Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win32/Small.CA-Virus lässt sich nicht entfernen (https://www.trojaner-board.de/136720-win32-small-ca-virus-laesst-entfernen.html)

Sa1366 16.06.2013 18:05
Win32/Small.CA-Virus lässt sich nicht entfernen
 
Hallo allerseits,

Seit gut einer Woche taucht bei mir im Wartungscenter die Meldung "entfernen des Win32/Small.CA-Virus" auf, der Systemcheck durch Microsoft Security Essentials oder durch Malwarebytes zeigt aber keine Funde an.

Seit dem ich diese Anzeige bekomme, habe ich beim Öffnen eines Dateiordners immer folgende Fehlermeldung "Microsoft Visual C++ Runtime Library - This application has requested the Runtime to terminate it in an unusual way". Die Dateien in dem Ordner lassen sich aber öffnen, löschen usw.

Defogger hab ich ausgeführt - keine Fehlermeldung!

hier der OTL.txt

Code:
OTL logfile created on: 16.06.2013 18:22:30 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Sa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 8,91 Gb Available Physical Memory | 74,29% Memory free
23,99 Gb Paging File | 20,99 Gb Available in Paging File | 87,48% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 49,70 Gb Free Space | 44,46% Space Free | Partition Type: NTFS
Drive D: | 931,41 Gb Total Space | 428,60 Gb Free Space | 46,02% Space Free | Partition Type: NTFS
Drive F: | 100,00 Mb Total Space | 71,75 Mb Free Space | 71,75% Space Free | Partition Type: NTFS
 
Computer Name: SA-PC | User Name: Sa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.16 15:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sa\Desktop\OTL.exe
PRC - [2013.05.24 14:38:46 | 002,952,096 | ---- | M] (Samsung Electronics.) -- C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.05.12 20:20:36 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.27 18:25:30 | 000,078,352 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2012.07.13 15:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.09.02 10:57:52 | 002,181,744 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe
PRC - [2009.12.15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.17 19:02:42 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Samsung SSD Magician\SAMSUNG_SSD.dll
MOD - [2013.01.28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013.01.28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011.03.04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011.03.04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009.12.15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.12.15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [1998.10.31 10:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\EXPERTool\TBManage.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.24 11:51:04 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.08.27 18:25:30 | 000,243,728 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.12.13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010.12.10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.10.07 12:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.07 12:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 41 A7 B3 60 4E CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.05.11 18:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sa\AppData\Roaming\mozilla\Extensions
[2013.05.24 11:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.24 11:51:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Sa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8AF9D13-C41E-4118-BB70-7512C0AB5B39}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{42cbf241-ba50-11e2-822d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{42cbf241-ba50-11e2-822d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.16 15:55:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sa\Desktop\OTL.exe
[2013.06.12 20:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2013.06.12 20:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2013.06.12 20:17:26 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\Malwarebytes
[2013.06.12 20:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.12 20:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.12 20:17:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.12 20:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.12 17:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013.06.12 17:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013.06.11 16:23:38 | 000,000,000 | --SD | C] -- C:\Users\Sa\Documents\Passwords Database
[2013.06.06 20:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.06 20:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.06 20:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.06 20:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.06.05 23:18:32 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\thriXXX
[2013.06.04 11:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician
[2013.06.04 11:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung SSD Magician
[2013.05.29 14:25:41 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\dvdcss
[2013.05.28 12:15:31 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\vlc
[2013.05.28 12:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.05.24 11:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.24 10:48:29 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Local\NVIDIA
[2013.05.22 20:21:45 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\LumacDaemon
[2013.05.22 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Local\Firstload
[2013.05.22 20:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.05.21 19:58:48 | 000,000,000 | ---D | C] -- C:\Users\Sa\Cyberlink
[2013.05.18 12:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2013.05.18 12:32:48 | 000,000,000 | ---D | C] -- C:\Users\Sa\fontconfig
[2013.05.18 12:32:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.16 18:13:20 | 000,000,000 | ---- | M] () -- C:\Users\Sa\defogger_reenable
[2013.06.16 15:54:28 | 000,050,477 | ---- | M] () -- C:\Users\Sa\Desktop\Defogger.exe
[2013.06.16 15:54:18 | 000,377,856 | ---- | M] () -- C:\Users\Sa\Desktop\gmer_2.1.19163.exe
[2013.06.16 15:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sa\Desktop\OTL.exe
[2013.06.16 13:17:02 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 13:17:02 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 13:15:53 | 001,640,712 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.16 13:15:53 | 000,711,206 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.16 13:15:53 | 000,656,234 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.16 13:15:53 | 000,152,478 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.16 13:15:53 | 000,124,974 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.16 13:10:13 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini
[2013.06.16 13:09:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.16 13:09:53 | 1072,295,934 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.12 20:17:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.12 17:13:17 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.06.12 17:08:37 | 001,617,670 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.12 15:30:38 | 000,543,333 | ---- | M] () -- C:\Users\Sa\Desktop\gutschein.pdf
[2013.06.06 20:09:32 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.04 11:10:26 | 000,001,193 | ---- | M] () -- C:\Users\Sa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
[2013.06.04 11:10:26 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Magician.lnk
[2013.05.28 12:15:27 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.24 10:46:52 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.21 20:13:16 | 000,003,584 | ---- | M] () -- C:\Users\Sa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.18 12:44:40 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.16 18:13:20 | 000,000,000 | ---- | C] () -- C:\Users\Sa\defogger_reenable
[2013.06.16 15:54:55 | 000,377,856 | ---- | C] () -- C:\Users\Sa\Desktop\gmer_2.1.19163.exe
[2013.06.16 15:54:46 | 000,050,477 | ---- | C] () -- C:\Users\Sa\Desktop\Defogger.exe
[2013.06.12 20:48:37 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2013.06.12 20:48:37 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013.06.12 20:48:36 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013.06.12 20:48:36 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013.06.12 20:17:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.12 17:13:17 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013.06.12 17:13:11 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013.06.12 15:30:38 | 000,543,333 | ---- | C] () -- C:\Users\Sa\Desktop\gutschein.pdf
[2013.06.06 20:09:32 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.28 12:15:27 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.24 10:46:52 | 000,001,351 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.24 10:44:30 | 001,617,670 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.05.21 20:13:16 | 000,003,584 | ---- | C] () -- C:\Users\Sa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.18 12:44:40 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2013.05.13 13:39:42 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.05.13 13:39:42 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.05.12 20:19:47 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
[2013.05.11 17:43:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.05.11 17:43:52 | 000,029,940 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.13 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\Sa\AppData\Roaming\DVDVideoSoft
[2013.05.24 12:47:18 | 000,000,000 | ---D | M] -- C:\Users\Sa\AppData\Roaming\LumacDaemon
[2013.06.05 23:18:32 | 000,000,000 | ---D | M] -- C:\Users\Sa\AppData\Roaming\thriXXX
[2013.06.13 01:14:25 | 000,000,000 | ---D | M] -- C:\Users\Sa\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
Extra.txt

Code:
OTL Extras logfile created on: 16.06.2013 18:22:30 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Sa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 8,91 Gb Available Physical Memory | 74,29% Memory free
23,99 Gb Paging File | 20,99 Gb Available in Paging File | 87,48% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 49,70 Gb Free Space | 44,46% Space Free | Partition Type: NTFS
Drive D: | 931,41 Gb Total Space | 428,60 Gb Free Space | 46,02% Space Free | Partition Type: NTFS
Drive F: | 100,00 Mb Total Space | 71,75 Mb Free Space | 71,75% Space Free | Partition Type: NTFS
 
