32 - ok
23:08:42.0840 6284 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:08:42.0871 6284 CmBatt - ok
23:08:42.0902 6284 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
23:08:42.0933 6284 cmdide - ok
23:08:42.0965 6284 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
23:08:42.0965 6284 CNG - ok
23:08:42.0980 6284 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:08:42.0996 6284 Compbatt - ok
23:08:43.0043 6284 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:08:43.0043 6284 CompositeBus - ok
23:08:43.0058 6284 COMSysApp - ok
23:08:43.0074 6284 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:08:43.0074 6284 crcdisk - ok
23:08:43.0121 6284 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:08:43.0121 6284 CryptSvc - ok
23:08:43.0183 6284 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:08:43.0199 6284 cvhsvc - ok
23:08:43.0245 6284 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
23:08:43.0261 6284 DcomLaunch - ok
23:08:43.0292 6284 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
23:08:43.0292 6284 defragsvc - ok
23:08:43.0323 6284 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:08:43.0323 6284 DfsC - ok
23:08:43.0339 6284 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:08:43.0355 6284 Dhcp - ok
23:08:43.0370 6284 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
23:08:43.0370 6284 discache - ok
23:08:43.0386 6284 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:08:43.0386 6284 Disk - ok
23:08:43.0417 6284 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:08:43.0417 6284 Dnscache - ok
23:08:43.0417 6284 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
23:08:43.0433 6284 dot3svc - ok
23:08:43.0448 6284 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
23:08:43.0448 6284 DPS - ok
23:08:43.0479 6284 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:08:43.0479 6284 drmkaud - ok
23:08:43.0511 6284 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:08:43.0526 6284 DXGKrnl - ok
23:08:43.0542 6284 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
23:08:43.0542 6284 EapHost - ok
23:08:43.0604 6284 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
23:08:43.0635 6284 ebdrv - ok
23:08:43.0651 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
23:08:43.0651 6284 EFS - ok
23:08:43.0698 6284 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:08:43.0713 6284 ehRecvr - ok
23:08:43.0729 6284 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
23:08:43.0745 6284 ehSched - ok
23:08:43.0776 6284 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:08:43.0807 6284 elxstor - ok
23:08:43.0838 6284 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
23:08:43.0854 6284 ErrDev - ok
23:08:43.0885 6284 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
23:08:43.0901 6284 EventSystem - ok
23:08:43.0916 6284 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
23:08:43.0916 6284 exfat - ok
23:08:43.0932 6284 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:08:43.0932 6284 fastfat - ok
23:08:43.0963 6284 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
23:08:43.0963 6284 Fax - ok
23:08:43.0994 6284 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:08:43.0994 6284 fdc - ok
23:08:44.0010 6284 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
23:08:44.0010 6284 fdPHost - ok
23:08:44.0025 6284 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
23:08:44.0025 6284 FDResPub - ok
23:08:44.0057 6284 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:08:44.0057 6284 FileInfo - ok
23:08:44.0072 6284 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:08:44.0072 6284 Filetrace - ok
23:08:44.0088 6284 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:08:44.0103 6284 flpydisk - ok
23:08:44.0119 6284 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:08:44.0135 6284 FltMgr - ok
23:08:44.0166 6284 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
23:08:44.0166 6284 FontCache - ok
23:08:44.0228 6284 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:08:44.0228 6284 FontCache3.0.0.0 - ok
23:08:44.0244 6284 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:08:44.0244 6284 FsDepends - ok
23:08:44.0275 6284 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:08:44.0275 6284 Fs_Rec - ok
23:08:44.0306 6284 [ 4732E596BB1C50D9F9188C5074EE7782 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:08:44.0306 6284 fvevol - ok
23:08:44.0337 6284 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:08:44.0337 6284 gagp30kx - ok
23:08:44.0369 6284 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:08:44.0369 6284 GEARAspiWDM - ok
23:08:44.0400 6284 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
23:08:44.0415 6284 gpsvc - ok
23:08:44.0447 6284 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:08:44.0462 6284 gupdate - ok
23:08:44.0478 6284 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:08:44.0478 6284 gupdatem - ok
23:08:44.0493 6284 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:08:44.0493 6284 gusvc - ok
23:08:44.0525 6284 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:08:44.0540 6284 hcw85cir - ok
23:08:44.0556 6284 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:08:44.0603 6284 HdAudAddService - ok
23:08:44.0634 6284 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:08:44.0634 6284 HDAudBus - ok
23:08:44.0649 6284 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:08:44.0649 6284 HidBatt - ok
23:08:44.0665 6284 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:08:44.0665 6284 HidBth - ok
23:08:44.0681 6284 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:08:44.0681 6284 HidIr - ok
23:08:44.0712 6284 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
23:08:44.0712 6284 hidserv - ok
23:08:44.0727 6284 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:08:44.0727 6284 HidUsb - ok
23:08:44.0759 6284 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:08:44.0759 6284 hkmsvc - ok
23:08:44.0774 6284 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:08:44.0774 6284 HomeGroupListener - ok
23:08:44.0805 6284 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:08:44.0805 6284 HomeGroupProvider - ok
23:08:44.0821 6284 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
23:08:44.0837 6284 HpSAMD - ok
23:08:44.0852 6284 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:08:44.0852 6284 HTTP - ok
23:08:44.0868 6284 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:08:44.0868 6284 hwpolicy - ok
23:08:44.0915 6284 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:08:44.0915 6284 i8042prt - ok
23:08:44.0930 6284 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:08:44.0930 6284 iaStor - ok
23:08:44.0961 6284 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:08:44.0977 6284 IAStorDataMgrSvc - ok
23:08:44.0993 6284 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:08:44.0993 6284 iaStorV - ok
23:08:45.0055 6284 [ B1A28FA1AFDE10B95FF9354B15701D70 ] ICQ Service C:\Program Files\ICQ6Toolbar\ICQ Service.exe
23:08:45.0071 6284 ICQ Service - ok
23:08:45.0117 6284 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:08:45.0195 6284 IDriverT - ok
23:08:45.0258 6284 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:08:45.0273 6284 idsvc - ok
23:08:45.0398 6284 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
23:08:45.0476 6284 igfx - ok
23:08:45.0507 6284 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:08:45.0539 6284 iirsp - ok
23:08:45.0570 6284 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
23:08:45.0585 6284 IKEEXT - ok
23:08:45.0679 6284 [ F4427E5DF32CDE359B2E2E5512D18001 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:08:45.0788 6284 IntcAzAudAddService - ok
23:08:45.0804 6284 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:08:45.0804 6284 intelide - ok
23:08:45.0835 6284 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:08:45.0835 6284 intelppm - ok
23:08:45.0851 6284 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:08:45.0866 6284 IPBusEnum - ok
23:08:45.0866 6284 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:08:45.0882 6284 IpFilterDriver - ok
23:08:45.0897 6284 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:08:45.0913 6284 iphlpsvc - ok
23:08:45.0929 6284 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:08:46.0038 6284 IPMIDRV - ok
23:08:46.0053 6284 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:08:46.0053 6284 IPNAT - ok
23:08:46.0100 6284 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:08:46.0178 6284 iPod Service - ok
23:08:46.0209 6284 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:08:46.0225 6284 IRENUM - ok
23:08:46.0225 6284 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
23:08:46.0241 6284 isapnp - ok
23:08:46.0272 6284 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:08:46.0272 6284 iScsiPrt - ok
23:08:46.0303 6284 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:08:46.0303 6284 kbdclass - ok
23:08:46.0334 6284 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:08:46.0334 6284 kbdhid - ok
23:08:46.0350 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
23:08:46.0350 6284 KeyIso - ok
23:08:46.0397 6284 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
23:08:46.0397 6284 KL1 - ok
23:08:46.0412 6284 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
23:08:46.0412 6284 kl2 - ok
23:08:46.0443 6284 [ D4C57824767D3ECBD89883A33F4FD87A ] KLIF C:\Windows\system32\DRIVERS\klif.sys
23:08:46.0459 6284 KLIF - ok
23:08:46.0490 6284 [ 6295A19003F935ECC6CCBE9E2376427B ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
23:08:46.0490 6284 KLIM6 - ok
23:08:46.0506 6284 [ 3DE1771C135328420315E21DDE229BBA ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
23:08:46.0506 6284 klmouflt - ok
23:08:46.0537 6284 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:08:46.0537 6284 KSecDD - ok
23:08:46.0553 6284 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:08:46.0553 6284 KSecPkg - ok
23:08:46.0584 6284 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
23:08:46.0584 6284 KtmRm - ok
23:08:46.0615 6284 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
23:08:46.0615 6284 LanmanServer - ok
23:08:46.0646 6284 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:08:46.0646 6284 LanmanWorkstation - ok
23:08:46.0677 6284 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:08:46.0693 6284 lltdio - ok
23:08:46.0693 6284 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:08:46.0709 6284 lltdsvc - ok
23:08:46.0709 6284 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
23:08:46.0709 6284 lmhosts - ok
23:08:46.0740 6284 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:08:46.0740 6284 LSI_FC - ok
23:08:46.0755 6284 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:08:46.0771 6284 LSI_SAS - ok
23:08:46.0787 6284 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:08:46.0802 6284 LSI_SAS2 - ok
23:08:46.0818 6284 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:08:46.0833 6284 LSI_SCSI - ok
23:08:46.0849 6284 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
23:08:46.0849 6284 luafv - ok
23:08:46.0880 6284 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:08:46.0880 6284 Mcx2Svc - ok
23:08:46.0896 6284 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:08:46.0896 6284 megasas - ok
23:08:46.0911 6284 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:08:46.0927 6284 MegaSR - ok
23:08:46.0943 6284 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
23:08:46.0943 6284 MMCSS - ok
23:08:46.0958 6284 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
23:08:46.0958 6284 Modem - ok
23:08:46.0989 6284 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:08:46.0989 6284 monitor - ok
23:08:47.0005 6284 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:08:47.0005 6284 mouclass - ok
23:08:47.0036 6284 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:08:47.0052 6284 mouhid - ok
23:08:47.0067 6284 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:08:47.0067 6284 mountmgr - ok
23:08:47.0083 6284 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
23:08:47.0099 6284 mpio - ok
23:08:47.0099 6284 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:08:47.0114 6284 mpsdrv - ok
23:08:47.0145 6284 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
23:08:47.0145 6284 MpsSvc - ok
23:08:47.0161 6284 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:08:47.0161 6284 MRxDAV - ok
23:08:47.0192 6284 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:08:47.0192 6284 mrxsmb - ok
23:08:47.0255 6284 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:08:47.0255 6284 mrxsmb10 - ok
23:08:47.0270 6284 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:08:47.0286 6284 mrxsmb20 - ok
23:08:47.0317 6284 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
23:08:47.0317 6284 msahci - ok
23:08:47.0333 6284 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
23:08:47.0348 6284 msdsm - ok
23:08:47.0364 6284 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
23:08:47.0364 6284 MSDTC - ok
23:08:47.0395 6284 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:08:47.0395 6284 Msfs - ok
23:08:47.0411 6284 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:08:47.0411 6284 mshidkmdf - ok
23:08:47.0426 6284 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
23:08:47.0426 6284 msisadrv - ok
23:08:47.0457 6284 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:08:47.0473 6284 MSiSCSI - ok
23:08:47.0473 6284 msiserver - ok
23:08:47.0504 6284 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:08:47.0504 6284 MSKSSRV - ok
23:08:47.0520 6284 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:08:47.0520 6284 MSPCLOCK - ok
23:08:47.0535 6284 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:08:47.0535 6284 MSPQM - ok
23:08:47.0551 6284 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:08:47.0567 6284 MsRPC - ok
23:08:47.0582 6284 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:08:47.0582 6284 mssmbios - ok
23:08:47.0598 6284 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:08:47.0598 6284 MSTEE - ok
23:08:47.0613 6284 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:08:47.0629 6284 MTConfig - ok
23:08:47.0645 6284 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
23:08:47.0645 6284 Mup - ok
23:08:47.0660 6284 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
23:08:47.0660 6284 napagent - ok
23:08:47.0691 6284 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:08:47.0691 6284 NativeWifiP - ok
23:08:47.0723 6284 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:08:47.0723 6284 NDIS - ok
23:08:47.0738 6284 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:08:47.0738 6284 NdisCap - ok
23:08:47.0769 6284 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:08:47.0769 6284 NdisTapi - ok
23:08:47.0769 6284 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:08:47.0769 6284 Ndisuio - ok
23:08:47.0785 6284 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:08:47.0785 6284 NdisWan - ok
23:08:47.0801 6284 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:08:47.0801 6284 NDProxy - ok
23:08:47.0816 6284 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:08:47.0816 6284 NetBIOS - ok
23:08:47.0832 6284 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:08:47.0832 6284 NetBT - ok
23:08:47.0832 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
23:08:47.0847 6284 Netlogon - ok
23:08:47.0863 6284 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
23:08:47.0863 6284 Netman - ok
23:08:47.0879 6284 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
23:08:47.0879 6284 netprofm - ok
23:08:47.0910 6284 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:08:47.0910 6284 NetTcpPortSharing - ok
23:08:47.0925 6284 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:08:47.0941 6284 nfrd960 - ok
23:08:47.0941 6284 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
23:08:47.0957 6284 NlaSvc - ok
23:08:47.0957 6284 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:08:47.0972 6284 Npfs - ok
23:08:47.0972 6284 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
23:08:47.0972 6284 nsi - ok
23:08:48.0003 6284 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:08:48.0003 6284 nsiproxy - ok
23:08:48.0050 6284 [ A458A5F7FD79C477D40ED42CF5A230CB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:08:48.0081 6284 Ntfs - ok
23:08:48.0097 6284 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
23:08:48.0097 6284 Null - ok
23:08:48.0113 6284 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:08:48.0113 6284 nvraid - ok
23:08:48.0128 6284 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:08:48.0128 6284 nvstor - ok
23:08:48.0144 6284 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
23:08:48.0159 6284 nv_agp - ok
23:08:48.0159 6284 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:08:48.0175 6284 ohci1394 - ok
23:08:48.0206 6284 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:08:48.0206 6284 ose - ok
23:08:48.0315 6284 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:08:48.0534 6284 osppsvc - ok
23:08:48.0565 6284 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:08:48.0565 6284 p2pimsvc - ok
23:08:48.0581 6284 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
23:08:48.0581 6284 p2psvc - ok
23:08:48.0596 6284 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:08:48.0627 6284 Parport - ok
23:08:48.0659 6284 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:08:48.0659 6284 partmgr - ok
23:08:48.0674 6284 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:08:48.0690 6284 Parvdm - ok
23:08:48.0705 6284 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:08:48.0705 6284 PcaSvc - ok
23:08:48.0721 6284 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
23:08:48.0721 6284 pci - ok
23:08:48.0737 6284 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
23:08:48.0737 6284 pciide - ok
23:08:48.0768 6284 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:08:48.0768 6284 pcmcia - ok
23:08:48.0783 6284 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
23:08:48.0783 6284 pcw - ok
23:08:48.0815 6284 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:08:48.0815 6284 PEAUTH - ok
23:08:48.0861 6284 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
23:08:48.0893 6284 pla - ok
23:08:48.0908 6284 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:08:48.0908 6284 PlugPlay - ok
23:08:48.0924 6284 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:08:48.0924 6284 PNRPAutoReg - ok
23:08:48.0939 6284 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:08:48.0939 6284 PNRPsvc - ok
23:08:48.0955 6284 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:08:48.0955 6284 PolicyAgent - ok
23:08:48.0986 6284 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