Computer Name: SA-PC | User Name: Sa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E28B841-BA6A-4BC3-BDFE-3E4485156073}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11930A03-69DF-428E-A238-50A59C023157}" = rport=139 | protocol=6 | dir=out | app=system |
"{15F2F110-E56B-4A3E-8155-58D5619E4E6F}" = lport=137 | protocol=17 | dir=in | app=system |
"{2E1B2672-3BB5-4405-9892-3BF85B498897}" = rport=445 | protocol=6 | dir=out | app=system |
"{35573A32-4AD3-4DE2-B651-2B070BC90CAE}" = rport=137 | protocol=17 | dir=out | app=system |
"{3E960E62-2448-42DA-A95D-B05184BDB6D8}" = lport=139 | protocol=6 | dir=in | app=system |
"{4ECEE9A0-3AEF-46D0-946C-2CBD4FECAD43}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BD3B459-49A3-42F6-AB7C-F847247324A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{760E81A5-E2FB-4692-9BB6-783106F712DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{83C532A2-FBC3-4234-957C-77E282750E46}" = lport=138 | protocol=17 | dir=in | app=system |
"{96D56981-EDE9-4D83-92C5-AD63FA367673}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98056B07-611C-4D59-BB00-75474D9772CD}" = lport=445 | protocol=6 | dir=in | app=system |
"{BEA0BFE6-E4C8-44B9-A05F-95B58C085008}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5405498-C952-47F5-8D12-2DF24181A283}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C60F4CBF-276F-45FD-82A0-BB167901299F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D33C4D15-1304-4A33-828A-8718F35435DB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA759D40-FB66-40D1-AA12-0A2417AFB940}" = rport=138 | protocol=17 | dir=out | app=system |
"{E22C2D04-5A4A-498C-A50B-B0C14594A748}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E307FBD2-0E13-497C-9BC2-0531D66AEBDB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E761BF2E-35B6-43F5-BDA1-5161D3C3DC92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC828601-B40B-4E6C-991E-12347B4529AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001FB124-E161-436E-910A-46AA5F9FE74A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{0390AF47-CA63-47AB-AEA5-627D0F3C0229}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CA3FC4B-4264-478F-A359-D8A0A1730025}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{1F6668D0-BFF6-4F80-8023-65C5F682A4EB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2271D2BE-FB41-4493-9206-18C7B00B4450}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23388D77-30A3-494E-A41F-3503F400B7CE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{284DABA4-FC64-4C07-B14B-8CDF60CDBA9E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{37C9954B-B30F-4EF7-AAF4-B42702F413ED}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{3D939B98-82B0-45CF-B325-B0EB612F192A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{3FE0E7E7-3513-4FE9-8280-7553C0BB55E4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{40F363C0-2BD3-434D-9D7F-B41F6C8CA712}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{42F373F0-4B3E-4945-874B-8C3654DDA42B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{45321AD9-91D0-420D-B3D2-D48FC55C32B0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4E4A358C-902C-4AFF-A5AF-B596B2776CC9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5171411A-DF8D-4B3B-BECF-FC62A5C090BA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D1BD0FB-7D52-4A0A-832D-2FD0CBAF46DB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{63A7AB44-AE0E-48EE-943D-BE8C81AE7783}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6714BE23-EB81-49F6-8339-0ECB4CD074F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{6F8D1998-EFE1-4E5D-B353-D8ED7523877B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{75969557-A423-409D-889F-477797AB7066}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7693B766-F14C-48E1-B117-B6B5F36BD109}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7EED0794-A6C8-45EA-98C5-97C9ACB09414}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8528102D-0096-4805-9AD7-19399FE29D37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8DABF8CC-9A92-498B-8220-4F85C16BFCEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A8DC16F-4A85-42A2-9F99-33C365B2B18F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{B50B52A2-F640-4E17-8524-8128FD9D3F25}" = protocol=58 | dir=in | app=system |
"{B8668B11-83DB-4063-A497-DEBE6349B062}" = protocol=6 | dir=out | app=system |
"{BBA13239-5ED8-4012-9D34-DAF543268EE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C4EB371F-E0A2-4FE6-B66E-5FE87F023F87}" = protocol=17 | dir=in | app=c:\users\sa\appdata\roaming\utorrent\utorrent.exe |
"{C8A92FA0-DF5B-4980-A739-21471D6BAC64}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{CC35C617-8816-412A-9D33-23E316A5F885}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D28F4543-63D8-4AFF-A24F-1A4381D37966}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D5EF30B0-CA6F-4F7B-AAB4-D11DB37C93E9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D67C7E13-8008-4182-AC9C-AD89AB8D072E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E09DBB47-C441-43A0-B4A7-8E32024BCE6C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{E980F2CF-4A65-4D58-83B6-A07E57FEA2F8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB7874D5-5DE8-43BF-9018-A2754275A67E}" = protocol=17 | dir=in | app=d:\2k games\firaxis games\sid meier's railroads!\railroads.exe |
"{F63C81A0-314B-4064-8665-3EE8E723FDC9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6AB5FCC-8550-4759-87E5-D927C36B0143}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FCFFA76C-8846-4900-8754-D83E72A9CDC3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{FD7BDCF6-124C-4165-8E33-AD9A21E8741A}" = protocol=6 | dir=in | app=c:\users\sa\appdata\roaming\utorrent\utorrent.exe |
"{FF81E413-8375-4A49-8730-F84D08AF899C}" = protocol=6 | dir=in | app=d:\2k games\firaxis games\sid meier's railroads!\railroads.exe |
"TCP Query User{16B7CB05-F195-4DC7-A912-0500FF5CFAB2}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{539161E7-E485-4991-84EA-48366099F33A}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F9FD3094-87A9-4F45-AE0A-A8E20A7804C7}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe |
"UDP Query User{B770F0AD-90C0-4820-97BE-7F3A1C47DC50}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{D481FCDF-C238-4CB3-AA29-5E19E84887DA}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe |
"UDP Query User{EB25654D-A27B-4E20-9013-F2A3FBB83D02}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.9.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung Magician
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = LG CyberLink BD Advisor
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool
"{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = LG CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = LG CyberLink MediaEspresso
"{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.85
"EA Installer.-1188349928" = EA Installer
"Free Video Dub_is1" = Free Video Dub version 2.0.18.430
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = LG CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = LG CyberLink MediaEspresso
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySSID_is1" = EXPERTool 7.13
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PS3 Media Server" = PS3 Media Server
"uTorrent" = µTorrent
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.06.2013 05:50:41 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bca54  Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
 0.0.0.0, Zeitstempel: 0x51377157  Ausnahmecode: 0x40000015  Fehleroffset: 0x000000000000cadf
ID
 des fehlerhaften Prozesses: 0x96c  Startzeit der fehlerhaften Anwendung: 0x01ce69adbff89827
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll  Berichtskennung:
 09b41333-d5a1-11e2-a4cd-bcaec53688ce
 
Error - 15.06.2013 05:59:39 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bca54  Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
 0.0.0.0, Zeitstempel: 0x51377157  Ausnahmecode: 0x40000015  Fehleroffset: 0x000000000000cadf
ID
 des fehlerhaften Prozesses: 0x1358  Startzeit der fehlerhaften Anwendung: 0x01ce69adcdae9f2c
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll  Berichtskennung:
 4a670a22-d5a2-11e2-a4cd-bcaec53688ce
 
Error - 15.06.2013 05:59:43 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bca54  Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
 0.0.0.0, Zeitstempel: 0x51377157  Ausnahmecode: 0x40000015  Fehleroffset: 0x000000000000cadf
ID
 des fehlerhaften Prozesses: 0x5d4  Startzeit der fehlerhaften Anwendung: 0x01ce69af0d8feb29
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll  Berichtskennung:
 4c964e63-d5a2-11e2-a4cd-bcaec53688ce
 
Error - 15.06.2013 06:06:57 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bca54  Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
 0.0.0.0, Zeitstempel: 0x51377157  Ausnahmecode: 0x40000015  Fehleroffset: 0x000000000000cadf
ID
 des fehlerhaften Prozesses: 0x368  Startzeit der fehlerhaften Anwendung: 0x01ce69b009a09a74
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll  Berichtskennung:
 4f7815fa-d5a3-11e2-a4cd-bcaec53688ce
 
Error - 15.06.2013 07:18:59 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bca54  Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
 0.0.0.0, Zeitstempel: 0x51377157  Ausnahmecode: 0x40000015  Fehleroffset: 0x000000000000cadf
ID
 des fehlerhaften Prozesses: 0x418  Startzeit der fehlerhaften Anwendung: 0x01ce69ba1e9419ac
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll  Berichtskennung:
 5f950fab-d5ad-11e2-a4cd-bcaec53688ce
 
Error - 15.06.2013 17:54:45 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bca54  Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
 0.0.0.0, Zeitstempel: 0x51377157  Ausnahmecode: 0x40000015  Fehleroffset: 0x000000000000cadf
ID
 des fehlerhaften Prozesses: 0x158  Startzeit der fehlerhaften Anwendung: 0x01ce6a12ee6721dd
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll  Berichtskennung:
 305f31d0-d606-11e2-a99b-bcaec53688ce
 
Error - 15.06.2013 18:17:53 | Computer Name = Sa-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 21.0.0.4879 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1200    Startzeit:
 01ce6a10a35921b2    Endzeit: 61    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 691b1cf9-d609-11e2-a99b-bcaec53688ce 
 
Error - 15.06.2013 18:20:38 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bca54  Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
 0.0.0.0, Zeitstempel: 0x51377157  Ausnahmecode: 0x40000015  Fehleroffset: 0x000000000000cadf
ID
 des fehlerhaften Prozesses: 0x168  Startzeit der fehlerhaften Anwendung: 0x01ce6a12f4c7ea86
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll  Berichtskennung:
 ce025d13-d609-11e2-a99b-bcaec53688ce
 
Error - 15.06.2013 19:07:28 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bca54  Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
 0.0.0.0, Zeitstempel: 0x51377157  Ausnahmecode: 0x40000015  Fehleroffset: 0x000000000000cadf
ID
 des fehlerhaften Prozesses: 0x514  Startzeit der fehlerhaften Anwendung: 0x01ce6a1c7258795c
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll  Berichtskennung:
 58eb2d51-d610-11e2-a99b-bcaec53688ce
 
Error - 16.06.2013 10:04:40 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bca54  Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
 0.0.0.0, Zeitstempel: 0x51377157  Ausnahmecode: 0x40000015  Fehleroffset: 0x000000000000cadf
ID
 des fehlerhaften Prozesses: 0xb38  Startzeit der fehlerhaften Anwendung: 0x01ce6a9913949678
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll  Berichtskennung:
 af84771d-d68d-11e2-96bc-bcaec53688ce
 
[ System Events ]
Error - 13.06.2013 17:36:47 | Computer Name = Sa-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 13.06.2013 20:04:23 | Computer Name = Sa-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 13.06.2013 20:25:26 | Computer Name = Sa-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 14.06.2013 13:57:27 | Computer Name = Sa-PC | Source = bowser | ID = 8003
Description =
 
Error - 14.06.2013 15:01:46 | Computer Name = Sa-PC | Source = nvlddmkm | ID = 11141134
Description =
 
Error - 14.06.2013 15:09:24 | Computer Name = Sa-PC | Source = bowser | ID = 8003
Description =
 
Error - 15.06.2013 05:32:01 | Computer Name = Sa-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 16.06.2013 06:51:29 | Computer Name = Sa-PC | Source = bowser | ID = 8003
Description =
 
Error - 16.06.2013 07:02:58 | Computer Name = Sa-PC | Source = nvlddmkm | ID = 11141134
Description =
 
Error - 16.06.2013 07:15:31 | Computer Name = Sa-PC | Source = bowser | ID = 8003
Description =
 
 
< End of report >
und Gmer.txt

Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-16 18:46:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\0000004f Samsung_ rev.DXT0 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Sa\AppData\Local\Temp\pxldypoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                        fffff80003003000 8 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 576                                                        fffff80003003010 29 bytes [43, 07, 50, 01, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000075f41465 2 bytes [F4, 75]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075f414bb 2 bytes [F4, 75]
.text    ...                                                                                                                        * 2

---- EOF - GMER 2.1 ----
Ich hoffe, ich habe bis hierhin alles richtig gemacht. Sollte noch was fehlen reiche ich es schnellstmöglich nach.

Vielen Dank schon jetzt für die Hilfe!
Sa

markusg 16.06.2013 18:06
Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Sa1366 16.06.2013 18:19
Hallo Markus