23:08:48.0986 6284 Power - ok
23:08:49.0017 6284 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:08:49.0017 6284 PptpMiniport - ok
23:08:49.0033 6284 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:08:49.0033 6284 Processor - ok
23:08:49.0080 6284 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
23:08:49.0080 6284 ProfSvc - ok
23:08:49.0080 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:08:49.0095 6284 ProtectedStorage - ok
23:08:49.0111 6284 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:08:49.0111 6284 Psched - ok
23:08:49.0142 6284 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
23:08:49.0158 6284 PSI_SVC_2 - ok
23:08:49.0189 6284 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:08:49.0220 6284 ql2300 - ok
23:08:49.0251 6284 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:08:49.0267 6284 ql40xx - ok
23:08:49.0283 6284 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
23:08:49.0298 6284 QWAVE - ok
23:08:49.0314 6284 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:08:49.0314 6284 QWAVEdrv - ok
23:08:49.0329 6284 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:08:49.0329 6284 RasAcd - ok
23:08:49.0345 6284 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:08:49.0345 6284 RasAgileVpn - ok
23:08:49.0361 6284 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
23:08:49.0361 6284 RasAuto - ok
23:08:49.0376 6284 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:08:49.0376 6284 Rasl2tp - ok
23:08:49.0407 6284 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
23:08:49.0407 6284 RasMan - ok
23:08:49.0423 6284 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:08:49.0423 6284 RasPppoe - ok
23:08:49.0423 6284 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:08:49.0423 6284 RasSstp - ok
23:08:49.0439 6284 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:08:49.0439 6284 rdbss - ok
23:08:49.0470 6284 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:08:49.0470 6284 rdpbus - ok
23:08:49.0485 6284 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:08:49.0485 6284 RDPCDD - ok
23:08:49.0517 6284 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:08:49.0517 6284 RDPENCDD - ok
23:08:49.0517 6284 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:08:49.0517 6284 RDPREFMP - ok
23:08:49.0563 6284 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:08:49.0563 6284 RDPWD - ok
23:08:49.0595 6284 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:08:49.0595 6284 rdyboost - ok
23:08:49.0610 6284 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
23:08:49.0610 6284 RemoteAccess - ok
23:08:49.0641 6284 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:08:49.0641 6284 RemoteRegistry - ok
23:08:49.0657 6284 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:08:49.0657 6284 RpcEptMapper - ok
23:08:49.0673 6284 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
23:08:49.0673 6284 RpcLocator - ok
23:08:49.0688 6284 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
23:08:49.0688 6284 RpcSs - ok
23:08:49.0704 6284 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:08:49.0704 6284 rspndr - ok
23:08:49.0735 6284 [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
23:08:49.0751 6284 RTL8167 - ok
23:08:49.0797 6284 [ 51ADEF77E4C929535FD50DA153774E79 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
23:08:49.0813 6284 RTL8192su - ok
23:08:49.0813 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
23:08:49.0829 6284 SamSs - ok
23:08:49.0844 6284 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
23:08:49.0844 6284 sbp2port - ok
23:08:49.0860 6284 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:08:49.0875 6284 SCardSvr - ok
23:08:49.0891 6284 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:08:49.0891 6284 scfilter - ok
23:08:49.0922 6284 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
23:08:49.0922 6284 Schedule - ok
23:08:49.0938 6284 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:08:49.0938 6284 SCPolicySvc - ok
23:08:49.0969 6284 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:08:49.0969 6284 SDRSVC - ok
23:08:50.0031 6284 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:08:50.0031 6284 SeaPort - ok
23:08:50.0047 6284 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:08:50.0094 6284 secdrv - ok
23:08:50.0109 6284 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
23:08:50.0109 6284 seclogon - ok
23:08:50.0125 6284 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
23:08:50.0125 6284 SENS - ok
23:08:50.0141 6284 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:08:50.0141 6284 SensrSvc - ok
23:08:50.0172 6284 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:08:50.0187 6284 Serenum - ok
23:08:50.0203 6284 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:08:50.0219 6284 Serial - ok
23:08:50.0219 6284 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:08:50.0250 6284 sermouse - ok
23:08:50.0281 6284 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
23:08:50.0281 6284 SessionEnv - ok
23:08:50.0297 6284 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:08:50.0312 6284 sffdisk - ok
23:08:50.0328 6284 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:08:50.0328 6284 sffp_mmc - ok
23:08:50.0343 6284 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:08:50.0343 6284 sffp_sd - ok
23:08:50.0359 6284 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:08:50.0359 6284 sfloppy - ok
23:08:50.0390 6284 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
23:08:50.0406 6284 Sftfs - ok
23:08:50.0453 6284 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
23:08:50.0453 6284 sftlist - ok
23:08:50.0484 6284 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:08:50.0499 6284 Sftplay - ok
23:08:50.0499 6284 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:08:50.0499 6284 Sftredir - ok
23:08:50.0515 6284 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
23:08:50.0531 6284 Sftvol - ok
23:08:50.0546 6284 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
23:08:50.0546 6284 sftvsa - ok
23:08:50.0562 6284 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:08:50.0562 6284 SharedAccess - ok
23:08:50.0593 6284 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:08:50.0609 6284 ShellHWDetection - ok
23:08:50.0624 6284 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
23:08:50.0655 6284 sisagp - ok
23:08:50.0671 6284 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:08:50.0702 6284 SiSRaid2 - ok
23:08:50.0718 6284 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:08:50.0733 6284 SiSRaid4 - ok
23:08:50.0749 6284 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:08:50.0765 6284 Smb - ok
23:08:50.0874 6284 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:08:50.0874 6284 SNMPTRAP - ok
23:08:50.0905 6284 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
23:08:50.0905 6284 spldr - ok
23:08:50.0952 6284 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
23:08:50.0952 6284 Spooler - ok
23:08:51.0030 6284 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
23:08:51.0061 6284 sppsvc - ok
23:08:51.0077 6284 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:08:51.0092 6284 sppuinotify - ok
23:08:51.0123 6284 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:08:51.0123 6284 srv - ok
23:08:51.0139 6284 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:08:51.0139 6284 srv2 - ok
23:08:51.0139 6284 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:08:51.0139 6284 srvnet - ok
23:08:51.0170 6284 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:08:51.0170 6284 SSDPSRV - ok
23:08:51.0186 6284 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:08:51.0186 6284 SstpSvc - ok
23:08:51.0201 6284 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:08:51.0233 6284 stexstor - ok
23:08:51.0279 6284 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
23:08:51.0295 6284 StiSvc - ok
23:08:51.0295 6284 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:08:51.0326 6284 swenum - ok
23:08:51.0342 6284 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
23:08:51.0357 6284 swprv - ok
23:08:51.0389 6284 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
23:08:51.0404 6284 SysMain - ok
23:08:51.0420 6284 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:08:51.0435 6284 TabletInputService - ok
23:08:51.0435 6284 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
23:08:51.0451 6284 TapiSrv - ok
23:08:51.0451 6284 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
23:08:51.0467 6284 TBS - ok
23:08:51.0513 6284 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:08:51.0529 6284 Tcpip - ok
23:08:51.0560 6284 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:08:51.0560 6284 TCPIP6 - ok
23:08:51.0591 6284 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:08:51.0591 6284 tcpipreg - ok
23:08:51.0607 6284 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:08:51.0607 6284 TDPIPE - ok
23:08:51.0623 6284 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:08:51.0623 6284 TDTCP - ok
23:08:51.0638 6284 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:08:51.0638 6284 tdx - ok
23:08:51.0654 6284 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:08:51.0654 6284 TermDD - ok
23:08:51.0685 6284 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
23:08:51.0685 6284 TermService - ok
23:08:51.0747 6284 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
23:08:51.0747 6284 Themes - ok
23:08:51.0763 6284 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
23:08:51.0763 6284 THREADORDER - ok
23:08:51.0794 6284 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
23:08:51.0794 6284 TrkWks - ok
23:08:51.0857 6284 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:08:51.0857 6284 TrustedInstaller - ok
23:08:51.0872 6284 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:08:51.0872 6284 tssecsrv - ok
23:08:51.0919 6284 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:08:51.0919 6284 tunnel - ok
23:08:51.0935 6284 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:08:51.0966 6284 uagp35 - ok
23:08:51.0981 6284 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:08:51.0981 6284 udfs - ok
23:08:51.0997 6284 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:08:51.0997 6284 UI0Detect - ok
23:08:52.0013 6284 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
23:08:52.0028 6284 uliagpkx - ok
23:08:52.0044 6284 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:08:52.0075 6284 umbus - ok
23:08:52.0106 6284 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:08:52.0106 6284 UmPass - ok
23:08:52.0137 6284 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
23:08:52.0137 6284 upnphost - ok
23:08:52.0184 6284 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:08:52.0184 6284 USBAAPL - ok
23:08:52.0215 6284 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:08:52.0231 6284 usbccgp - ok
23:08:52.0247 6284 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
23:08:52.0247 6284 usbcir - ok
23:08:52.0262 6284 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:08:52.0293 6284 usbehci - ok
23:08:52.0309 6284 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:08:52.0325 6284 usbhub - ok
23:08:52.0340 6284 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:08:52.0340 6284 usbohci - ok
23:08:52.0387 6284 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:08:52.0387 6284 usbprint - ok
23:08:52.0403 6284 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:08:52.0403 6284 usbscan - ok
23:08:52.0403 6284 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:08:52.0418 6284 USBSTOR - ok
23:08:52.0434 6284 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:08:52.0449 6284 usbuhci - ok
23:08:52.0465 6284 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
23:08:52.0465 6284 UxSms - ok
23:08:52.0481 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
23:08:52.0481 6284 VaultSvc - ok
23:08:52.0512 6284 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
23:08:52.0512 6284 vdrvroot - ok
23:08:52.0527 6284 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
23:08:52.0543 6284 vds - ok
23:08:52.0543 6284 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:08:52.0559 6284 vga - ok
23:08:52.0574 6284 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:08:52.0574 6284 VgaSave - ok
23:08:52.0605 6284 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
23:08:52.0637 6284 vhdmp - ok
23:08:52.0652 6284 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
23:08:52.0668 6284 viaagp - ok
23:08:52.0683 6284 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
23:08:52.0683 6284 ViaC7 - ok
23:08:52.0699 6284 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
23:08:52.0715 6284 viaide - ok
23:08:52.0730 6284 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
23:08:52.0730 6284 volmgr - ok
23:08:52.0746 6284 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:08:52.0746 6284 volmgrx - ok
23:08:52.0761 6284 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:08:52.0761 6284 volsnap - ok
23:08:52.0793 6284 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:08:52.0824 6284 vsmraid - ok
23:08:52.0855 6284 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
23:08:52.0871 6284 VSS - ok
23:08:52.0886 6284 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:08:52.0886 6284 vwifibus - ok
23:08:52.0902 6284 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:08:52.0902 6284 vwififlt - ok
23:08:52.0933 6284 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
23:08:52.0933 6284 W32Time - ok
23:08:52.0964 6284 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:08:52.0980 6284 WacomPen - ok
23:08:52.0995 6284 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:08:52.0995 6284 WANARP - ok
23:08:52.0995 6284 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:08:52.0995 6284 Wanarpv6 - ok
23:08:53.0027 6284 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
23:08:53.0042 6284 wbengine - ok
23:08:53.0058 6284 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:08:53.0058 6284 WbioSrvc - ok
23:08:53.0089 6284 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:08:53.0089 6284 wcncsvc - ok
23:08:53.0120 6284 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:08:53.0120 6284 WcsPlugInService - ok
23:08:53.0151 6284 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:08:53.0151 6284 Wd - ok
23:08:53.0183 6284 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:08:53.0198 6284 Wdf01000 - ok
23:08:53.0214 6284 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:08:53.0214 6284 WdiServiceHost - ok
23:08:53.0229 6284 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:08:53.0229 6284 WdiSystemHost - ok
23:08:53.0261 6284 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
23:08:53.0261 6284 WebClient - ok
23:08:53.0276 6284 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:08:53.0276 6284 Wecsvc - ok
23:08:53.0292 6284 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:08:53.0292 6284 wercplsupport - ok
23:08:53.0323 6284 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
23:08:53.0323 6284 WerSvc - ok
23:08:53.0354 6284 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:08:53.0354 6284 WfpLwf - ok
23:08:53.0370 6284 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:08:53.0370 6284 WIMMount - ok
23:08:53.0401 6284 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:08:53.0417 6284 WinDefend - ok
23:08:53.0417 6284 WinHttpAutoProxySvc - ok
23:08:53.0463 6284 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:08:53.0479 6284 Winmgmt - ok
23:08:53.0510 6284 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
23:08:53.0526 6284 WinRM - ok
23:08:53.0573 6284 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:08:53.0588 6284 WinUsb - ok
23:08:53.0619 6284 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:08:53.0635 6284 Wlansvc - ok
23:08:53.0697 6284 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:08:53.0775 6284 wlidsvc - ok
23:08:53.0791 6284 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:08:53.0807 6284 WmiAcpi - ok
23:08:53.0838 6284 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:08:53.0838 6284 wmiApSrv - ok
23:08:53.0885 6284 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:08:53.0900 6284 WMPNetworkSvc - ok
23:08:53.0916 6284 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:08:53.0916 6284 WPCSvc - ok
23:08:53.0931 6284 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:08:53.0931 6284 WPDBusEnum - ok
23:08:53.0947 6284 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:08:53.0947 6284 ws2ifsl - ok
23:08:53.0963 6284 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\System32\wscsvc.dll
23:08:53.0978 6284 wscsvc - ok
23:08:53.0978 6284 WSearch - ok
23:08:54.0041 6284 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:08:54.0056 6284 wuauserv - ok
23:08:54.0087 6284 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:08:54.0087 6284 WudfPf - ok
23:08:54.0103 6284 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:08:54.0103 6284 WUDFRd - ok
23:08:54.0134 6284 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:08:54.0134 6284 wudfsvc - ok
23:08:54.0165 6284 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:08:54.0165 6284 WwanSvc - ok
23:08:54.0181 6284 ================ Scan global ===============================
23:08:54.0197 6284 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
23:08:54.0228 6284 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
23:08:54.0243 6284 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
23:08:54.0259 6284 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:08:54.0275 6284 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:08:54.0290 6284 [Global] - ok
23:08:54.0290 6284 ================ Scan MBR ==================================
23:08:54.0290 6284 [ C79B30CB8852157F6F908E4698CFE0D0 ] \Device\Harddisk0\DR0
23:08:56.0521 6284 \Device\Harddisk0\DR0 - ok
23:08:56.0521 6284 ================ Scan VBR ==================================
23:08:56.0521 6284 [ A96290B5401C2DA5A08BB9471D76D503 ] \Device\Harddisk0\DR0\Partition1
23:08:56.0521 6284 \Device\Harddisk0\DR0\Partition1 - ok
23:08:56.0537 6284 [ 046BBD7303F14EB983A3F0C302651470 ] \Device\Harddisk0\DR0\Partition2
23:08:56.0537 6284 \Device\Harddisk0\DR0\Partition2 - ok
23:08:56.0583 6284 [ 376B50B18DD730F4A63E4B8227F4638C ] \Device\Harddisk0\DR0\Partition3
23:08:56.0583 6284 \Device\Harddisk0\DR0\Partition3 - ok
23:08:56.0583 6284 ============================================================
23:08:56.0583 6284 Scan finished
23:08:56.0583 6284 ============================================================
23:08:56.0599 3320 Detected object count: 0
23:08:56.0599 3320 Actual detected object count: 0701