hier das Ergebnis

Code:
19:17:34.0691 4624  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:17:34.0909 4624  ============================================================
19:17:34.0909 4624  Current date / time: 2013/06/16 19:17:34.0909
19:17:34.0909 4624  SystemInfo:
19:17:34.0909 4624 
19:17:34.0909 4624  OS Version: 6.1.7601 ServicePack: 1.0
19:17:34.0909 4624  Product type: Workstation
19:17:34.0909 4624  ComputerName: SA-PC
19:17:34.0909 4624  UserName: Sa
19:17:34.0909 4624  Windows directory: C:\Windows
19:17:34.0909 4624  System windows directory: C:\Windows
19:17:34.0909 4624  Running under WOW64
19:17:34.0909 4624  Processor architecture: Intel x64
19:17:34.0909 4624  Number of processors: 4
19:17:34.0909 4624  Page size: 0x1000
19:17:34.0909 4624  Boot type: Normal boot
19:17:34.0909 4624  ============================================================
19:17:35.0720 4624  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:17:35.0736 4624  Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:17:35.0814 4624  ============================================================
19:17:35.0814 4624  \Device\Harddisk0\DR0:
19:17:35.0814 4624  MBR partitions:
19:17:35.0814 4624  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:17:35.0814 4624  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
19:17:35.0814 4624  \Device\Harddisk1\DR1:
19:17:35.0814 4624  MBR partitions:
19:17:35.0814 4624  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
19:17:35.0814 4624  ============================================================
19:17:35.0814 4624  C: <-> \Device\Harddisk1\DR1\Partition1
19:17:35.0892 4624  D: <-> \Device\Harddisk0\DR0\Partition2
19:17:35.0907 4624  F: <-> \Device\Harddisk0\DR0\Partition1
19:17:35.0907 4624  ============================================================
19:17:35.0907 4624  Initialize success
19:17:35.0907 4624  ============================================================
19:17:43.0255 2152  ============================================================
19:17:43.0255 2152  Scan started
19:17:43.0255 2152  Mode: Manual; SigCheck; TDLFS;
19:17:43.0255 2152  ============================================================
19:17:44.0019 2152  ================ Scan system memory ========================
19:17:44.0019 2152  System memory - ok
19:17:44.0019 2152  ================ Scan services =============================
19:17:44.0051 2152  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:17:44.0082 2152  1394ohci - ok
19:17:44.0082 2152  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:17:44.0097 2152  ACPI - ok
19:17:44.0097 2152  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
19:17:44.0113 2152  AcpiPmi - ok
19:17:44.0113 2152  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:17:44.0129 2152  AdobeARMservice - ok
19:17:44.0129 2152  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
19:17:44.0144 2152  adp94xx - ok
19:17:44.0144 2152  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
19:17:44.0160 2152  adpahci - ok
19:17:44.0160 2152  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
19:17:44.0175 2152  adpu320 - ok
19:17:44.0175 2152  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
19:17:44.0207 2152  AeLookupSvc - ok
19:17:44.0207 2152  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
19:17:44.0222 2152  AFD - ok
19:17:44.0222 2152  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:17:44.0238 2152  agp440 - ok
19:17:44.0238 2152  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
19:17:44.0238 2152  ALG - ok
19:17:44.0253 2152  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:17:44.0253 2152  aliide - ok
19:17:44.0253 2152  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:17:44.0269 2152  amdide - ok
19:17:44.0269 2152  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
19:17:44.0285 2152  AmdK8 - ok
19:17:44.0285 2152  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:17:44.0285 2152  AmdPPM - ok
19:17:44.0285 2152  [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata        C:\Windows\system32\DRIVERS\amdsata.sys
19:17:44.0300 2152  amdsata - ok
19:17:44.0300 2152  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:17:44.0316 2152  amdsbs - ok
19:17:44.0316 2152  [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata        C:\Windows\system32\DRIVERS\amdxata.sys
19:17:44.0331 2152  amdxata - ok
19:17:44.0331 2152  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
19:17:44.0347 2152  AppID - ok
19:17:44.0347 2152  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:17:44.0378 2152  AppIDSvc - ok
19:17:44.0378 2152  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo        C:\Windows\System32\appinfo.dll
19:17:44.0394 2152  Appinfo - ok
19:17:44.0394 2152  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:17:44.0394 2152  Apple Mobile Device - ok
19:17:44.0409 2152  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
19:17:44.0409 2152  arc - ok
19:17:44.0409 2152  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:17:44.0425 2152  arcsas - ok
19:17:44.0441 2152  [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
19:17:44.0441 2152  AsIO - ok
19:17:44.0456 2152  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:17:44.0472 2152  aspnet_state - ok
19:17:44.0472 2152  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:17:44.0487 2152  AsyncMac - ok
19:17:44.0503 2152  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
19:17:44.0503 2152  atapi - ok
19:17:44.0503 2152  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie        C:\Windows\system32\DRIVERS\AtiPcie.sys
19:17:44.0519 2152  AtiPcie - ok
19:17:44.0519 2152  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:17:44.0550 2152  AudioEndpointBuilder - ok
19:17:44.0550 2152  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:17:44.0581 2152  AudioSrv - ok
19:17:44.0581 2152  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:17:44.0597 2152  AxInstSV - ok
19:17:44.0597 2152  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
19:17:44.0612 2152  b06bdrv - ok
19:17:44.0628 2152  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:17:44.0628 2152  b57nd60a - ok
19:17:44.0628 2152  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:17:44.0643 2152  BDESVC - ok
19:17:44.0643 2152  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:17:44.0675 2152  Beep - ok
19:17:44.0675 2152  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
19:17:44.0706 2152  BFE - ok
19:17:44.0721 2152  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:17:44.0753 2152  BITS - ok
19:17:44.0753 2152  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:17:44.0753 2152  blbdrive - ok
19:17:44.0768 2152  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:17:44.0768 2152  Bonjour Service - ok
19:17:44.0784 2152  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:17:44.0784 2152  bowser - ok
19:17:44.0784 2152  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:17:44.0799 2152  BrFiltLo - ok
19:17:44.0799 2152  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:17:44.0815 2152  BrFiltUp - ok
19:17:44.0815 2152  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
19:17:44.0815 2152  Browser - ok
19:17:44.0831 2152  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
19:17:44.0831 2152  Brserid - ok
19:17:44.0846 2152  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:17:44.0846 2152  BrSerWdm - ok
19:17:44.0846 2152  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:17:44.0862 2152  BrUsbMdm - ok
19:17:44.0862 2152  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:17:44.0877 2152  BrUsbSer - ok
19:17:44.0877 2152  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:17:44.0893 2152  BTHMODEM - ok
19:17:44.0893 2152  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
19:17:44.0909 2152  bthserv - ok
19:17:44.0924 2152  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:17:44.0940 2152  cdfs - ok
19:17:44.0940 2152  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\drivers\cdrom.sys
19:17:44.0955 2152  cdrom - ok
19:17:44.0955 2152  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
19:17:44.0987 2152  CertPropSvc - ok
19:17:44.0987 2152  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:17:45.0002 2152  circlass - ok
19:17:45.0002 2152  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:17:45.0018 2152  CLFS - ok
19:17:45.0018 2152  [ D7F297C77695BAF282FAB653ADF80828 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
19:17:45.0033 2152  CLKMSVC10_38F51D56 - ok
19:17:45.0033 2152  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:17:45.0033 2152  clr_optimization_v2.0.50727_32 - ok
19:17:45.0049 2152  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:17:45.0049 2152  clr_optimization_v2.0.50727_64 - ok
19:17:45.0065 2152  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:17:45.0065 2152  clr_optimization_v4.0.30319_32 - ok
19:17:45.0065 2152  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:17:45.0080 2152  clr_optimization_v4.0.30319_64 - ok
19:17:45.0080 2152  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:17:45.0096 2152  CmBatt - ok
19:17:45.0096 2152  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:17:45.0096 2152  cmdide - ok
19:17:45.0111 2152  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG            C:\Windows\system32\Drivers\cng.sys
19:17:45.0127 2152  CNG - ok
19:17:45.0127 2152  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:17:45.0127 2152  Compbatt - ok
19:17:45.0143 2152  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:17:45.0143 2152  CompositeBus - ok
19:17:45.0143 2152  COMSysApp - ok
19:17:45.0158 2152  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
19:17:45.0158 2152  crcdisk - ok
19:17:45.0158 2152  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:17:45.0174 2152  CryptSvc - ok
19:17:45.0189 2152  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:17:45.0205 2152  DcomLaunch - ok
19:17:45.0221 2152  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
19:17:45.0252 2152  defragsvc - ok
19:17:45.0267 2152  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:17:45.0283 2152  DfsC - ok
19:17:45.0283 2152  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:17:45.0299 2152  Dhcp - ok
19:17:45.0299 2152  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:17:45.0330 2152  discache - ok
19:17:45.0330 2152  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:17:45.0330 2152  Disk - ok
19:17:45.0345 2152  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:17:45.0345 2152  Dnscache - ok
19:17:45.0361 2152  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
19:17:45.0377 2152  dot3svc - ok
19:17:45.0392 2152  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
19:17:45.0408 2152  DPS - ok
19:17:45.0408 2152  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
19:17:45.0423 2152  drmkaud - ok
19:17:45.0423 2152  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
19:17:45.0455 2152  DXGKrnl - ok
19:17:45.0455 2152  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
19:17:45.0486 2152  EapHost - ok
19:17:45.0501 2152  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
19:17:45.0533 2152  ebdrv - ok
19:17:45.0548 2152  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
19:17:45.0548 2152  EFS - ok
19:17:45.0564 2152  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
19:17:45.0579 2152  ehRecvr - ok
19:17:45.0579 2152  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
19:17:45.0579 2152  ehSched - ok
19:17:45.0595 2152  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
19:17:45.0611 2152  elxstor - ok
19:17:45.0611 2152  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:17:45.0611 2152  ErrDev - ok
19:17:45.0626 2152  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
19:17:45.0657 2152  EventSystem - ok
19:17:45.0657 2152  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
19:17:45.0689 2152  exfat - ok
19:17:45.0689 2152  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