cosinus 21.04.2013 00:01
Nochmal: Bitte die (folgenden) Logs in CODE-Tags posten, wurde anfangs schon ausführlichst beschrieben wie das geht. aswMBR lief nicht richtig, bitte nochmal wiederholen

tseb 21.04.2013 10:36
Liste der Anhänge anzeigen (Anzahl: 1)
Also das aswMBR funktioniert irgendwie nicht richtig, ich denke es hängt sich nach einigen Minuten immer auf.

Zitat:
"Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja."

-> diese Frage wurde mir gar nicht gestellt. Es wurde nur von Kaspersky gemeldet, ich habe es freigegeben und dann Scan gedrückt. Die Meldung " Scan finished successfully " ist auch nicht gekommen.

Das Tool läuft einige Miunuten und bleibt dann an der Stelle wie im Anhang zu sehen stehen.

cosinus 21.04.2013 22:52
Guck mal was da noch in der Anleitung stand:

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

tseb 22.04.2013 22:13
So, zunächst hat es sich nochmal aufgehangen. Anschließend mit der Einstellung "none" hat es funktioniert:

Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-20 22:44:34
-----------------------------
22:44:34.436    OS Version: Windows 6.1.7600
22:44:34.436    Number of processors: 2 586 0x170A
22:44:34.436    ComputerName: ´XYZ  UserName:
22:44:38.446    Initialize success
22:52:52.689    AVAST engine defs: 13042000
23:06:32.408    The log file has been saved successfully to "C:\Users\XYZ\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-22 22:55:17
-----------------------------
22:55:17.984    OS Version: Windows 6.1.7600
22:55:17.984    Number of processors: 2 586 0x170A
22:55:17.994    ComputerName:  UserName:
22:55:20.074    Initialize success
22:55:31.045    AVAST engine defs: 13042201
22:55:42.672    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:55:42.672    Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
22:55:43.232    Disk 0 MBR read successfully
22:55:43.232    Disk 0 MBR scan
22:55:43.604    Disk 0 unknown MBR code
22:55:43.834    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:55:44.134    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      911782 MB offset 206848
22:55:44.194    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        40960 MB offset 1867536384
22:55:44.444    Disk 0 Partition 4 00    12  Compaq diag NTFS        1025 MB offset 1951422464
22:55:44.494    Disk 0 scanning sectors +1953521664
22:55:45.314    Disk 0 scanning C:\Windows\system32\drivers
22:56:08.797    Service scanning
22:56:16.550    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
22:56:16.620    Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
22:56:16.730    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
22:56:16.760    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
22:56:27.472    Modules scanning
22:56:45.340    Disk 0 trace - called modules:
22:56:45.380    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
22:56:45.380    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88d9d7a0]
22:56:45.390    3 CLASSPNP.SYS[8cb9359e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86edf028]
22:56:45.400    Scan finished successfully
23:08:01.143    Disk 0 MBR has been saved successfully to "C:\Users\\Desktop\MBR.dat"
23:08:01.153    The log file has been saved successfully to "C:\Users\\Desktop\aswMBR.txt"

cosinus 22.04.2013 22:45
Zitat:
23:08:38.0097 6284 Scan started
23:08:38.0097 6284 Mode: Manual;
Der tdsskiller wurde auch falsch eingestellt, bitte nochmal richtig machen.