19:17:45.0704 2152  fastfat - ok
19:17:45.0720 2152  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
19:17:45.0735 2152  Fax - ok
19:17:45.0735 2152  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
19:17:45.0751 2152  fdc - ok
19:17:45.0751 2152  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
19:17:45.0767 2152  fdPHost - ok
19:17:45.0767 2152  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:17:45.0798 2152  FDResPub - ok
19:17:45.0798 2152  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:17:45.0813 2152  FileInfo - ok
19:17:45.0813 2152  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
19:17:45.0829 2152  Filetrace - ok
19:17:45.0845 2152  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:17:45.0845 2152  flpydisk - ok
19:17:45.0845 2152  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:17:45.0860 2152  FltMgr - ok
19:17:45.0876 2152  [ C4C183E6551084039EC862DA1C945E3D ] FontCache      C:\Windows\system32\FntCache.dll
19:17:45.0891 2152  FontCache - ok
19:17:45.0891 2152  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:17:45.0907 2152  FontCache3.0.0.0 - ok
19:17:45.0907 2152  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
19:17:45.0907 2152  FsDepends - ok
19:17:45.0923 2152  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:17:45.0923 2152  Fs_Rec - ok
19:17:45.0923 2152  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:17:45.0938 2152  fvevol - ok
19:17:45.0938 2152  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:17:45.0954 2152  gagp30kx - ok
19:17:45.0954 2152  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:17:45.0954 2152  GEARAspiWDM - ok
19:17:45.0969 2152  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
19:17:46.0001 2152  gpsvc - ok
19:17:46.0001 2152  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:17:46.0001 2152  hcw85cir - ok
19:17:46.0016 2152  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:17:46.0032 2152  HdAudAddService - ok
19:17:46.0032 2152  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:17:46.0047 2152  HDAudBus - ok
19:17:46.0047 2152  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
19:17:46.0047 2152  HidBatt - ok
19:17:46.0047 2152  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:17:46.0063 2152  HidBth - ok
19:17:46.0063 2152  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
19:17:46.0079 2152  HidIr - ok
19:17:46.0079 2152  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
19:17:46.0110 2152  hidserv - ok
19:17:46.0110 2152  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:17:46.0110 2152  HidUsb - ok
19:17:46.0125 2152  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:17:46.0141 2152  hkmsvc - ok
19:17:46.0141 2152  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:17:46.0157 2152  HomeGroupListener - ok
19:17:46.0157 2152  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:17:46.0172 2152  HomeGroupProvider - ok
19:17:46.0172 2152  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:17:46.0188 2152  HpSAMD - ok
19:17:46.0188 2152  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:17:46.0219 2152  HTTP - ok
19:17:46.0219 2152  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:17:46.0235 2152  hwpolicy - ok
19:17:46.0235 2152  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:17:46.0235 2152  i8042prt - ok
19:17:46.0250 2152  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
19:17:46.0250 2152  iaStorV - ok
19:17:46.0266 2152  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:17:46.0281 2152  idsvc - ok
19:17:46.0281 2152  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
19:17:46.0297 2152  iirsp - ok
19:17:46.0297 2152  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:17:46.0328 2152  IKEEXT - ok
19:17:46.0344 2152  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:17:46.0344 2152  intelide - ok
19:17:46.0344 2152  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:17:46.0359 2152  intelppm - ok
19:17:46.0359 2152  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
19:17:46.0391 2152  IPBusEnum - ok
19:17:46.0391 2152  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:17:46.0406 2152  IpFilterDriver - ok
19:17:46.0422 2152  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:17:46.0437 2152  iphlpsvc - ok
19:17:46.0437 2152  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
19:17:46.0437 2152  IPMIDRV - ok
19:17:46.0437 2152  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
19:17:46.0469 2152  IPNAT - ok
19:17:46.0469 2152  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:17:46.0484 2152  iPod Service - ok
19:17:46.0500 2152  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:17:46.0500 2152  IRENUM - ok
19:17:46.0500 2152  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:17:46.0515 2152  isapnp - ok
19:17:46.0515 2152  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:17:46.0531 2152  iScsiPrt - ok
19:17:46.0531 2152  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:17:46.0547 2152  kbdclass - ok
19:17:46.0547 2152  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:17:46.0547 2152  kbdhid - ok
19:17:46.0547 2152  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:17:46.0562 2152  KeyIso - ok
19:17:46.0562 2152  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:17:46.0578 2152  KSecDD - ok
19:17:46.0578 2152  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
19:17:46.0593 2152  KSecPkg - ok
19:17:46.0593 2152  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
19:17:46.0609 2152  ksthunk - ok
19:17:46.0625 2152  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
19:17:46.0640 2152  KtmRm - ok
19:17:46.0656 2152  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:17:46.0671 2152  LanmanServer - ok
19:17:46.0671 2152  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:17:46.0703 2152  LanmanWorkstation - ok
19:17:46.0703 2152  [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:17:46.0749 2152  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:17:46.0749 2152  LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:17:46.0749 2152  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:17:46.0781 2152  lltdio - ok
19:17:46.0781 2152  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
19:17:46.0812 2152  lltdsvc - ok
19:17:46.0812 2152  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
19:17:46.0843 2152  lmhosts - ok
19:17:46.0843 2152  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:17:46.0843 2152  LSI_FC - ok
19:17:46.0859 2152  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
19:17:46.0859 2152  LSI_SAS - ok
19:17:46.0859 2152  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:17:46.0874 2152  LSI_SAS2 - ok
19:17:46.0874 2152  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:17:46.0890 2152  LSI_SCSI - ok
19:17:46.0890 2152  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
19:17:46.0905 2152  luafv - ok
19:17:46.0921 2152  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
19:17:46.0921 2152  Mcx2Svc - ok
19:17:46.0921 2152  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
19:17:46.0937 2152  megasas - ok
19:17:46.0937 2152  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:17:46.0952 2152  MegaSR - ok
19:17:46.0952 2152  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
19:17:46.0983 2152  MMCSS - ok
19:17:46.0983 2152  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
19:17:46.0999 2152  Modem - ok
19:17:47.0015 2152  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
19:17:47.0015 2152  monitor - ok
19:17:47.0015 2152  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:17:47.0030 2152  mouclass - ok
19:17:47.0030 2152  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:17:47.0046 2152  mouhid - ok
19:17:47.0046 2152  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:17:47.0046 2152  mountmgr - ok
19:17:47.0061 2152  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:17:47.0061 2152  MozillaMaintenance - ok
19:17:47.0061 2152  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
19:17:47.0077 2152  MpFilter - ok
19:17:47.0093 2152  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:17:47.0093 2152  mpio - ok
19:17:47.0093 2152  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:17:47.0124 2152  mpsdrv - ok
19:17:47.0124 2152  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:17:47.0155 2152  MpsSvc - ok
19:17:47.0171 2152  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:17:47.0171 2152  MRxDAV - ok
19:17:47.0186 2152  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:17:47.0186 2152  mrxsmb - ok
19:17:47.0186 2152  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:17:47.0202 2152  mrxsmb10 - ok
19:17:47.0202 2152  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:17:47.0217 2152  mrxsmb20 - ok
19:17:47.0217 2152  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:17:47.0217 2152  msahci - ok
19:17:47.0233 2152  [ 41FB1D61DF09C36CCAB0B04EEC66F6D5 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
19:17:47.0233 2152  MSCamSvc - ok
19:17:47.0249 2152  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
19:17:47.0249 2152  msdsm - ok
19:17:47.0249 2152  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
19:17:47.0264 2152  MSDTC - ok
19:17:47.0264 2152  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:17:47.0295 2152  Msfs - ok
19:17:47.0295 2152  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
19:17:47.0311 2152  mshidkmdf - ok
19:17:47.0327 2152  [ BB590070D606AE6F008341FC9A7B2AD7 ] MSHUSBVideo    C:\Windows\system32\Drivers\nx6000.sys
19:17:47.0327 2152  MSHUSBVideo - ok
19:17:47.0327 2152  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:17:47.0342 2152  msisadrv - ok
19:17:47.0342 2152  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
19:17:47.0373 2152  MSiSCSI - ok
19:17:47.0373 2152  msiserver - ok
19:17:47.0373 2152  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
19:17:47.0405 2152  MSKSSRV - ok
19:17:47.0405 2152  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc        C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:17:47.0405 2152  MsMpSvc - ok
19:17:47.0405 2152  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:17:47.0436 2152  MSPCLOCK - ok
19:17:47.0436 2152  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
19:17:47.0467 2152  MSPQM - ok
19:17:47.0467 2152  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
19:17:47.0483 2152  MsRPC - ok
19:17:47.0483 2152  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:17:47.0498 2152  mssmbios - ok
19:17:47.0498 2152  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
19:17:47.0514 2152  MSTEE - ok
19:17:47.0514 2152  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:17:47.0529 2152  MTConfig - ok
19:17:47.0529 2152  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
19:17:47.0545 2152  MTsensor - ok
19:17:47.0545 2152  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
19:17:47.0545 2152  Mup - ok
19:17:47.0561 2152  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:17:47.0576 2152  napagent - ok
19:17:47.0592 2152  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
19:17:47.0607 2152  NativeWifiP - ok
19:17:47.0607 2152  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:17:47.0623 2152  NDIS - ok
19:17:47.0639 2152  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
19:17:47.0654 2152  NdisCap - ok
19:17:47.0654 2152  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:17:47.0685 2152  NdisTapi - ok
19:17:47.0685 2152  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
19:17:47.0701 2152  Ndisuio - ok
19:17:47.0717 2152  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
19:17:47.0732 2152  NdisWan - ok
19:17:47.0732 2152  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
19:17:47.0763 2152  NDProxy - ok
19:17:47.0763 2152  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
19:17:47.0795 2152  NetBIOS - ok
19:17:47.0795 2152  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
19:17:47.0826 2152  NetBT - ok
19:17:47.0826 2152  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:17:47.0826 2152  Netlogon - ok
19:17:47.0841 2152  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:17:47.0857 2152  Netman - ok
19:17:47.0873 2152  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:17:47.0873 2152  NetMsmqActivator - ok
19:17:47.0873 2152  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:17:47.0888 2152  NetPipeActivator - ok
19:17:47.0888 2152  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:17:47.0919 2152  netprofm - ok
19:17:47.0919 2152  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:17:47.0935 2152  NetTcpActivator - ok
19:17:47.0935 2152  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:17:47.0935 2152  NetTcpPortSharing - ok
19:17:47.0935 2152  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
19:17:47.0951 2152  nfrd960 - ok
19:17:47.0951 2152  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:17:47.0966 2152  NisDrv - ok
19:17:47.0966 2152  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
19:17:47.0982 2152  NisSrv - ok
19:17:47.0982 2152  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:17:47.0997 2152  NlaSvc - ok
19:17:47.0997 2152  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:17:48.0029 2152  Npfs - ok
19:17:48.0029 2152  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
19:17:48.0044 2152  nsi - ok
19:17:48.0060 2152  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:17:48.0075 2152  nsiproxy - ok
19:17:48.0091 2152  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:17:48.0122 2152  Ntfs - ok
19:17:48.0122 2152  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:17:48.0153 2152  Null - ok
19:17:48.0153 2152  [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
19:17:48.0169 2152  nusb3hub - ok
19:17:48.0169 2152  [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:17:48.0185 2152  nusb3xhc - ok
19:17:48.0200 2152  [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
19:17:48.0200 2152  NVHDA - ok
19:17:48.0278 2152  [ 7A711D08F1FD1AB8149B6199F84A0EB7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:17:48.0419 2152  nvlddmkm - ok
19:17:48.0419 2152  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:17:48.0434 2152  nvraid - ok
19:17:48.0434 2152  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:17:48.0450 2152  nvstor - ok
19:17:48.0450 2152  [ B9F3591981D761A5CA1D24C369764D96 ] nvsvc          C:\Windows\system32\nvvsvc.exe
19:17:48.0481 2152  nvsvc - ok
19:17:48.0497 2152  [ A9AFE5B0648C8D7A411A72D8222F7F6E ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:17:48.0528 2152  nvUpdatusService - ok
19:17:48.0528 2152  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:17:48.0528 2152  nv_agp - ok
19:17:48.0543 2152  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:17:48.0543 2152  ohci1394 - ok
19:17:48.0543 2152  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:17:48.0559 2152  ose - ok
19:17:48.0590 2152  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:17:48.0653 2152  osppsvc - ok
19:17:48.0668 2152  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:17:48.0668 2152  p2pimsvc - ok
19:17:48.0684 2152  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:17:48.0699 2152  p2psvc - ok
19:17:48.0699 2152  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
19:17:48.0699 2152  Parport - ok
19:17:48.0715 2152  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
19:17:48.0715 2152  partmgr - ok
19:17:48.0715 2152  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:17:48.0731 2152  PcaSvc - ok
19:17:48.0731 2152  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
19:17:48.0746 2152  pci - ok
19:17:48.0746 2152  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:17:48.0762 2152  pciide - ok
19:17:48.0762 2152  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:17:48.0777 2152  pcmcia - ok
19:17:48.0777 2152  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
19:17:48.0793 2152  pcw - ok
19:17:48.0793 2152  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:17:48.0824 2152  PEAUTH - ok
19:17:48.0840 2152  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:17:48.0855 2152  PerfHost - ok
19:17:48.0871 2152  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
19:17:48.0902 2152  pla - ok
19:17:48.0918 2152  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:17:48.0918 2152  PlugPlay - ok
19:17:48.0933 2152  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
19:17:48.0933 2152  PNRPAutoReg - ok
19:17:48.0933 2152  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
19:17:48.0949 2152  PNRPsvc - ok
19:17:48.0949 2152  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
19:17:48.0980 2152  PolicyAgent - ok
19:17:48.0996 2152  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
19:17:49.0011 2152  Power - ok
19:17:49.0011 2152  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:17:49.0043 2152  PptpMiniport - ok
19:17:49.0043 2152  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
19:17:49.0058 2152  Processor - ok
19:17:49.0058 2152  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
19:17:49.0074 2152  ProfSvc - ok
19:17:49.0074 2152  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:17:49.0074 2152  ProtectedStorage - ok
19:17:49.0074 2152  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:17:49.0105 2152  Psched - ok
19:17:49.0121 2152  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:17:49.0136 2152  ql2300 - ok
19:17:49.0152 2152  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:17:49.0152 2152  ql40xx - ok
19:17:49.0167 2152  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
19:17:49.0167 2152  QWAVE - ok
19:17:49.0183 2152  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:17:49.0183 2152  QWAVEdrv - ok
19:17:49.0183 2152  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:17:49.0214 2152  RasAcd - ok
19:17:49.0214 2152  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
19:17:49.0245 2152  RasAgileVpn - ok
19:17:49.0245 2152  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
19:17:49.0261 2152  RasAuto - ok
19:17:49.0277 2152  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
19:17:49.0292 2152  Rasl2tp - ok
19:17:49.0308 2152  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:17:49.0323 2152  RasMan - ok
19:17:49.0323 2152  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:17:49.0355 2152  RasPppoe - ok
19:17:49.0355 2152  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
19:17:49.0386 2152  RasSstp - ok
19:17:49.0386 2152  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
19:17:49.0417 2152  rdbss - ok
19:17:49.0417 2152  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:17:49.0433 2152  rdpbus - ok
19:17:49.0433 2152  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:17:49.0448 2152  RDPCDD - ok
19:17:49.0448 2152  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:17:49.0479 2152  RDPENCDD - ok
19:17:49.0479 2152  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:17:49.0511 2152  RDPREFMP - ok
19:17:49.0511 2152  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:17:49.0511 2152  RdpVideoMiniport - ok
19:17:49.0526 2152  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
19:17:49.0526 2152  RDPWD - ok
19:17:49.0542 2152  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:17:49.0542 2152  rdyboost - ok
19:17:49.0557 2152  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:17:49.0573 2152  RemoteAccess - ok
19:17:49.0573 2152  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:17:49.0604 2152  RemoteRegistry - ok
19:17:49.0604 2152  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo      C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:17:49.0651 2152  RichVideo ( UnsignedFile.Multi.Generic ) - warning
19:17:49.0651 2152  RichVideo - detected UnsignedFile.Multi.Generic (1)
19:17:49.0651 2152  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:17:49.0667 2152  RpcEptMapper - ok
19:17:49.0682 2152  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:17:49.0682 2152  RpcLocator - ok
19:17:49.0698 2152  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
19:17:49.0713 2152  RpcSs - ok
19:17:49.0713 2152  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:17:49.0745 2152  rspndr - ok
19:17:49.0745 2152  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
19:17:49.0760 2152  RTL8167 - ok
19:17:49.0776 2152  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
19:17:49.0776 2152  SamSs - ok
19:17:49.0776 2152  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:17:49.0791 2152  sbp2port - ok
19:17:49.0791 2152  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:17:49.0823 2152  SCardSvr - ok
19:17:49.0823 2152  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:17:49.0838 2152  scfilter - ok
19:17:49.0854 2152  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:17:49.0885 2152  Schedule - ok
19:17:49.0885 2152  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
19:17:49.0916 2152  SCPolicySvc - ok
19:17:49.0916 2152  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:17:49.0932 2152  SDRSVC - ok
19:17:49.0932 2152  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:17:49.0947 2152  secdrv - ok
19:17:49.0963 2152  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:17:49.0979 2152  seclogon - ok
19:17:49.0979 2152  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:17:50.0010 2152  SENS - ok
19:17:50.0010 2152  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:17:50.0025 2152  SensrSvc - ok
19:17:50.0025 2152  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
19:17:50.0025 2152  Serenum - ok
19:17:50.0025 2152  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:17:50.0041 2152  Serial - ok
19:17:50.0041 2152  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:17:50.0057 2152  sermouse - ok
19:17:50.0057 2152  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:17:50.0088 2152  SessionEnv - ok
19:17:50.0088 2152  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
19:17:50.0088 2152  sffdisk - ok
19:17:50.0103 2152  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:17:50.0103 2152  sffp_mmc - ok
19:17:50.0103 2152  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
19:17:50.0119 2152  sffp_sd - ok
19:17:50.0119 2152  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
19:17:50.0119 2152  sfloppy - ok
19:17:50.0135 2152  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:17:50.0150 2152  SharedAccess - ok
19:17:50.0166 2152  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:17:50.0197 2152  ShellHWDetection - ok
19:17:50.0197 2152  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:17:50.0197 2152  SiSRaid2 - ok
19:17:50.0197 2152  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:17:50.0213 2152  SiSRaid4 - ok
19:17:50.0213 2152  [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
19:17:50.0228 2152  SkypeUpdate - ok
19:17:50.0228 2152  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
19:17:50.0244 2152  Smb - ok
19:17:50.0259 2152  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:17:50.0259 2152  SNMPTRAP - ok
19:17:50.0275 2152  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
19:17:50.0275 2152  spldr - ok
19:17:50.0291 2152  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
19:17:50.0291 2152  Spooler - ok
19:17:50.0322 2152  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:17:50.0384 2152  sppsvc - ok
19:17:50.0384 2152  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
19:17:50.0400 2152  sppuinotify - ok
19:17:50.0415 2152  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
19:17:50.0431 2152  srv - ok
19:17:50.0431 2152  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:17:50.0447 2152  srv2 - ok
19:17:50.0447 2152  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:17:50.0462 2152  srvnet - ok
19:17:50.0462 2152  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