tseb 22.04.2013 23:01
Code:
23:54:14.0046 4100  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:54:14.0452 4100  ============================================================
23:54:14.0452 4100  Current date / time: 2013/04/22 23:54:14.0452
23:54:14.0452 4100  SystemInfo:
23:54:14.0452 4100 
23:54:14.0452 4100  OS Version: 6.1.7600 ServicePack: 0.0
23:54:14.0452 4100  Product type: Workstation
23:54:14.0452 4100  ComputerName:
23:54:14.0452 4100  UserName: XYZ
23:54:14.0452 4100  Windows directory: C:\Windows
23:54:14.0452 4100  System windows directory: C:\Windows
23:54:14.0452 4100  Processor architecture: Intel x86
23:54:14.0452 4100  Number of processors: 2
23:54:14.0452 4100  Page size: 0x1000
23:54:14.0452 4100  Boot type: Normal boot
23:54:14.0452 4100  ============================================================
23:54:15.0107 4100  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:54:15.0200 4100  ============================================================
23:54:15.0200 4100  \Device\Harddisk0\DR0:
23:54:15.0200 4100  MBR partitions:
23:54:15.0200 4100  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:54:15.0200 4100  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F4D3000
23:54:15.0200 4100  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6F505800, BlocksNum 0x5000000
23:54:15.0200 4100  ============================================================
23:54:15.0232 4100  C: <-> \Device\Harddisk0\DR0\Partition2
23:54:15.0294 4100  D: <-> \Device\Harddisk0\DR0\Partition3
23:54:15.0325 4100  ============================================================
23:54:15.0325 4100  Initialize success
23:54:15.0325 4100  ============================================================
23:55:27.0917 6136  ============================================================
23:55:27.0917 6136  Scan started
23:55:27.0917 6136  Mode: Manual; SigCheck; TDLFS;
23:55:27.0917 6136  ============================================================
23:55:29.0836 6136  ================ Scan system memory ========================
23:55:29.0836 6136  System memory - ok
23:55:29.0836 6136  ================ Scan services =============================
23:55:30.0039 6136  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
23:55:30.0210 6136  1394ohci - ok
23:55:30.0288 6136  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:55:30.0320 6136  ACDaemon - ok
23:55:30.0366 6136  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
23:55:30.0382 6136  ACPI - ok
23:55:30.0413 6136  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi        C:\Windows\system32\DRIVERS\acpipmi.sys
23:55:30.0444 6136  AcpiPmi - ok
23:55:30.0476 6136  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
23:55:30.0491 6136  adp94xx - ok
23:55:30.0507 6136  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
23:55:30.0538 6136  adpahci - ok
23:55:30.0569 6136  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
23:55:30.0585 6136  adpu320 - ok
23:55:30.0600 6136  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
23:55:30.0632 6136  AeLookupSvc - ok
23:55:30.0678 6136  [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD            C:\Windows\system32\drivers\afd.sys
23:55:30.0756 6136  AFD - ok
23:55:30.0788 6136  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
23:55:30.0803 6136  agp440 - ok
23:55:30.0834 6136  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
23:55:30.0850 6136  aic78xx - ok
23:55:30.0866 6136  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
23:55:30.0912 6136  ALG - ok
23:55:30.0928 6136  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
23:55:30.0928 6136  aliide - ok
23:55:30.0959 6136  [ 60201AD353105D8C6796C1B69E6C49F0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:55:31.0006 6136  AMD External Events Utility - ok
23:55:31.0022 6136  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
23:55:31.0037 6136  amdagp - ok
23:55:31.0053 6136  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
23:55:31.0068 6136  amdide - ok
23:55:31.0084 6136  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
23:55:31.0115 6136  AmdK8 - ok
23:55:31.0240 6136  [ 51610B74A9A1D84DC86FCE1019BEAFF4 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:55:31.0365 6136  amdkmdag - ok
23:55:31.0380 6136  [ CD1D86AB81EECE67D7BD6F7EF9786CCC ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:55:31.0427 6136  amdkmdap - ok
23:55:31.0443 6136  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:55:31.0474 6136  AmdPPM - ok
23:55:31.0490 6136  [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
23:55:31.0505 6136  amdsata - ok
23:55:31.0521 6136  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:55:31.0536 6136  amdsbs - ok
23:55:31.0552 6136  [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
23:55:31.0568 6136  amdxata - ok
23:55:31.0583 6136  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID          C:\Windows\system32\drivers\appid.sys
23:55:31.0614 6136  AppID - ok
23:55:31.0646 6136  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:55:31.0755 6136  AppIDSvc - ok
23:55:31.0770 6136  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo        C:\Windows\System32\appinfo.dll
23:55:31.0802 6136  Appinfo - ok
23:55:31.0864 6136  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:55:31.0895 6136  Apple Mobile Device - ok
23:55:31.0989 6136  [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
23:55:32.0020 6136  Application Updater - ok
23:55:32.0051 6136  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\DRIVERS\arc.sys
23:55:32.0067 6136  arc - ok
23:55:32.0082 6136  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:55:32.0082 6136  arcsas - ok
23:55:32.0098 6136  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:55:32.0129 6136  AsyncMac - ok
23:55:32.0145 6136  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\DRIVERS\atapi.sys
23:55:32.0160 6136  atapi - ok
23:55:32.0207 6136  [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
23:55:32.0223 6136  AtiHdmiService - ok
23:55:32.0238 6136  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:55:32.0285 6136  AudioEndpointBuilder - ok
23:55:32.0285 6136  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:55:32.0316 6136  Audiosrv - ok
23:55:32.0348 6136  AVP - ok
23:55:32.0379 6136  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:55:32.0457 6136  AxInstSV - ok
23:55:32.0488 6136  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
23:55:32.0582 6136  b06bdrv - ok
23:55:32.0597 6136  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:55:32.0613 6136  b57nd60x - ok
23:55:32.0644 6136  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:55:32.0691 6136  BDESVC - ok
23:55:32.0706 6136  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:55:32.0738 6136  Beep - ok
23:55:32.0753 6136  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE            C:\Windows\System32\bfe.dll
23:55:32.0800 6136  BFE - ok
23:55:32.0831 6136  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\Windows\System32\qmgr.dll
23:55:32.0878 6136  BITS - ok
23:55:32.0894 6136  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:55:32.0909 6136  blbdrive - ok
23:55:32.0972 6136  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:55:33.0034 6136  Bonjour Service - ok
23:55:33.0050 6136  [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:55:33.0081 6136  bowser - ok
23:55:33.0096 6136  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:55:33.0128 6136  BrFiltLo - ok
23:55:33.0143 6136  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:55:33.0174 6136  BrFiltUp - ok
23:55:33.0206 6136  [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser        C:\Windows\System32\browser.dll
23:55:33.0221 6136  Browser - ok
23:55:33.0237 6136  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
23:55:33.0284 6136  Brserid - ok
23:55:33.0299 6136  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:55:33.0330 6136  BrSerWdm - ok
23:55:33.0346 6136  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:55:33.0377 6136  BrUsbMdm - ok
23:55:33.0393 6136  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:55:33.0424 6136  BrUsbSer - ok
23:55:33.0440 6136  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:55:33.0471 6136  BTHMODEM - ok
23:55:33.0486 6136  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
23:55:33.0518 6136  bthserv - ok
23:55:33.0564 6136  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:55:33.0596 6136  cdfs - ok
23:55:33.0611 6136  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
23:55:33.0642 6136  cdrom - ok
23:55:33.0658 6136  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc    C:\Windows\System32\certprop.dll
23:55:33.0689 6136  CertPropSvc - ok
23:55:33.0705 6136  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:55:33.0720 6136  circlass - ok
23:55:33.0736 6136  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
23:55:33.0752 6136  CLFS - ok
23:55:33.0798 6136  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:55:33.0814 6136  clr_optimization_v2.0.50727_32 - ok
23:55:33.0861 6136  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:55:33.0892 6136  clr_optimization_v4.0.30319_32 - ok
23:55:33.0923 6136  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:55:33.0939 6136  CmBatt - ok
23:55:33.0970 6136  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
23:55:33.0986 6136  cmdide - ok
23:55:34.0017 6136  [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG            C:\Windows\system32\Drivers\cng.sys
23:55:34.0048 6136  CNG - ok
23:55:34.0064 6136  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:55:34.0064 6136  Compbatt - ok
23:55:34.0110 6136  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:55:34.0126 6136  CompositeBus - ok
23:55:34.0142 6136  COMSysApp - ok
23:55:34.0157 6136  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
23:55:34.0173 6136  crcdisk - ok
23:55:34.0204 6136  [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:55:34.0235 6136  CryptSvc - ok
23:55:34.0313 6136  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:55:34.0360 6136  cvhsvc - ok
23:55:34.0407 6136  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:55:34.0438 6136  DcomLaunch - ok
23:55:34.0454 6136  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
23:55:34.0500 6136  defragsvc - ok
23:55:34.0547 6136  [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:55:34.0594 6136  DfsC - ok
23:55:34.0625 6136  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:55:34.0656 6136  Dhcp - ok
23:55:34.0688 6136  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
23:55:34.0750 6136  discache - ok
23:55:34.0766 6136  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:55:34.0781 6136  Disk - ok
23:55:34.0812 6136  [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:55:34.0844 6136  Dnscache - ok
23:55:34.0875 6136  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc        C:\Windows\System32\dot3svc.dll
23:55:34.0906 6136  dot3svc - ok
23:55:34.0922 6136  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS            C:\Windows\system32\dps.dll
23:55:34.0953 6136  DPS - ok
23:55:34.0984 6136  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
23:55:35.0015 6136  drmkaud - ok
23:55:35.0046 6136  [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
23:55:35.0062 6136  DXGKrnl - ok
23:55:35.0078 6136  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
23:55:35.0124 6136  EapHost - ok
23:55:35.0234 6136  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
23:55:35.0280 6136  ebdrv - ok
23:55:35.0296 6136  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS            C:\Windows\System32\lsass.exe
23:55:35.0327 6136  EFS - ok
23:55:35.0374 6136  [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
23:55:35.0405 6136  ehRecvr - ok
23:55:35.0436 6136  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\Windows\ehome\ehsched.exe
23:55:35.0468 6136  ehSched - ok
23:55:35.0499 6136  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
23:55:35.0530 6136  elxstor - ok
23:55:35.0546 6136  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
23:55:35.0577 6136  ErrDev - ok
23:55:35.0608 6136  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
23:55:35.0655 6136  EventSystem - ok
23:55:35.0670 6136  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
23:55:35.0702 6136  exfat - ok
23:55:35.0717 6136  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
23:55:35.0748 6136  fastfat - ok
23:55:35.0780 6136  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax            C:\Windows\system32\fxssvc.exe
23:55:35.0811 6136  Fax - ok
23:55:35.0842 6136  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
23:55:35.0858 6136  fdc - ok
23:55:35.0889 6136  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
23:55:35.0920 6136  fdPHost - ok
23:55:35.0936 6136  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
23:55:35.0951 6136  FDResPub - ok
23:55:35.0982 6136  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:55:35.0998 6136  FileInfo - ok
23:55:35.0998 6136  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
23:55:36.0029 6136  Filetrace - ok
23:55:36.0060 6136  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:55:36.0092 6136  flpydisk - ok
23:55:36.0107 6136  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:55:36.0138 6136  FltMgr - ok
23:55:36.0170 6136  [ 7FE4995528A7529A761875151EE3D512 ] FontCache      C:\Windows\system32\FntCache.dll
23:55:36.0232 6136  FontCache - ok
23:55:36.0263 6136  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:55:36.0294 6136  FontCache3.0.0.0 - ok
23:55:36.0310 6136  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
23:55:36.0326 6136  FsDepends - ok
23:55:36.0388 6136  [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:55:36.0419 6136  Fs_Rec - ok
23:55:36.0450 6136  [ 4732E596BB1C50D9F9188C5074EE7782 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:55:36.0482 6136  fvevol - ok
23:55:36.0513 6136  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:55:36.0528 6136  gagp30kx - ok
23:55:36.0560 6136  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:55:36.0575 6136  GEARAspiWDM - ok
23:55:36.0606 6136  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc          C:\Windows\System32\gpsvc.dll
23:55:36.0638 6136  gpsvc - ok
23:55:36.0684 6136  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
23:55:36.0700 6136  gupdate - ok
23:55:36.0716 6136  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:55:36.0731 6136  gupdatem - ok
23:55:36.0747 6136  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:55:36.0762 6136  gusvc - ok
23:55:36.0778 6136  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:55:36.0840 6136  hcw85cir - ok
23:55:36.0856 6136  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:55:36.0887 6136  HdAudAddService - ok
23:55:36.0918 6136  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:55:36.0950 6136  HDAudBus - ok
23:55:36.0965 6136  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
23:55:36.0981 6136  HidBatt - ok
23:55:36.0996 6136  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:55:37.0012 6136  HidBth - ok
23:55:37.0028 6136  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
23:55:37.0059 6136  HidIr - ok
23:55:37.0074 6136  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
23:55:37.0106 6136  hidserv - ok
23:55:37.0121 6136  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:55:37.0137 6136  HidUsb - ok
23:55:37.0168 6136  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:55:37.0199 6136  hkmsvc - ok
23:55:37.0199 6136  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:55:37.0230 6136  HomeGroupListener - ok
23:55:37.0262 6136  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:55:37.0277 6136  HomeGroupProvider - ok
23:55:37.0293 6136  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
23:55:37.0308 6136  HpSAMD - ok
23:55:37.0340 6136  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:55:37.0386 6136  HTTP - ok
23:55:37.0386 6136  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:55:37.0402 6136  hwpolicy - ok
23:55:37.0449 6136  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:55:37.0480 6136  i8042prt - ok
23:55:37.0496 6136  [ 26541A068572F650A2FA490726FE81BE ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:55:37.0511 6136  iaStor - ok
23:55:37.0542 6136  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:55:37.0542 6136  IAStorDataMgrSvc - ok
23:55:37.0589 6136  [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
23:55:37.0605 6136  iaStorV - ok
23:55:37.0667 6136  [ B1A28FA1AFDE10B95FF9354B15701D70 ] ICQ Service    C:\Program Files\ICQ6Toolbar\ICQ Service.exe
23:55:37.0699 6136  ICQ Service - ok
23:55:37.0745 6136  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:55:37.0777 6136  IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:55:37.0777 6136  IDriverT - detected UnsignedFile.Multi.Generic (1)
23:55:37.0823 6136  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:55:37.0870 6136  idsvc - ok
23:55:37.0964 6136  [ AD626F6964F4D364D226C39E06872DD3 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
23:55:38.0073 6136  igfx - ok
23:55:38.0104 6136  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
23:55:38.0104 6136  iirsp - ok
23:55:38.0151 6136  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:55:38.0182 6136  IKEEXT - ok
23:55:38.0291 6136  [ F4427E5DF32CDE359B2E2E5512D18001 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:55:38.0416 6136  IntcAzAudAddService - ok
23:55:38.0447 6136  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
23:55:38.0463 6136  intelide - ok
23:55:38.0494 6136  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:55:38.0510 6136  intelppm - ok
23:55:38.0525 6136  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
23:55:38.0572 6136  IPBusEnum - ok
23:55:38.0588 6136  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:55:38.0619 6136  IpFilterDriver - ok
23:55:38.0635 6136  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:55:38.0666 6136  iphlpsvc - ok
23:55:38.0681 6136  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV        C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:55:38.0697 6136  IPMIDRV - ok
23:55:38.0713 6136  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
23:55:38.0759 6136  IPNAT - ok
23:55:38.0806 6136  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:55:38.0822 6136  iPod Service - ok
23:55:38.0837 6136  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:55:38.0853 6136  IRENUM - ok
23:55:38.0869 6136  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
23:55:38.0884 6136  isapnp - ok
23:55:38.0900 6136  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:55:38.0915 6136  iScsiPrt - ok
23:55:38.0947 6136  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:55:38.0962 6136  kbdclass - ok
23:55:38.0978 6136  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:55:39.0009 6136  kbdhid - ok
23:55:39.0025 6136  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso          C:\Windows\system32\lsass.exe
23:55:39.0040 6136  KeyIso - ok
23:55:39.0087 6136  [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1            C:\Windows\system32\DRIVERS\kl1.sys
23:55:39.0087 6136  KL1 - ok
23:55:39.0103 6136  [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2            C:\Windows\system32\DRIVERS\kl2.sys
23:55:39.0118 6136  kl2 - ok
23:55:39.0149 6136  [ D4C57824767D3ECBD89883A33F4FD87A ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
23:55:39.0165 6136  KLIF - ok
23:55:39.0212 6136  [ 6295A19003F935ECC6CCBE9E2376427B ] KLIM6          C:\Windows\system32\DRIVERS\klim6.sys
23:55:39.0227 6136  KLIM6 - ok
23:55:39.0227 6136  [ 3DE1771C135328420315E21DDE229BBA ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
23:55:39.0243 6136  klmouflt - ok
23:55:39.0274 6136  [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:55:39.0290 6136  KSecDD - ok
23:55:39.0290 6136  [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
23:55:39.0305 6136  KSecPkg - ok
23:55:39.0337 6136  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
23:55:39.0383 6136  KtmRm - ok
23:55:39.0415 6136  [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:55:39.0446 6136  LanmanServer - ok
23:55:39.0461 6136  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:55:39.0493 6136  LanmanWorkstation - ok
23:55:39.0539 6136  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:55:39.0586 6136  lltdio - ok
23:55:39.0602 6136  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
23:55:39.0633 6136  lltdsvc - ok
23:55:39.0649 6136  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
23:55:39.0695 6136  lmhosts - ok
23:55:39.0711 6136  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:55:39.0727 6136  LSI_FC - ok
23:55:39.0758 6136  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
23:55:39.0789 6136  LSI_SAS - ok
23:55:39.0805 6136  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:55:39.0805 6136  LSI_SAS2 - ok
23:55:39.0836 6136  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:55:39.0851 6136  LSI_SCSI - ok
23:55:39.0867 6136  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
23:55:39.0883 6136  luafv - ok
23:55:39.0914 6136  [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
23:55:39.0945 6136  Mcx2Svc - ok
23:55:39.0945 6136  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
23:55:39.0961 6136  megasas - ok
23:55:39.0992 6136  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:55:40.0007 6136  MegaSR - ok
23:55:40.0023 6136  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
23:55:40.0054 6136  MMCSS - ok
23:55:40.0070 6136  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
23:55:40.0101 6136  Modem - ok
23:55:40.0132 6136  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
23:55:40.0148 6136  monitor - ok
23:55:40.0179 6136  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:55:40.0195 6136  mouclass - ok
23:55:40.0210 6136  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:55:40.0226 6136  mouhid - ok
23:55:40.0241 6136  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:55:40.0257 6136  mountmgr - ok
23:55:40.0273 6136  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
23:55:40.0288 6136  mpio - ok
23:55:40.0288 6136  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:55:40.0319 6136  mpsdrv - ok
23:55:40.0351 6136  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:55:40.0413 6136  MpsSvc - ok
23:55:40.0444 6136  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:55:40.0460 6136  MRxDAV - ok
23:55:40.0507 6136  [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:55:40.0553 6136  mrxsmb - ok
23:55:40.0585 6136  [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:55:40.0616 6136  mrxsmb10 - ok
23:55:40.0616 6136  [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:55:40.0631 6136  mrxsmb20 - ok
23:55:40.0647 6136  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
23:55:40.0663 6136  msahci - ok
23:55:40.0678 6136  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm          C:\Windows\system32\DRIVERS\msdsm.sys
23:55:40.0694 6136  msdsm - ok
23:55:40.0709 6136  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
23:55:40.0741 6136  MSDTC - ok
23:55:40.0756 6136  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:55:40.0803 6136  Msfs - ok
23:55:40.0819 6136  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
23:55:40.0834 6136  mshidkmdf - ok
23:55:40.0850 6136  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
23:55:40.0865 6136  msisadrv - ok
23:55:40.0897 6136  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
23:55:40.0928 6136  MSiSCSI - ok
23:55:40.0928 6136  msiserver - ok
23:55:40.0959 6136  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
23:55:40.0975 6136  MSKSSRV - ok
23:55:40.0990 6136  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:55:41.0021 6136  MSPCLOCK - ok
23:55:41.0021 6136  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
23:55:41.0053 6136  MSPQM - ok
23:55:41.0068 6136  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
23:55:41.0068 6136  MsRPC - ok
23:55:41.0084 6136  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:55:41.0099 6136  mssmbios - ok
23:55:41.0099 6136  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
23:55:41.0131 6136  MSTEE - ok
23:55:41.0146 6136  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:55:41.0162 6136  MTConfig - ok
23:55:41.0177 6136  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
23:55:41.0177 6136  Mup - ok
23:55:41.0193 6136  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
23:55:41.0224 6136  napagent - ok
23:55:41.0255 6136  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
23:55:41.0287 6136  NativeWifiP - ok
23:55:41.0318 6136  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:55:41.0349 6136  NDIS - ok
23:55:41.0349 6136  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
23:55:41.0380 6136  NdisCap - ok
23:55:41.0411 6136  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:55:41.0443 6136  NdisTapi - ok
23:55:41.0458 6136  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
23:55:41.0489 6136  Ndisuio - ok
23:55:41.0489 6136  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
23:55:41.0536 6136  NdisWan - ok
23:55:41.0552 6136  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
23:55:41.0583 6136  NDProxy - ok
23:55:41.0599 6136  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
23:55:41.0645 6136  NetBIOS - ok
23:55:41.0645 6136  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
23:55:41.0677 6136  NetBT - ok
23:55:41.0677 6136  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon        C:\Windows\system32\lsass.exe
23:55:41.0692 6136  Netlogon - ok
23:55:41.0723 6136  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
23:55:41.0755 6136  Netman - ok
23:55:41.0770 6136  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
23:55:41.0801 6136  netprofm - ok
23:55:41.0817 6136  [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:55:41.0833 6136  NetTcpPortSharing - ok
23:55:41.0848 6136  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
23:55:41.0864 6136  nfrd960 - ok
23:55:41.0879 6136  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:55:41.0911 6136  NlaSvc - ok
23:55:41.0926 6136  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:55:41.0957 6136  Npfs - ok
23:55:41.0957 6136  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
23:55:41.0989 6136  nsi - ok
23:55:42.0004 6136  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:55:42.0020 6136  nsiproxy - ok
23:55:42.0067 6136  [ A458A5F7FD79C477D40ED42CF5A230CB ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:55:42.0098 6136  Ntfs - ok
23:55:42.0129 6136  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
23:55:42.0160 6136  Null - ok
23:55:42.0176 6136  [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:55:42.0191 6136  nvraid - ok
23:55:42.0207 6136  [ 4520B63899E867F354EE012D34E11536 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:55:42.0223 6136  nvstor - ok
23:55:42.0238 6136  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
23:55:42.0254 6136  nv_agp - ok
23:55:42.0269 6136  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
23:55:42.0285 6136  ohci1394 - ok
23:55:42.0332 6136  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:55:42.0332 6136  ose - ok
23:55:42.0472 6136  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:55:42.0566 6136  osppsvc - ok
23:55:42.0613 6136  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:55:42.0644 6136  p2pimsvc - ok
23:55:42.0659 6136  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:55:42.0675 6136  p2psvc - ok
23:55:42.0691 6136  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
23:55:42.0706 6136  Parport - ok
23:55:42.0737 6136  [ 66D3415C159741ADE7038A277EFFF99F ] partmgr        C:\Windows\system32\drivers\partmgr.sys
23:55:42.0753 6136  partmgr - ok
23:55:42.0769 6136  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
23:55:42.0784 6136  Parvdm - ok
23:55:42.0800 6136  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:55:42.0831 6136  PcaSvc - ok
23:55:42.0847 6136  [ C858CB77C577780ECC456A892E7E7D0F ] pci            C:\Windows\system32\DRIVERS\pci.sys
23:55:42.0862 6136  pci - ok
23:55:42.0878 6136  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
23:55:42.0878 6136  pciide - ok
23:55:42.0893 6136  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:55:42.0909 6136  pcmcia - ok
23:55:42.0940 6136  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
23:55:42.0956 6136  pcw - ok
23:55:42.0971 6136  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:55:43.0018 6136  PEAUTH - ok
23:55:43.0081 6136  [ 9C1BFF7910C89A1D12E57343475840CB ] pla            C:\Windows\system32\pla.dll
23:55:43.0127 6136  pla - ok
23:55:43.0159 6136  [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:55:43.0221 6136  PlugPlay - ok
23:55:43.0237 6136  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
23:55:43.0252 6136  PNRPAutoReg - ok
23:55:43.0268 6136  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
23:55:43.0283 6136  PNRPsvc - ok
23:55:43.0315 6136  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
23:55:43.0361 6136  PolicyAgent - ok
23:55:43.0377 6136  [ DBFF83F709A91049621C1D35DD45C92C ] Power          C:\Windows\system32\umpo.dll
23:55:43.0408 6136  Power - ok
23:55:43.0439 6136  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:55:43.0471 6136  PptpMiniport - ok
23:55:43.0486 6136  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
23:55:43.0502 6136  Processor - ok
23:55:43.0549 6136  [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc        C:\Windows\system32\profsvc.dll
23:55:43.0595 6136  ProfSvc - ok
23:55:43.0595 6136  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:55:43.0611 6136  ProtectedStorage - ok
23:55:43.0642 6136  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:55:43.0673 6136  Psched - ok
23:55:43.0689 6136  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2      c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
23:55:43.0736 6136  PSI_SVC_2 - ok
23:55:43.0767 6136  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:55:43.0798 6136  ql2300 - ok
23:55:43.0829 6136  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:55:43.0845 6136  ql40xx - ok
23:55:43.0861 6136  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
23:55:43.0892 6136  QWAVE - ok
23:55:43.0892 6136  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:55:43.0923 6136  QWAVEdrv - ok
23:55:43.0939 6136  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:55:43.0970 6136  RasAcd - ok
23:55:43.0985 6136  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
23:55:44.0017 6136  RasAgileVpn - ok
23:55:44.0032 6136  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
23:55:44.0063 6136  RasAuto - ok
23:55:44.0079 6136  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
23:55:44.0126 6136  Rasl2tp - ok
23:55:44.0157 6136  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
23:55:44.0188 6136  RasMan - ok
23:55:44.0204 6136  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:55:44.0235 6136  RasPppoe - ok
23:55:44.0251 6136  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
23:55:44.0297 6136  RasSstp - ok
23:55:44.0313 6136  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
23:55:44.0329 6136  rdbss - ok
23:55:44.0360 6136  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:55:44.0375 6136  rdpbus - ok
23:55:44.0453 6136  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:55:44.0500 6136  RDPCDD - ok
23:55:44.0516 6136  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:55:44.0547 6136  RDPENCDD - ok
23:55:44.0563 6136  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:55:44.0594 6136  RDPREFMP - ok
23:55:44.0625 6136  [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
23:55:44.0656 6136  RDPWD - ok
23:55:44.0672 6136  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:55:44.0687 6136  rdyboost - ok
23:55:44.0703 6136  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:55:44.0734 6136  RemoteAccess - ok
23:55:44.0750 6136  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:55:44.0797 6136  RemoteRegistry - ok
23:55:44.0797 6136  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:55:44.0828 6136  RpcEptMapper - ok
23:55:44.0843 6136  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
23:55:44.0859 6136  RpcLocator - ok
23:55:44.0875 6136  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs          C:\Windows\system32\rpcss.dll
23:55:44.0906 6136  RpcSs - ok
23:55:44.0921 6136  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:55:44.0937 6136  rspndr - ok
23:55:44.0968 6136  [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167        C:\Windows\system32\DRIVERS\Rt86win7.sys
23:55:45.0015 6136  RTL8167 - ok
23:55:45.0046 6136  [ 51ADEF77E4C929535FD50DA153774E79 ] RTL8192su      C:\Windows\system32\DRIVERS\RTL8192su.sys
23:55:45.0093 6136  RTL8192su - ok
23:55:45.0093 6136  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs          C:\Windows\system32\lsass.exe
23:55:45.0109 6136  SamSs - ok
23:55:45.0140 6136  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
23:55:45.0155 6136  sbp2port - ok
23:55:45.0171 6136  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:55:45.0202 6136  SCardSvr - ok
23:55:45.0233 6136  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:55:45.0249 6136  scfilter - ok
23:55:45.0280 6136  [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule        C:\Windows\system32\schedsvc.dll
23:55:45.0311 6136  Schedule - ok
23:55:45.0327 6136  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc    C:\Windows\System32\certprop.dll
23:55:45.0358 6136  SCPolicySvc - ok
23:55:45.0374 6136  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:55:45.0421 6136  SDRSVC - ok
23:55:45.0467 6136  [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort        C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:55:45.0499 6136  SeaPort - ok
23:55:45.0514 6136  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:55:45.0545 6136  secdrv - ok
23:55:45.0561 6136  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
23:55:45.0592 6136  seclogon - ok
23:55:45.0608 6136  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
23:55:45.0639 6136  SENS - ok
23:55:45.0655 6136  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:55:45.0686 6136  SensrSvc - ok
23:55:45.0701 6136  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
23:55:45.0733 6136  Serenum - ok
23:55:45.0733 6136  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:55:45.0764 6136  Serial - ok
23:55:45.0764 6136  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:55:45.0795 6136  sermouse - ok
23:55:45.0811 6136  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
23:55:45.0842 6136  SessionEnv - ok
23:55:45.0842 6136  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
23:55:45.0889 6136  sffdisk - ok
23:55:45.0889 6136  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:55:45.0920 6136  sffp_mmc - ok
23:55:45.0935 6136  [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
23:55:45.0951 6136  sffp_sd - ok
23:55:45.0967 6136  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
23:55:45.0982 6136  sfloppy - ok
23:55:46.0013 6136  [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs          C:\Windows\system32\DRIVERS\Sftfslh.sys
23:55:46.0045 6136  Sftfs - ok
23:55:46.0091 6136  [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist        C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
23:55:46.0107 6136  sftlist - ok
23:55:46.0123 6136  [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay        C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:55:46.0138 6136  Sftplay - ok
23:55:46.0154 6136  [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:55:46.0169 6136  Sftredir - ok
23:55:46.0169 6136  [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
23:55:46.0185 6136  Sftvol - ok
23:55:46.0201 6136  [ A5812F0281CA5081BF696626F9BF324D ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
23:55:46.0216 6136  sftvsa - ok
23:55:46.0232 6136  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:55:46.0263 6136  SharedAccess - ok
23:55:46.0294 6136  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:55:46.0310 6136  ShellHWDetection - ok
23:55:46.0325 6136  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
23:55:46.0341 6136  sisagp - ok
23:55:46.0372 6136  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:55:46.0388 6136  SiSRaid2 - ok
23:55:46.0481 6136  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:55:46.0513 6136  SiSRaid4 - ok
23:55:46.0528 6136  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
23:55:46.0575 6136  Smb - ok
23:55:46.0591 6136  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:55:46.0622 6136  SNMPTRAP - ok
23:55:46.0622 6136  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
23:55:46.0637 6136  spldr - ok
23:55:46.0669 6136  [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler        C:\Windows\System32\spoolsv.exe
23:55:46.0700 6136  Spooler - ok
23:55:46.0762 6136  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:55:46.0825 6136  sppsvc - ok
23:55:46.0840 6136  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
23:55:46.0871 6136  sppuinotify - ok
23:55:46.0903 6136  [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv            C:\Windows\system32\DRIVERS\srv.sys
23:55:46.0949 6136  srv - ok
23:55:46.0949 6136  [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:55:46.0981 6136  srv2 - ok
23:55:46.0996 6136  [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:55:47.0012 6136  srvnet - ok
23:55:47.0043 6136  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
23:55:47.0074 6136  SSDPSRV - ok
23:55:47.0090 6136  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
23:55:47.0121 6136  SstpSvc - ok
23:55:47.0137 6136  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:55:47.0152 6136  stexstor - ok
23:55:47.0183 6136  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
23:55:47.0199 6136  StiSvc - ok
23:55:47.0215 6136  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:55:47.0230 6136  swenum - ok
23:55:47.0246 6136  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
23:55:47.0293 6136  swprv - ok
23:55:47.0308 6136  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain        C:\Windows\system32\sysmain.dll
23:55:47.0339 6136  SysMain - ok
23:55:47.0355 6136  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:55:47.0371 6136  TabletInputService - ok
23:55:47.0402 6136  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv        C:\Windows\System32\tapisrv.dll
23:55:47.0433 6136  TapiSrv - ok
23:55:47.0449 6136  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
23:55:47.0480 6136  TBS - ok
23:55:47.0542 6136  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
23:55:47.0589 6136  Tcpip - ok
23:55:47.0605 6136  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:55:47.0636 6136  TCPIP6 - ok
23:55:47.0667 6136  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:55:47.0683 6136  tcpipreg - ok
23:55:47.0714 6136  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:55:47.0745 6136  TDPIPE - ok
23:55:47.0745 6136  [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
23:55:47.0776 6136  TDTCP - ok
23:55:47.0776 6136  [ CB39E896A2A83702D1737BFD402B3542 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
23:55:47.0823 6136  tdx - ok
23:55:47.0823 6136  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:55:47.0839 6136  TermDD - ok
23:55:47.0870 6136  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService    C:\Windows\System32\termsrv.dll
23:55:47.0917 6136  TermService - ok
23:55:47.0917 6136  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
23:55:47.0932 6136  Themes - ok
23:55:47.0948 6136  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
23:55:47.0963 6136  THREADORDER - ok
23:55:47.0995 6136  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
23:55:48.0026 6136  TrkWks - ok
23:55:48.0073 6136  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:55:48.0104 6136  TrustedInstaller - ok
23:55:48.0119 6136  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:55:48.0151 6136  tssecsrv - ok
23:55:48.0182 6136  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:55:48.0197 6136  tunnel - ok
23:55:48.0213 6136  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:55:48.0229 6136  uagp35 - ok
23:55:48.0244 6136  [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:55:48.0275 6136  udfs - ok
23:55:48.0291 6136  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
23:55:48.0322 6136  UI0Detect - ok
23:55:48.0338 6136  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
23:55:48.0353 6136  uliagpkx - ok
23:55:48.0369 6136  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
23:55:48.0385 6136  umbus - ok
23:55:48.0431 6136  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:55:48.0494 6136  UmPass - ok
23:55:48.0509 6136  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
23:55:48.0572 6136  upnphost - ok
23:55:48.0619 6136  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL        C:\Windows\system32\Drivers\usbaapl.sys
23:55:48.0697 6136  USBAAPL - ok
23:55:48.0712 6136  [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
23:55:48.0743 6136  usbccgp - ok
23:55:48.0775 6136  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
23:55:48.0790 6136  usbcir - ok
23:55:48.0806 6136  [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
23:55:48.0838 6136  usbehci - ok
23:55:48.0854 6136  [ BDCD7156EC37448F08633FD899823620 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:55:48.0869 6136  usbhub - ok
23:55:48.0885 6136  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
23:55:48.0916 6136  usbohci - ok
23:55:48.0947 6136  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:55:48.0963 6136  usbprint - ok
23:55:48.0994 6136  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
23:55:49.0010 6136  usbscan - ok
23:55:49.0010 6136  [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:55:49.0041 6136  USBSTOR - ok
23:55:49.0056 6136  [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
23:55:49.0072 6136  usbuhci - ok
23:55:49.0103 6136  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
23:55:49.0134 6136  UxSms - ok
23:55:49.0150 6136  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc        C:\Windows\system32\lsass.exe
23:55:49.0166 6136  VaultSvc - ok
23:55:49.0181 6136  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
23:55:49.0197 6136  vdrvroot - ok
23:55:49.0212 6136  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds            C:\Windows\System32\vds.exe
23:55:49.0244 6136  vds - ok
23:55:49.0259 6136  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
23:55:49.0275 6136  vga - ok
23:55:49.0290 6136  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
23:55:49.0306 6136  VgaSave - ok
23:55:49.0337 6136  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp          C:\Windows\system32\DRIVERS\vhdmp.sys
23:55:49.0353 6136  vhdmp - ok
23:55:49.0384 6136  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
23:55:49.0384 6136  viaagp - ok
23:55:49.0415 6136  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
23:55:49.0431 6136  ViaC7 - ok
23:55:49.0446 6136  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
23:55:49.0446 6136  viaide - ok
23:55:49.0462 6136  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
23:55:49.0478 6136  volmgr - ok
23:55:49.0493 6136  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
23:55:49.0509 6136  volmgrx - ok
23:55:49.0524 6136  [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap        C:\Windows\system32\drivers\volsnap.sys
23:55:49.0540 6136  volsnap - ok
23:55:49.0571 6136  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
23:55:49.0587 6136  vsmraid - ok
23:55:49.0618 6136  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS            C:\Windows\system32\vssvc.exe
23:55:49.0649 6136  VSS - ok
23:55:49.0665 6136  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:55:49.0680 6136  vwifibus - ok
23:55:49.0696 6136  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:55:49.0712 6136  vwififlt - ok
23:55:49.0727 6136  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
23:55:49.0758 6136  W32Time - ok
23:55:49.0790 6136  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:55:49.0805 6136  WacomPen - ok
23:55:49.0821 6136  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:55:49.0852 6136  WANARP - ok
23:55:49.0852 6136  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:55:49.0883 6136  Wanarpv6 - ok
23:55:49.0914 6136  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
23:55:49.0946 6136  wbengine - ok
23:55:49.0977 6136  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:55:50.0008 6136  WbioSrvc - ok
23:55:50.0024 6136  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
23:55:50.0086 6136  wcncsvc - ok
23:55:50.0102 6136  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:55:50.0148 6136  WcsPlugInService - ok
23:55:50.0164 6136  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:55:50.0195 6136  Wd - ok
23:55:50.0226 6136  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:55:50.0242 6136  Wdf01000 - ok
23:55:50.0258 6136  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:55:50.0289 6136  WdiServiceHost - ok
23:55:50.0289 6136  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
23:55:50.0304 6136  WdiSystemHost - ok
23:55:50.0320 6136  [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient      C:\Windows\System32\webclnt.dll
23:55:50.0398 6136  WebClient - ok
23:55:50.0429 6136  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:55:50.0476 6136  Wecsvc - ok
23:55:50.0492 6136  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
23:55:50.0523 6136  wercplsupport - ok
23:55:50.0554 6136  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:55:50.0570 6136  WerSvc - ok
23:55:50.0601 6136  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:55:50.0632 6136  WfpLwf - ok
23:55:50.0648 6136  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:55:50.0663 6136  WIMMount - ok
23:55:50.0694 6136  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
23:55:50.0757 6136  WinDefend - ok
23:55:50.0757 6136  WinHttpAutoProxySvc - ok
23:55:50.0804 6136  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
23:55:50.0835 6136  Winmgmt - ok
23:55:50.0866 6136  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM          C:\Windows\system32\WsmSvc.dll
23:55:50.0928 6136  WinRM - ok
23:55:50.0975 6136  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:55:50.0991 6136  WinUsb - ok
23:55:51.0022 6136  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
23:55:51.0053 6136  Wlansvc - ok
23:55:51.0116 6136  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:55:51.0147 6136  wlidsvc - ok
23:55:51.0162 6136  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
23:55:51.0194 6136  WmiAcpi - ok
23:55:51.0209 6136  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:55:51.0240 6136  wmiApSrv - ok
23:55:51.0303 6136  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
23:55:51.0365 6136  WMPNetworkSvc - ok
23:55:51.0381 6136  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:55:51.0459 6136  WPCSvc - ok
23:55:51.0474 6136  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:55:51.0521 6136  WPDBusEnum - ok
23:55:51.0552 6136  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
23:55:51.0584 6136  ws2ifsl - ok
23:55:51.0615 6136  [ A661A76333057B383A06E65F0073222F ] wscsvc          C:\Windows\System32\wscsvc.dll
23:55:51.0630 6136  wscsvc - ok
23:55:51.0630 6136  WSearch - ok
23:55:51.0693 6136  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
23:55:51.0740 6136  wuauserv - ok
23:55:51.0771 6136  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:55:51.0802 6136  WudfPf - ok
23:55:51.0818 6136  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:55:51.0849 6136  WUDFRd - ok
23:55:51.0849 6136  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
23:55:51.0880 6136  wudfsvc - ok
23:55:51.0896 6136  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
23:55:51.0942 6136  WwanSvc - ok
23:55:51.0958 6136  ================ Scan global ===============================
23:55:51.0974 6136  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
23:55:52.0020 6136  [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
23:55:52.0020 6136  [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
23:55:52.0052 6136  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:55:52.0067 6136  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:55:52.0067 6136  [Global] - ok
23:55:52.0067 6136  ================ Scan MBR ==================================
23:55:52.0067 6136  [ C79B30CB8852157F6F908E4698CFE0D0 ] \Device\Harddisk0\DR0
23:55:54.0438 6136  \Device\Harddisk0\DR0 - ok
23:55:54.0438 6136  ================ Scan VBR ==================================
23:55:54.0438 6136  [ A96290B5401C2DA5A08BB9471D76D503 ] \Device\Harddisk0\DR0\Partition1
23:55:54.0438 6136  \Device\Harddisk0\DR0\Partition1 - ok
23:55:54.0470 6136  [ 046BBD7303F14EB983A3F0C302651470 ] \Device\Harddisk0\DR0\Partition2
23:55:54.0470 6136  \Device\Harddisk0\DR0\Partition2 - ok
23:55:54.0501 6136  [ 376B50B18DD730F4A63E4B8227F4638C ] \Device\Harddisk0\DR0\Partition3
23:55:54.0516 6136  \Device\Harddisk0\DR0\Partition3 - ok
23:55:54.0516 6136  ============================================================
23:55:54.0516 6136  Scan finished
23:55:54.0516 6136  ============================================================
23:55:54.0532 1376  Detected object count: 1
23:55:54.0532 1376  Actual detected object count: 1
23:56:43.0688 1376  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:56:43.0688 1376  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 23.04.2013 08:42
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