19:17:50.0478 2152  SSDPSRV - ok
19:17:50.0493 2152  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
19:17:50.0509 2152  SstpSvc - ok
19:17:50.0525 2152  [ 0887B293199AA2055888FABA989ED0A6 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:17:50.0525 2152  Stereo Service - ok
19:17:50.0540 2152  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:17:50.0540 2152  stexstor - ok
19:17:50.0556 2152  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:17:50.0571 2152  stisvc - ok
19:17:50.0571 2152  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:17:50.0571 2152  swenum - ok
19:17:50.0587 2152  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
19:17:50.0618 2152  swprv - ok
19:17:50.0618 2152  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
19:17:50.0649 2152  SysMain - ok
19:17:50.0665 2152  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:17:50.0665 2152  TabletInputService - ok
19:17:50.0681 2152  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
19:17:50.0696 2152  TapiSrv - ok
19:17:50.0696 2152  TBPanel - ok
19:17:50.0712 2152  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
19:17:50.0727 2152  TBS - ok
19:17:50.0743 2152  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
19:17:50.0774 2152  Tcpip - ok
19:17:50.0790 2152  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:17:50.0821 2152  TCPIP6 - ok
19:17:50.0821 2152  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:17:50.0837 2152  tcpipreg - ok
19:17:50.0837 2152  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:17:50.0852 2152  TDPIPE - ok
19:17:50.0852 2152  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
19:17:50.0852 2152  TDTCP - ok
19:17:50.0852 2152  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
19:17:50.0883 2152  tdx - ok
19:17:50.0883 2152  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:17:50.0899 2152  TermDD - ok
19:17:50.0899 2152  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
19:17:50.0930 2152  TermService - ok
19:17:50.0930 2152  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:17:50.0946 2152  Themes - ok
19:17:50.0946 2152  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
19:17:50.0977 2152  THREADORDER - ok
19:17:50.0977 2152  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:17:51.0008 2152  TrkWks - ok
19:17:51.0008 2152  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:17:51.0024 2152  TrustedInstaller - ok
19:17:51.0039 2152  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:17:51.0055 2152  tssecsrv - ok
19:17:51.0055 2152  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:17:51.0071 2152  TsUsbFlt - ok
19:17:51.0071 2152  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:17:51.0102 2152  tunnel - ok
19:17:51.0102 2152  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:17:51.0102 2152  uagp35 - ok
19:17:51.0117 2152  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:17:51.0133 2152  udfs - ok
19:17:51.0149 2152  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
19:17:51.0149 2152  UI0Detect - ok
19:17:51.0149 2152  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:17:51.0164 2152  uliagpkx - ok
19:17:51.0164 2152  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
19:17:51.0180 2152  umbus - ok
19:17:51.0180 2152  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:17:51.0180 2152  UmPass - ok
19:17:51.0195 2152  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:17:51.0211 2152  upnphost - ok
19:17:51.0227 2152  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
19:17:51.0227 2152  USBAAPL64 - ok
19:17:51.0227 2152  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:17:51.0242 2152  usbaudio - ok
19:17:51.0242 2152  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
19:17:51.0258 2152  usbccgp - ok
19:17:51.0258 2152  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:17:51.0273 2152  usbcir - ok
19:17:51.0273 2152  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
19:17:51.0273 2152  usbehci - ok
19:17:51.0273 2152  [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter      C:\Windows\system32\DRIVERS\usbfilter.sys
19:17:51.0289 2152  usbfilter - ok
19:17:51.0289 2152  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:17:51.0305 2152  usbhub - ok
19:17:51.0305 2152  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
19:17:51.0305 2152  usbohci - ok
19:17:51.0320 2152  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:17:51.0320 2152  usbprint - ok
19:17:51.0320 2152  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:17:51.0336 2152  USBSTOR - ok
19:17:51.0336 2152  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
19:17:51.0351 2152  usbuhci - ok
19:17:51.0351 2152  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:17:51.0367 2152  usbvideo - ok
19:17:51.0367 2152  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
19:17:51.0383 2152  UxSms - ok
19:17:51.0398 2152  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:17:51.0398 2152  VaultSvc - ok
19:17:51.0398 2152  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:17:51.0414 2152  vdrvroot - ok
19:17:51.0414 2152  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
19:17:51.0445 2152  vds - ok
19:17:51.0445 2152  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
19:17:51.0461 2152  vga - ok
19:17:51.0461 2152  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
19:17:51.0476 2152  VgaSave - ok
19:17:51.0492 2152  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
19:17:51.0492 2152  vhdmp - ok
19:17:51.0507 2152  [ DFDF7F9CAA50EE72A633EA4BBD65A557 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
19:17:51.0539 2152  VIAHdAudAddService - ok
19:17:51.0539 2152  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:17:51.0539 2152  viaide - ok
19:17:51.0539 2152  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:17:51.0554 2152  volmgr - ok
19:17:51.0554 2152  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
19:17:51.0570 2152  volmgrx - ok
19:17:51.0570 2152  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
19:17:51.0585 2152  volsnap - ok
19:17:51.0585 2152  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
19:17:51.0601 2152  vsmraid - ok
19:17:51.0617 2152  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
19:17:51.0648 2152  VSS - ok
19:17:51.0648 2152  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:17:51.0663 2152  vwifibus - ok
19:17:51.0663 2152  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
19:17:51.0695 2152  W32Time - ok
19:17:51.0695 2152  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:17:51.0710 2152  WacomPen - ok
19:17:51.0710 2152  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:17:51.0741 2152  WANARP - ok
19:17:51.0741 2152  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:17:51.0757 2152  Wanarpv6 - ok
19:17:51.0773 2152  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:17:51.0788 2152  wbengine - ok
19:17:51.0804 2152  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:17:51.0819 2152  WbioSrvc - ok
19:17:51.0819 2152  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
19:17:51.0835 2152  wcncsvc - ok
19:17:51.0835 2152  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:17:51.0851 2152  WcsPlugInService - ok
19:17:51.0851 2152  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:17:51.0851 2152  Wd - ok
19:17:51.0866 2152  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:17:51.0882 2152  Wdf01000 - ok
19:17:51.0882 2152  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:17:51.0897 2152  WdiServiceHost - ok
19:17:51.0897 2152  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
19:17:51.0913 2152  WdiSystemHost - ok
19:17:51.0913 2152  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
19:17:51.0929 2152  WebClient - ok
19:17:51.0929 2152  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:17:51.0960 2152  Wecsvc - ok
19:17:51.0960 2152  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
19:17:51.0991 2152  wercplsupport - ok
19:17:51.0991 2152  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:17:52.0022 2152  WerSvc - ok
19:17:52.0022 2152  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:17:52.0038 2152  WfpLwf - ok
19:17:52.0053 2152  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:17:52.0053 2152  WIMMount - ok
19:17:52.0053 2152  WinDefend - ok
19:17:52.0069 2152  WinHttpAutoProxySvc - ok
19:17:52.0069 2152  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
19:17:52.0100 2152  Winmgmt - ok
19:17:52.0116 2152  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
19:17:52.0147 2152  WinRM - ok
19:17:52.0163 2152  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
19:17:52.0178 2152  Wlansvc - ok
19:17:52.0194 2152  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
19:17:52.0194 2152  WmiAcpi - ok
19:17:52.0194 2152  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:17:52.0209 2152  wmiApSrv - ok
19:17:52.0209 2152  WMPNetworkSvc - ok
19:17:52.0209 2152  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:17:52.0225 2152  WPCSvc - ok
19:17:52.0225 2152  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:17:52.0241 2152  WPDBusEnum - ok
19:17:52.0241 2152  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
19:17:52.0272 2152  ws2ifsl - ok
19:17:52.0272 2152  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:17:52.0287 2152  wscsvc - ok
19:17:52.0287 2152  WSearch - ok
19:17:52.0303 2152  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:17:52.0350 2152  wuauserv - ok
19:17:52.0350 2152  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:17:52.0350 2152  WudfPf - ok
19:17:52.0365 2152  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:17:52.0365 2152  WUDFRd - ok
19:17:52.0365 2152  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
19:17:52.0381 2152  wudfsvc - ok
19:17:52.0381 2152  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc        C:\Windows\System32\wwansvc.dll
19:17:52.0397 2152  WwanSvc - ok
19:17:52.0397 2152  ================ Scan global ===============================
19:17:52.0397 2152  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:17:52.0397 2152  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:17:52.0412 2152  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:17:52.0412 2152  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:17:52.0412 2152  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:17:52.0412 2152  [Global] - ok
19:17:52.0412 2152  ================ Scan MBR ==================================
19:17:52.0428 2152  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:17:52.0615 2152  \Device\Harddisk0\DR0 - ok
19:17:52.0615 2152  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:17:52.0662 2152  \Device\Harddisk1\DR1 - ok
19:17:52.0662 2152  ================ Scan VBR ==================================
19:17:52.0677 2152  [ BACA81D0230C6E82AA481971D339B887 ] \Device\Harddisk0\DR0\Partition1
19:17:52.0677 2152  \Device\Harddisk0\DR0\Partition1 - ok
19:17:52.0677 2152  [ 9845EE601832994A614542A813A149FE ] \Device\Harddisk0\DR0\Partition2
19:17:52.0677 2152  \Device\Harddisk0\DR0\Partition2 - ok
19:17:52.0677 2152  [ 12A12E0745C00C26FC0774722069AECD ] \Device\Harddisk1\DR1\Partition1
19:17:52.0677 2152  \Device\Harddisk1\DR1\Partition1 - ok
19:17:52.0677 2152  ============================================================
19:17:52.0677 2152  Scan finished
19:17:52.0677 2152  ============================================================
19:17:52.0693 4428  Detected object count: 2
19:17:52.0693 4428  Actual detected object count: 2
19:18:32.0037 4428  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:18:32.0037 4428  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:18:32.0053 4428  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
19:18:32.0053 4428  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 16.06.2013 18:20
Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Sa1366 16.06.2013 18:32
bitte schön