tseb 23.04.2013 18:10
Hier das Ergebnis von Combofix: (zur Info: Kaspersky meldet weiterhin Malware)

Code:
ComboFix 13-04-23.02 - XYZ 23.04.2013  18:13:45.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3071.2063 [GMT 2:00]
ausgeführt von:: c:\users\XYZ\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\XYZ\AppData\Roaming\.#
c:\windows\system32\pt
c:\windows\system32\pt\AuthFWSnapIn.Resources.dll
c:\windows\system32\pt\AuthFWWizFwk.Resources.dll
c:\windows\system32\pt\Narrator.resources.dll
.
Infizierte Kopie von c:\windows\system32\Drivers\atapi.sys wurde gefunden und desinfiziert
Kopie von - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-03-23 bis 2013-04-23  ))))))))))))))))))))))))))))))
.
.
2013-04-23 16:45 . 2013-04-23 16:47        --------        d-----w-        c:\users\XYZ\AppData\Local\temp
2013-04-23 16:45 . 2013-04-23 16:45        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-04-23 16:19 . 2013-04-23 16:19        60872        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C74D8421-5226-4C8F-A84C-72B237622B01}\offreg.dll
2013-04-23 15:51 . 2013-04-10 03:08        6906960        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C74D8421-5226-4C8F-A84C-72B237622B01}\mpengine.dll
2013-04-20 16:41 . 2013-04-20 16:41        --------        d-----w-        c:\programdata\Malwarebytes
2013-04-20 07:51 . 2013-04-20 07:51        0        ----a-w-        c:\windows\system32\sho7DC8.tmp
2013-04-15 05:08 . 2013-04-15 05:08        0        ----a-w-        c:\windows\system32\shoFE19.tmp
2013-04-03 20:30 . 2013-04-03 20:30        --------        d-----w-        c:\users\XYZ\Auto
2013-04-02 06:59 . 2013-04-02 06:59        0        ----a-w-        c:\windows\system32\sho9B45.tmp
2013-03-27 19:25 . 2013-03-27 19:25        0        ----a-w-        c:\windows\system32\sho21B5.tmp
2013-03-26 17:38 . 2013-02-12 13:51        15872        ----a-w-        c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 22:39 . 2013-03-19 22:39        0        ----a-w-        c:\windows\system32\sho89CB.tmp
2013-03-11 23:10 . 2010-06-29 13:41        237088        ------w-        c:\windows\system32\MpSigStub.exe
2013-03-10 16:12 . 2013-03-10 16:12        0        ----a-w-        c:\windows\system32\sho2626.tmp
2013-03-09 09:36 . 2013-03-09 09:36        0        ----a-w-        c:\windows\system32\shoDE3F.tmp
2013-02-24 22:09 . 2013-02-24 22:09        0        ----a-w-        c:\windows\system32\sho9BB5.tmp
2013-02-24 17:13 . 2013-02-24 17:13        0        ----a-w-        c:\windows\system32\sho9F6A.tmp
2013-02-17 22:35 . 2013-02-17 22:35        0        ----a-w-        c:\windows\system32\sho6165.tmp
2013-02-17 02:19 . 2013-02-17 02:19        0        ----a-w-        c:\windows\system32\shoD685.tmp
2013-02-16 09:42 . 2013-02-16 09:42        0        ----a-w-        c:\windows\system32\sho2990.tmp
2013-02-15 23:23 . 2013-02-15 23:23        0        ----a-w-        c:\windows\system32\sho142C.tmp
2013-02-14 22:06 . 2013-02-14 22:06        0        ----a-w-        c:\windows\system32\shoFE30.tmp
2013-02-06 22:19 . 2013-02-06 22:19        0        ----a-w-        c:\windows\system32\sho341F.tmp
2013-02-03 23:15 . 2013-02-03 23:15        0        ----a-w-        c:\windows\system32\sho2513.tmp
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-09-10 502088]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2012-09-10 07:05        502088        ----a-w-        c:\users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-03-18 12:50        154728        ----a-w-        c:\programdata\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-09-10 502088]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}"= "c:\users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-09-10 502088]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-21 39408]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-03-01 119608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-30 206448]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-02-23 1297728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 19:17        1642448        ----a-w-        c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 20:13]
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 20:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE Toolbar IE8\uitb.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
SafeBoot-BsScanner
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\Ribbons.scr
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-23  18:51:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-04-23 16:51
.
Vor Suchlauf: 5 Verzeichnis(se), 862.061.498.368 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 862.553.575.424 Bytes frei
.
- - End Of File - - 9EA20B8E18B76BC60DCD1DD3C64ECBAB

cosinus 23.04.2013 23:10
Zitat:
(zur Info: Kaspersky meldet weiterhin Malware)
Ja das ist eine tolle Info in aller Ausführlichkeit! Wo bitte meldet Kaspersky was?

tseb 24.04.2013 22:27
Liste der Anhänge anzeigen (Anzahl: 2)
Kaspersky meldete weiterhin den "HEUR:Exploit.Java.CVE-2012-0507.gen" unter "erkannte Bedrohungen". Ich habe eben (leider versehentlich) auf "Verarbeiten" gedrückt. Jetzt blendet Kaspersky die Malware zumindest nicht mehr ein, d.h. folgendes wird angezeigt: "Bedrohungen: nicht vorhanden".

Unter dem Punkt erkannte Bedrohungen wird der "Exploit.Java.CVE-2012-0507.gen" aufgelistet mit dem Status "Nicht gefunden" vom 24.04. um 23:07 Uhr.

Ist die Sache damit erledigt/gelöscht?? siehe Anhang

cosinus 24.04.2013 23:31
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

tseb 25.04.2013 21:53
1) JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Home Premium x86
Ran by XYZ on 25.04.2013 at 21:49:25,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] application updater
Successfully deleted: [Service] application updater
Successfully stopped: [Service] icq service
Successfully deleted: [Service] icq service



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\icq service.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}



~~~ Files

Successfully deleted: [File] C:\Windows\system32\sho1026.tmp
Successfully deleted: [File] C:\Windows\system32\sho1055.tmp
Successfully deleted: [File] C:\Windows\system32\sho11CE.tmp
Successfully deleted: [File] C:\Windows\system32\sho1355.tmp
Successfully deleted: [File] C:\Windows\system32\sho142C.tmp
Successfully deleted: [File] C:\Windows\system32\sho1989.tmp
Successfully deleted: [File] C:\Windows\system32\sho19AB.tmp
Successfully deleted: [File] C:\Windows\system32\sho1A6A.tmp
Successfully deleted: [File] C:\Windows\system32\sho1CD5.tmp
Successfully deleted: [File] C:\Windows\system32\sho1D21.tmp
Successfully deleted: [File] C:\Windows\system32\sho1EB9.tmp
Successfully deleted: [File] C:\Windows\system32\sho1F56.tmp
Successfully deleted: [File] C:\Windows\system32\sho2013.tmp
Successfully deleted: [File] C:\Windows\system32\sho2033.tmp
Successfully deleted: [File] C:\Windows\system32\sho21B5.tmp
Successfully deleted: [File] C:\Windows\system32\sho228E.tmp
Successfully deleted: [File] C:\Windows\system32\sho2513.tmp
Successfully deleted: [File] C:\Windows\system32\sho2626.tmp
Successfully deleted: [File] C:\Windows\system32\sho281B.tmp
Successfully deleted: [File] C:\Windows\system32\sho2868.tmp
Successfully deleted: [File] C:\Windows\system32\sho28C.tmp
Successfully deleted: [File] C:\Windows\system32\sho2933.tmp
Successfully deleted: [File] C:\Windows\system32\sho2990.tmp
Successfully deleted: [File] C:\Windows\system32\sho2BA3.tmp
Successfully deleted: [File] C:\Windows\system32\sho2C8E.tmp
Successfully deleted: [File] C:\Windows\system32\sho2CAB.tmp
Successfully deleted: [File] C:\Windows\system32\sho2CD4.tmp
Successfully deleted: [File] C:\Windows\system32\sho2EE1.tmp
Successfully deleted: [File] C:\Windows\system32\sho2EEF.tmp
Successfully deleted: [File] C:\Windows\system32\sho2F88.tmp
Successfully deleted: [File] C:\Windows\system32\sho3006.tmp
Successfully deleted: [File] C:\Windows\system32\sho3121.tmp
Successfully deleted: [File] C:\Windows\system32\sho31CC.tmp
Successfully deleted: [File] C:\Windows\system32\sho3284.tmp
Successfully deleted: [File] C:\Windows\system32\sho3350.tmp
Successfully deleted: [File] C:\Windows\system32\sho33D.tmp
Successfully deleted: [File] C:\Windows\system32\sho341F.tmp
Successfully deleted: [File] C:\Windows\system32\sho347D.tmp
Successfully deleted: [File] C:\Windows\system32\sho34B9.tmp
Successfully deleted: [File] C:\Windows\system32\sho35A2.tmp
Successfully deleted: [File] C:\Windows\system32\sho35FE.tmp
Successfully deleted: [File] C:\Windows\system32\sho37C2.tmp
Successfully deleted: [File] C:\Windows\system32\sho3B12.tmp
Successfully deleted: [File] C:\Windows\system32\sho3C48.tmp
Successfully deleted: [File] C:\Windows\system32\sho3DAD.tmp
Successfully deleted: [File] C:\Windows\system32\sho3E8B.tmp
Successfully deleted: [File] C:\Windows\system32\sho3F43.tmp
Successfully deleted: [File] C:\Windows\system32\sho3FCC.tmp
Successfully deleted: [File] C:\Windows\system32\sho41F4.tmp
Successfully deleted: [File] C:\Windows\system32\sho420E.tmp
Successfully deleted: [File] C:\Windows\system32\sho425E.tmp
Successfully deleted: [File] C:\Windows\system32\sho426E.tmp
Successfully deleted: [File] C:\Windows\system32\sho42BA.tmp
Successfully deleted: [File] C:\Windows\system32\sho43E4.tmp
Successfully deleted: [File] C:\Windows\system32\sho4435.tmp
Successfully deleted: [File] C:\Windows\system32\sho455A.tmp
Successfully deleted: [File] C:\Windows\system32\sho470D.tmp
Successfully deleted: [File] C:\Windows\system32\sho47EF.tmp
Successfully deleted: [File] C:\Windows\system32\sho49EB.tmp
Successfully deleted: [File] C:\Windows\system32\sho49FE.tmp
Successfully deleted: [File] C:\Windows\system32\sho4CE2.tmp
Successfully deleted: [File] C:\Windows\system32\sho4D0B.tmp
Successfully deleted: [File] C:\Windows\system32\sho4D4E.tmp
Successfully deleted: [File] C:\Windows\system32\sho4D74.tmp
Successfully deleted: [File] C:\Windows\system32\sho4D7A.tmp
Successfully deleted: [File] C:\Windows\system32\sho4E01.tmp
Successfully deleted: [File] C:\Windows\system32\sho4EBC.tmp
Successfully deleted: [File] C:\Windows\system32\sho4F15.tmp
Successfully deleted: [File] C:\Windows\system32\sho502A.tmp
Successfully deleted: [File] C:\Windows\system32\sho5229.tmp
Successfully deleted: [File] C:\Windows\system32\sho5302.tmp
Successfully deleted: [File] C:\Windows\system32\sho5488.tmp
Successfully deleted: [File] C:\Windows\system32\sho54B4.tmp
Successfully deleted: [File] C:\Windows\system32\sho54D9.tmp
Successfully deleted: [File] C:\Windows\system32\sho5688.tmp
Successfully deleted: [File] C:\Windows\system32\sho56E8.tmp
Successfully deleted: [File] C:\Windows\system32\sho58AA.tmp
Successfully deleted: [File] C:\Windows\system32\sho58B4.tmp
Successfully deleted: [File] C:\Windows\system32\sho5B8E.tmp
Successfully deleted: [File] C:\Windows\system32\sho5CB3.tmp
Successfully deleted: [File] C:\Windows\system32\sho5E38.tmp
Successfully deleted: [File] C:\Windows\system32\sho5EF9.tmp
Successfully deleted: [File] C:\Windows\system32\sho6165.tmp
Successfully deleted: [File] C:\Windows\system32\sho6181.tmp
Successfully deleted: [File] C:\Windows\system32\sho61E1.tmp
Successfully deleted: [File] C:\Windows\system32\sho62FC.tmp
Successfully deleted: [File] C:\Windows\system32\sho63E3.tmp
Successfully deleted: [File] C:\Windows\system32\sho65A9.tmp
Successfully deleted: [File] C:\Windows\system32\sho65F3.tmp
Successfully deleted: [File] C:\Windows\system32\sho6807.tmp
Successfully deleted: [File] C:\Windows\system32\sho6B60.tmp
Successfully deleted: [File] C:\Windows\system32\sho6C99.tmp
Successfully deleted: [File] C:\Windows\system32\sho6D0B.tmp
Successfully deleted: [File] C:\Windows\system32\sho70EC.tmp
Successfully deleted: [File] C:\Windows\system32\sho7298.tmp
Successfully deleted: [File] C:\Windows\system32\sho730F.tmp
Successfully deleted: [File] C:\Windows\system32\sho7409.tmp
Successfully deleted: [File] C:\Windows\system32\sho7455.tmp
Successfully deleted: [File] C:\Windows\system32\sho75EC.tmp
Successfully deleted: [File] C:\Windows\system32\sho76E5.tmp
Successfully deleted: [File] C:\Windows\system32\sho7846.tmp
Successfully deleted: [File] C:\Windows\system32\sho7899.tmp
Successfully deleted: [File] C:\Windows\system32\sho7926.tmp
Successfully deleted: [File] C:\Windows\system32\sho7A10.tmp
Successfully deleted: [File] C:\Windows\system32\sho7ADA.tmp
Successfully deleted: [File] C:\Windows\system32\sho7BA5.tmp
Successfully deleted: [File] C:\Windows\system32\sho7BB6.tmp
Successfully deleted: [File] C:\Windows\system32\sho7DC8.tmp
Successfully deleted: [File] C:\Windows\system32\sho7DD7.tmp
Successfully deleted: [File] C:\Windows\system32\sho7F14.tmp
Successfully deleted: [File] C:\Windows\system32\sho7F41.tmp
Successfully deleted: [File] C:\Windows\system32\sho807A.tmp
Successfully deleted: [File] C:\Windows\system32\sho8190.tmp
Successfully deleted: [File] C:\Windows\system32\sho8395.tmp
Successfully deleted: [File] C:\Windows\system32\sho83C0.tmp
Successfully deleted: [File] C:\Windows\system32\sho841D.tmp
Successfully deleted: [File] C:\Windows\system32\sho888.tmp
Successfully deleted: [File] C:\Windows\system32\sho89CB.tmp
Successfully deleted: [File] C:\Windows\system32\sho8A94.tmp
Successfully deleted: [File] C:\Windows\system32\sho8C38.tmp
Successfully deleted: [File] C:\Windows\system32\sho8D23.tmp
Successfully deleted: [File] C:\Windows\system32\sho8E12.tmp
Successfully deleted: [File] C:\Windows\system32\sho8E1C.tmp
Successfully deleted: [File] C:\Windows\system32\sho8E7C.tmp
Successfully deleted: [File] C:\Windows\system32\sho912A.tmp
Successfully deleted: [File] C:\Windows\system32\sho9221.tmp
Successfully deleted: [File] C:\Windows\system32\sho9300.tmp
Successfully deleted: [File] C:\Windows\system32\sho9392.tmp
Successfully deleted: [File] C:\Windows\system32\sho968A.tmp
Successfully deleted: [File] C:\Windows\system32\sho96F7.tmp
Successfully deleted: [File] C:\Windows\system32\sho9730.tmp
Successfully deleted: [File] C:\Windows\system32\sho986A.tmp
Successfully deleted: [File] C:\Windows\system32\sho9B45.tmp
Successfully deleted: [File] C:\Windows\system32\sho9B84.tmp
Successfully deleted: [File] C:\Windows\system32\sho9BB5.tmp
Successfully deleted: [File] C:\Windows\system32\sho9C81.tmp
Successfully deleted: [File] C:\Windows\system32\sho9CD0.tmp
Successfully deleted: [File] C:\Windows\system32\sho9D6A.tmp
Successfully deleted: [File] C:\Windows\system32\sho9DB5.tmp
Successfully deleted: [File] C:\Windows\system32\sho9E91.tmp
Successfully deleted: [File] C:\Windows\system32\sho9EB3.tmp
Successfully deleted: [File] C:\Windows\system32\sho9F6A.tmp
Successfully deleted: [File] C:\Windows\system32\shoA150.tmp
Successfully deleted: [File] C:\Windows\system32\shoA20.tmp
Successfully deleted: [File] C:\Windows\system32\shoA549.tmp
Successfully deleted: [File] C:\Windows\system32\shoA592.tmp
Successfully deleted: [File] C:\Windows\system32\shoA6F9.tmp
Successfully deleted: [File] C:\Windows\system32\shoA8DB.tmp
Successfully deleted: [File] C:\Windows\system32\shoAB7F.tmp
Successfully deleted: [File] C:\Windows\system32\shoAD01.tmp
Successfully deleted: [File] C:\Windows\system32\shoB22D.tmp
Successfully deleted: [File] C:\Windows\system32\shoB280.tmp
Successfully deleted: [File] C:\Windows\system32\shoB3C9.tmp
Successfully deleted: [File] C:\Windows\system32\shoB7F9.tmp
Successfully deleted: [File] C:\Windows\system32\shoB8A7.tmp
Successfully deleted: [File] C:\Windows\system32\shoB9B3.tmp
Successfully deleted: [File] C:\Windows\system32\shoBA5D.tmp
Successfully deleted: [File] C:\Windows\system32\shoBBD6.tmp
Successfully deleted: [File] C:\Windows\system32\shoBE30.tmp
Successfully deleted: [File] C:\Windows\system32\shoC18A.tmp
Successfully deleted: [File] C:\Windows\system32\shoC2D2.tmp
Successfully deleted: [File] C:\Windows\system32\shoC3EB.tmp
Successfully deleted: [File] C:\Windows\system32\shoC468.tmp
Successfully deleted: [File] C:\Windows\system32\shoC65F.tmp
Successfully deleted: [File] C:\Windows\system32\shoC6B8.tmp
Successfully deleted: [File] C:\Windows\system32\shoC800.tmp
Successfully deleted: [File] C:\Windows\system32\shoC88F.tmp
Successfully deleted: [File] C:\Windows\system32\shoC94B.tmp
Successfully deleted: [File] C:\Windows\system32\shoC9E3.tmp
Successfully deleted: [File] C:\Windows\system32\shoCABF.tmp
Successfully deleted: [File] C:\Windows\system32\shoCB3B.tmp
Successfully deleted: [File] C:\Windows\system32\shoCC69.tmp
Successfully deleted: [File] C:\Windows\system32\shoCCD9.tmp
Successfully deleted: [File] C:\Windows\system32\shoCD04.tmp
Successfully deleted: [File] C:\Windows\system32\shoCD5F.tmp
Successfully deleted: [File] C:\Windows\system32\shoCF83.tmp
Successfully deleted: [File] C:\Windows\system32\shoD1B7.tmp
Successfully deleted: [File] C:\Windows\system32\shoD58B.tmp
Successfully deleted: [File] C:\Windows\system32\shoD5C9.tmp
Successfully deleted: [File] C:\Windows\system32\shoD685.tmp
Successfully deleted: [File] C:\Windows\system32\shoD6C0.tmp
Successfully deleted: [File] C:\Windows\system32\shoDB51.tmp
Successfully deleted: [File] C:\Windows\system32\shoDC4B.tmp
Successfully deleted: [File] C:\Windows\system32\shoDCB9.tmp
Successfully deleted: [File] C:\Windows\system32\shoDD46.tmp
Successfully deleted: [File] C:\Windows\system32\shoDD75.tmp
Successfully deleted: [File] C:\Windows\system32\shoDE3F.tmp
Successfully deleted: [File] C:\Windows\system32\shoDE47.tmp
Successfully deleted: [File] C:\Windows\system32\shoE065.tmp
Successfully deleted: [File] C:\Windows\system32\shoE3C9.tmp
Successfully deleted: [File] C:\Windows\system32\shoE42A.tmp
Successfully deleted: [File] C:\Windows\system32\shoE43D.tmp
Successfully deleted: [File] C:\Windows\system32\shoE61.tmp
Successfully deleted: [File] C:\Windows\system32\shoE63C.tmp
Successfully deleted: [File] C:\Windows\system32\shoE677.tmp
Successfully deleted: [File] C:\Windows\system32\shoE708.tmp
Successfully deleted: [File] C:\Windows\system32\shoE70B.tmp
Successfully deleted: [File] C:\Windows\system32\shoE883.tmp
Successfully deleted: [File] C:\Windows\system32\shoEA12.tmp
Successfully deleted: [File] C:\Windows\system32\shoEB2B.tmp
Successfully deleted: [File] C:\Windows\system32\shoEF8F.tmp
Successfully deleted: [File] C:\Windows\system32\shoEFBB.tmp
Successfully deleted: [File] C:\Windows\system32\shoF508.tmp
Successfully deleted: [File] C:\Windows\system32\shoF660.tmp
Successfully deleted: [File] C:\Windows\system32\shoF70B.tmp
Successfully deleted: [File] C:\Windows\system32\shoF7DE.tmp
Successfully deleted: [File] C:\Windows\system32\shoF8E1.tmp
Successfully deleted: [File] C:\Windows\system32\shoF93F.tmp
Successfully deleted: [File] C:\Windows\system32\shoFB25.tmp
Successfully deleted: [File] C:\Windows\system32\shoFD64.tmp
Successfully deleted: [File] C:\Windows\system32\shoFE19.tmp
Successfully deleted: [File] C:\Windows\system32\shoFE30.tmp
Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\XYZ\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\XYZ\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\XYZ\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\XYZ\appdata\locallow\pdfforge"
Successfully deleted: [Folder] "C:\Users\XYZ\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files\application updater"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files\pdfforge toolbar"
Failed to delete: [Folder] "C:\Program Files\Common Files\spigot"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.04.2013 at 21:51:46,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2)adwCleaner:
Code:
# AdwCleaner v2.202 - Datei am 25/04/2013 um 21:57:52 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (32 bits)
# Benutzer : XYZ - XYZ
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\XYZ\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Common Files\spigot
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmartBar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{63BEF061-5EFC-4753-9806-ED0573BC7C4B}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE7785D6-045F-44FB-A1E4-3FA555874415}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.17267

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\XYZ\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2826 octets] - [25/04/2013 21:57:52]

########## EOF - C:\AdwCleaner[S1].txt - [2886 octets] ##########
3)OTL:

OTL.Txt Editor

Code:
OTL logfile created on: 4/25/2013 10:06:26 PM - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\XYZ\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.70% Memory free
6.00 Gb Paging File | 4.54 Gb Available in Paging File | 75.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890.41 Gb Total Space | 803.33 Gb Free Space | 90.22% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
 
Computer Name: XYZ | User Name: XYZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XYZ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\~1\AppData\Local\Temp\catchme.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                          )
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{432C657B-AB37-491E-8C53-C4B369D39B1B}: "URL" = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{4D3A3268-0704-4E74-8AF4-A180761461D7}: "URL" = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE415
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{A291A10C-3FC2-4308-A71D-A28B9849B72A}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{C31C8515-CC6B-4FA7-B621-A7AA4DE7497E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{FC3A14B0-228A-4D08-988E-AEBAC666BE78}: "URL" = hxxp://go.mail.com/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/21 19:05:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/01/21 19:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/01/21 22:13:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\toolbar@web.de: C:\Program Files\WEB.DE Toolbar IE8\Firefox\WEBDE_toolbar [2011/03/30 12:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/30 18:47:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/10/30 18:47:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/10/30 18:47:57 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2013/04/23 18:47:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB_DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1463205399-554048611-282685520-1000..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1463205399-554048611-282685520-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1463205399-554048611-282685520-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C7E6CD9-BDFA-4788-AA0F-146DE9693532}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF3F26A8-CAA2-45C6-9B8B-7AC9D5B5A0FF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/25 21:49:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/25 21:49:11 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/25 21:47:45 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\XYZ\Desktop\JRT.exe
[2013/04/23 18:52:00 | 000,000,000 | ---D | C] -- C:\Users\XYZ\AppData\Local\temp
[2013/04/23 18:47:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/04/23 18:45:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/23 18:11:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/23 18:11:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/23 18:11:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/23 18:11:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/04/23 18:11:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/23 18:11:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/23 18:08:32 | 005,059,674 | R--- | C] (Swearware) -- C:\Users\XYZ\Desktop\ComboFix.exe
[2013/04/20 23:08:00 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\XYZ\Desktop\tdsskiller.exe
[2013/04/20 22:42:26 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\XYZ\Desktop\aswMBR.exe
[2013/04/20 18:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/20 18:40:53 | 000,000,000 | ---D | C] -- C:\Users\XYZ\Desktop\mbar-1.05.0.1001
[2013/04/18 22:14:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XYZ\Desktop\OTL.exe
[2013/04/10 18:28:28 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/04/10 18:28:25 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/04/10 18:28:25 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/04/10 18:28:24 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/04/10 18:28:20 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013/04/10 18:28:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013/04/10 18:28:10 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/10 18:28:10 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/04/10 18:28:09 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/04/10 18:28:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/04/10 18:28:09 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/04/10 18:28:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/10 18:28:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/10 18:28:08 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/10 18:28:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/04/10 18:28:08 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/10 18:28:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/04/10 18:28:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/04/04 10:07:59 | 000,000,000 | R--D | C] -- C:\Users\XYZ\Desktop
[2013/04/03 22:30:35 | 000,000,000 | ---D | C] -- C:\Users\XYZ\Auto
[2013/03/28 21:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Becker Content Manager
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/25 22:08:04 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/25 22:08:04 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/25 21:59:47 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/25 21:59:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/25 21:59:24 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/25 21:56:22 | 000,619,461 | ---- | M] () -- C:\Users\XYZ\Desktop\adwcleaner.exe
[2013/04/25 21:47:58 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\XYZ\Desktop\JRT.exe
[2013/04/25 21:17:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/24 23:25:25 | 000,048,481 | ---- | M] () -- C:\Users\XYZ\Desktop\24.04.2.png
[2013/04/24 23:24:21 | 000,092,474 | ---- | M] () -- C:\Users\XYZ\Desktop\24.04..png
[2013/04/23 18:47:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/23 18:08:39 | 005,059,674 | R--- | M] (Swearware) -- C:\Users\XYZ\Desktop\ComboFix.exe
[2013/04/22 23:08:01 | 000,000,512 | ---- | M] () -- C:\Users\XYZ\Desktop\MBR.dat
[2013/04/20 23:08:05 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\XYZ\Desktop\tdsskiller.exe
[2013/04/20 22:42:30 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\XYZ\Desktop\aswMBR.exe
[2013/04/19 22:31:56 | 012,917,756 | ---- | M] () -- C:\Users\XYZ\Desktop\mbar-1.05.0.1001.zip
[2013/04/19 21:34:39 | 000,377,856 | ---- | M] () -- C:\Users\XYZ\Desktop\gmer_2.1.19163.exe
[2013/04/18 22:14:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XYZ\Desktop\OTL.exe
[2013/04/11 23:25:54 | 000,693,922 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2013/04/11 23:25:54 | 000,691,660 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013/04/11 23:25:54 | 000,690,194 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013/04/11 23:25:54 | 000,689,576 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2013/04/11 23:25:54 | 000,679,810 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2013/04/11 23:25:54 | 000,654,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/04/11 23:25:54 | 000,632,648 | ---- | M] () -- C:\Windows\System32\perfh00E.dat
[2013/04/11 23:25:54 | 000,616,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/11 23:25:54 | 000,610,670 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2013/04/11 23:25:54 | 000,148,520 | ---- | M] () -- C:\Windows\System32\perfc00E.dat
[2013/04/11 23:25:54 | 000,137,272 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2013/04/11 23:25:54 | 000,135,050 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013/04/11 23:25:54 | 000,133,962 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2013/04/11 23:25:54 | 000,133,150 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013/04/11 23:25:54 | 000,130,208 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/04/11 23:25:54 | 000,127,354 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2013/04/11 23:25:54 | 000,121,736 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2013/04/11 23:25:54 | 000,106,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/10 20:44:17 | 000,368,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/04 00:49:24 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat
[2013/03/28 21:50:07 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Becker Content Manager.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/25 21:56:13 | 000,619,461 | ---- | C] () -- C:\Users\XYZ\Desktop\adwcleaner.exe
[2013/04/24 23:25:25 | 000,048,481 | ---- | C] () -- C:\Users\XYZ\Desktop\24.04.2.png
[2013/04/24 23:24:21 | 000,092,474 | ---- | C] () -- C:\Users\XYZ\Desktop\24.04..png
[2013/04/23 18:11:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/23 18:11:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/23 18:11:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/23 18:11:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/23 18:11:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/22 23:08:01 | 000,000,512 | ---- | C] () -- C:\Users\XYZ\Desktop\MBR.dat
[2013/04/19 22:31:47 | 012,917,756 | ---- | C] () -- C:\Users\XYZ\Desktop\mbar-1.05.0.1001.zip
[2013/04/19 21:34:37 | 000,377,856 | ---- | C] () -- C:\Users\XYZ\Desktop\gmer_2.1.19163.exe
[2013/04/04 00:49:24 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2013/03/28 21:50:07 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Becker Content Manager.lnk
[2012/04/14 22:22:34 | 000,000,288 | ---- | C] () -- C:\Users\XYZ\AppData\Roaming\.backup.dm
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Techno Kit
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tables
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\Users\XYZ\AppData\Roaming\System Image Utility
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\Users\XYZ\AppData\Roaming\Synth Textures
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\Users\XYZ\AppData\Roaming\Synth Pads
[2012/03/18 18:02:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/03/18 18:02:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/03/18 18:02:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Vocal Transformer
[2012/03/18 18:02:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\User Pictures
[2012/03/18 18:02:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\URLs
[2012/03/18 18:02:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/01/14 19:53:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012/01/07 23:15:01 | 000,004,096 | -H-- | C] () -- C:\Users\XYZ\AppData\Local\keyfile3.drm
[2011/12/27 22:33:11 | 000,017,408 | ---- | C] () -- C:\Users\XYZ\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Extras.Txt Editor
Code:
OTL Extras logfile created on: 4/25/2013 10:06:26 PM - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\XYZ\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.70% Memory free
6.00 Gb Paging File | 4.54 Gb Available in Paging File | 75.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890.41 Gb Total Space | 803.33 Gb Free Space | 90.22% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
 
Computer Name: XYZ | User Name: XYZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B74180-D76A-4C8F-A6F6-3103E109E941}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07646CDD-4BD2-4800-94BF-8D1DDF9C754B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C96CB0D-2A7A-4A88-AFE0-BA38E61B4FE9}" = rport=445 | protocol=6 | dir=out | app=system |
"{1310D265-A30C-4FCE-9A40-94039462C0CD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1ABA908A-78FE-4717-8768-7E751053645B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BCF41E0-8F66-4F4A-A7C7-ABA7FB11B270}" = rport=138 | protocol=17 | dir=out | app=system |
"{30FCB229-31D0-4705-AD07-8B7E61490568}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5787F921-5431-4BA2-A3E2-0FAD3C661A8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D2B11F8-A097-4992-A229-DC6AA51A9A22}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73BC6293-9162-4966-82B4-3042E2D74DEB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7714FED0-79FC-4D57-B4DD-B98B4A1A9DC6}" = lport=139 | protocol=6 | dir=in | app=system |
"{7B3AE9FE-3D74-4F90-B772-FF9ABF0FC216}" = lport=138 | protocol=17 | dir=in | app=system |
"{8C1A9568-F520-4BBC-AB24-8B809B571F84}" = lport=445 | protocol=6 | dir=in | app=system |
"{93D50508-69FE-4C5E-B532-0C511EB50E75}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9ACDED70-11A1-4D4C-8ECD-A482449B92AA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0CC27A7-9A11-4826-925A-6F85F9A33CAF}" = rport=139 | protocol=6 | dir=out | app=system |
"{A15040A5-2E7D-47D3-B496-55133D56F708}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A35DC2EA-9E0D-4F08-8681-48AD467A2981}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF10D220-3861-4641-BCDB-ACFA81EDF20A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3F7F406-992C-4FD0-B448-970A8BAABB26}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D964598F-3CD9-4F7E-BB08-767C59DCB4A4}" = rport=137 | protocol=17 | dir=out | app=system |
"{DE2E95B6-C0E2-4763-9E92-2496398CEE48}" = lport=137 | protocol=17 | dir=in | app=system |
"{DFEABD30-BFC3-4CCE-A191-7C4D90990D82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F66BCFBD-B2E1-443A-AE50-D696DE926991}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC471ED0-36BF-403A-98C6-924DDDA231A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053BC0F2-836E-4A84-B8F6-7A6A083BE34E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{056F4C23-7EB4-468C-AD6E-11CD8DCEE687}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{087EFD99-E62A-4F9F-84EA-5F639E1BA320}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0972544F-A9EF-4820-A959-BC5652A47D61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B5B3474-02D5-41FB-8BE7-1A00B93CB5BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0DD76F02-0CB6-4CEE-965F-16849E1338F5}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{18D5E152-030D-433B-8459-F85965F86922}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1E8312E3-AD9C-4571-81CA-096E569236F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{26B4EB06-280F-4994-B6CC-B3DA46B68444}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{2B14787F-8F01-49ED-9062-8067830607BF}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{2F1F19AA-2CC0-4CF2-A561-4F7E64587125}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{34307912-13DA-47F9-84BD-EEFC76C89661}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4342EE36-DF66-48A8-BF20-4E7C975ADC6F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{47113460-FF6D-44AB-A9F0-8CD28615B7DC}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{57B951B6-CC36-4F94-9D41-52F345B58648}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5BC15063-A98C-42EF-8687-F2C22B1E6D91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BFE8A42-CCD1-4057-8B4D-DF256BE8C2FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6F2811AE-0F27-4702-9F6F-3C9333937DD9}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{6F71CB98-89D4-4E4D-B6A8-18EB3F758F9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{708A2176-7AFC-4F3E-8458-55C8DF4B08F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9BF3B4EF-16AF-4778-874A-5D57E96D710B}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{9D9FCCDC-E783-484A-B2CE-DBF502633089}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1AC82B1-4E9F-49D1-896E-27467F231803}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A60207D4-5143-47B2-BEB6-1CD7EC4F8017}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{AFE24910-1896-442A-A6D7-335F4C877CB1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B5197E2F-C93E-449B-A3FB-0C37728F25F8}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{BAF72E62-8F83-4521-9CC8-5D5DEB333F70}" = protocol=6 | dir=out | app=system |
"{C1EF6C8D-FC59-418B-95FE-4931E86AC009}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C687FEEC-0745-40B9-81DB-A81853269CF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D0CAABE8-6F10-45E2-95D6-6EB995F26B48}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{DC23138F-AB29-4B58-BCCD-F6B2B4D8BD89}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{F9063565-9DE5-418F-986D-848F6E68A389}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD006F46-67D8-44BB-986F-3772F16FD129}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28F11027-A8BC-44D3-A59A-CA018ED73E8C}" = Compact&Easy
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80D847BF-3610-4BE4-9F05-970BADEADB9A}" = Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CA7DA5E-B8BD-4E9F-A6F2-BAF53D503498}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{EB788378-C27A-468F-BEAC-00C123D216E6}" = WEB.DE Toolbar MSVC90 CRT
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Becker Content Manager" = Becker Content Manager 5.20.1008
"Content Manager 2" = Content Manager 2
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zattoo4" = Zattoo4 4.0.5
 
< End of report >

cosinus 25.04.2013 22:47
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


tseb 27.04.2013 08:39
1) Malwarebytes:

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.26.06

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
XYZ ::  [Administrator]

Schutz: Aktiviert

26.04.2013 21:24:52
mbam-log-2013-04-26 (21-24-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 218399
Laufzeit: 5 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
2) ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=97566b85c998994f9227d39fe72ff241
# engine=13707
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-27 12:46:24
# local_time=2013-04-27 02:46:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1285 16777213 100 100 21090 63671496 0 0
# compatibility_mode=5893 16776573 100 94 20684 118654775 0 0
# scanned=644368
# found=0
# cleaned=0
# scan_time=18588
Achso, was mir in der letzten Zeit noch am PC aufgefallen ist, ich weiß nicht ob es mit dieser Sache in Zusammenhang steht:

Wenn ich im Internet Explorer unter Sicherheit -> Browserverlauf löschen den Verlauf und evtl. gespeicherte Kennwörter löschen will, kommt zwar dieses Fenster "Browserverlauf löschen" und der grüne Balken bewegt sich und arbeitet und arbeitet und kommt einfach nie zum Ende, bleibt aber auch nicht hängen? Läuft schon über eine Stunde so. Ich glaube ich habe an den einzelnen Häkchen mal was verändert, ob das der Grund ist?

Folgende Auswahl gibt es ja:

- Bevorzugte Websiten beibehalten
- Temporäre Internetdateien (Haken ist gesetzt)
- Cookies (Haken ist gesetzt)
- Verlauf (Haken ist gesetzt)
- Formulardaten (Haken ist gesetzt)
- Kennwörter (Haken ist gesetzt)
- In-Private Filterungsdaten

Wie lange darf sowas dauern? Warum funktioniert das nicht mehr?

cosinus 27.04.2013 16:56
Zitat:
Wie lange darf sowas dauern? Warum funktioniert das nicht mehr?
Wie lange sowas dauern kann ist nicht zu beantworten, das dauert auf jedem Rechner unterschiedlich lange und warum der IE das nicht mehr machen ist bei dieser Infolage etwas :glaskugel:

Allerdings frage ich mich, warum du noch den IE8 drin hast, wir sind bei den Betriebssystemen Windows7 und Windows8 bei IE10! Und das SP1 für Windows7 hast du auch nicht installiert!

Warum? Hast du die Updates ausgestellt? :confused:

tseb 27.04.2013 17:27
Welche Infos benötigst du denn?

Von wo installiert man den IE 10 denn am besten? Hier?: hxxp://windows.microsoft.com/de-DE/internet-explorer/downloads/ie-10/worldwide-languages

Welche Version denn? SP1 64 bit? Damit habe ich gleichzeitig IE10 und das von dir angesprochene SP1 oder wie?

Wo kann ich die automatischen Updates einstellen?

Zur Ursprungsfrage zurück: Wie sieht es denn jetzt mit dem "Trojaner" HEUR:Exploit.Java.CVE-2012-0507.gen aus? Kann ich die ganzen Scanner auf meinem Rechner wieder löschen? Was meinst du?

cosinus 27.04.2013 17:44
Hast du noch nie was von Windows-Update gehört?! :wtf:
Mehr dazu später

Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

tseb 27.04.2013 17:50
Zitat:
Zitat von cosinus (Beitrag 1053149)
Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
Ja also soweit ich es halt einschätzen kann schon. Soll ich mal mit meinem Kaspersky eine Komplettuntersuchung des PC machen? Auf diese Weise ist ja die Malware HEUR:Exploit.Java.CVE-2012-0507.gen neulich gefunden worden, d.h. für mich als Laien dürfte Kaspersky bei einer komplettuntersuchung nicht mehr anschlagen oder?

Was für mich wichtig zu wissen wäre aufgrund meines vollen Desktops: Kann ich die ganzen Scanner von dir wieder löschen?

cosinus 27.04.2013 17:52
Bitte TFC ausführen, dann sollte der auch weg sein, mal ganz davon abgesehen, dass es nur ein heuristischer Treffer ist

TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

tseb 28.04.2013 08:50
1) zu TFC:

Ausgeführt, nach kurzer Laufzeit folgende Meldung: "The system requires a reboot to finish removing files. Click ok to reboot the system now." -> Habe ich gemacht, danach hat der PC neu gestartet aber es ist nichts weiter passiert, keine weiteren Aktivitäten mehr von TFC und kein Logfile. Hat das also funktioniert bzw. ist das normal so?

2) zu IE 10 und SP1:

Um IE 10 installieren zu können, kommt eine Meldung, dass zunächst das SP1 installiert sein muss... das funktioniert aber nicht: Ich wollte gestern das SP1 installieren, es hat wieder ewig geladen bis dann nach Stunden irgendwann mal die Meldung angezeigt wurde: "ERROR_SXS_ASSEMOLY_Missing(0x80073701)

Jetzt weiß ich auch wieder warum ich kein SP1 bzw. IE 10 habe... ich habe damals schon mal an dieser Stelle gehangen und wusste nicht weiter und hab dann einfach den IE 8 gelassen.

Hast du eine Idee? Welche Infos soll ich dir dazu noch bringen?

Edit: Gerade nochmal eine Volluntersuchung mit Kaspersky gemacht, es wurden keine Bedrohungen gefunden!

cosinus 28.04.2013 19:25
Das Log von TFC brauch ich nicht.
Rechner wieder soweit ok? Oder sind noch Probleme offen?

tseb 28.04.2013 21:29
Liste der Anhänge anzeigen (Anzahl: 2)
Zitat:
Zitat von cosinus (Beitrag 1053547)
Das Log von TFC brauch ich nicht.
Rechner wieder soweit ok? Oder sind noch Probleme offen?
Also die Ursprungsfrage bzgl. HEUR:Exploit.Java.CVE-2012-0507.gen ist damit wohl erledigt.

Lediglich das Problem mit dem Update auf IE 10 sowie die Installation des SP1 steht noch offen. Kannst du mir da noch helfen? Welche Informationen benötigst du dafür? Das Update endet immer mit einer Fehlermeldung, siehe Anhang.

cosinus 28.04.2013 21:59
Lad dir das SP1 komplett runter und installiere es => http://download.microsoft.com/downlo...976932-X86.exe

Melde dich wenn es fertig ist.

tseb 29.04.2013 05:52
Liste der Anhänge anzeigen (Anzahl: 1)
Das SP1 kann leider nicht installiert werden, es kommt die Fehlermeldung im Anhang.

Den Startbutton IE 10 habe ich mittlerweile auf meinem Desktop, aber wenn ich den IE10 starten möchte kommt die Meldung, dass das SP1 zwingend erforderlich ist, damit IE 10 läuft.

cosinus 29.04.2013 10:06
Das Tool bitte mal ausführen => http://www.trojaner-board.de/126216-...tml#post946713

tseb 30.04.2013 06:31
Zitat:
Zitat von cosinus (Beitrag 1053749)


OK, hab die ganzen Schritte von Windows Repair ausgeführt. Leider funktioniert es trotzdem nicht, es kommt wieder die Fehlermeldung 80073701 nach bzw. während das SP1 installiert wurde.

Der PC ist nach Ausführung von Windows Repair irgendwie etwas langsamer geworden, wird das besser wenn ich die Software wieder vom Rechner lösche?

cosinus 30.04.2013 15:29
Oftmals hilft nur eine Reparaturinstallation/Inplace Upgrade bei solchen Fehlern :(


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:03 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131