Code:
ComboFix 13-06-15.01 - Sa 16.06.2013  19:25:39.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.12286.9065 [GMT 2:00]
ausgeführt von:: c:\users\Sa\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-16 bis 2013-06-16  ))))))))))))))))))))))))))))))
.
.
2013-06-16 17:28 . 2013-06-16 17:28        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-06-16 17:28 . 2013-06-16 17:28        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-16 16:47 . 2013-05-12 21:37        9460464        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01F52F7C-57D9-46ED-BAD5-E1ABB354D035}\mpengine.dll
2013-06-14 19:14 . 2013-06-12 15:20        964552        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-14 19:14 . 2013-06-12 15:20        964552        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{352CC57E-2247-472D-9DB3-4FC4BB9080F4}\gapaengine.dll
2013-06-14 19:14 . 2013-05-12 21:37        9460464        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-12 18:48 . 2004-02-26 22:00        962612        ----a-w-        c:\windows\SysWow64\mfc42d.dll
2013-06-12 18:48 . 2004-02-16 22:00        434252        ----a-w-        c:\windows\SysWow64\MSVCRTD.DLL
2013-06-12 18:48 . 2009-04-06 13:24        13368        ----a-w-        c:\windows\SysWow64\drivers\AsIO.sys
2013-06-12 18:48 . 2006-01-10 14:50        24576        ----a-w-        c:\windows\SysWow64\AsIO.dll
2013-06-12 18:48 . 2013-06-12 18:48        --------        d-----w-        c:\program files (x86)\ASUS
2013-06-12 18:48 . 2008-01-04 11:34        11832        ----a-w-        c:\windows\SysWow64\drivers\AsInsHelp64.sys
2013-06-12 18:48 . 2008-01-04 11:34        10216        ----a-w-        c:\windows\SysWow64\drivers\AsInsHelp32.sys
2013-06-12 18:17 . 2013-06-12 18:17        --------        d-----w-        c:\users\Sa\AppData\Roaming\Malwarebytes
2013-06-12 18:17 . 2013-06-12 18:17        --------        d-----w-        c:\programdata\Malwarebytes
2013-06-12 18:17 . 2013-06-12 18:17        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-12 18:17 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-06-12 15:13 . 2013-06-12 15:13        --------        d-----w-        c:\program files (x86)\Microsoft Security Client
2013-06-12 15:13 . 2013-06-12 15:13        --------        d-----w-        c:\program files\Microsoft Security Client
2013-06-12 15:07 . 2013-06-08 12:28        2706432        ----a-w-        c:\windows\system32\mshtml.tlb
2013-06-12 13:04 . 2013-05-08 06:39        1910632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-06-11 09:43 . 2013-05-13 06:37        9460464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6276DCD-2124-48EF-A38F-E3889DF144E8}\mpengine.dll
2013-06-06 18:09 . 2013-06-06 18:09        --------        d-----w-        c:\program files\iPod
2013-06-06 18:09 . 2013-06-06 18:09        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-06 18:09 . 2013-06-06 18:09        --------        d-----w-        c:\program files\iTunes
2013-06-05 21:18 . 2013-06-05 21:18        --------        d-----w-        c:\users\Sa\AppData\Roaming\thriXXX
2013-06-04 09:10 . 2013-06-04 09:10        --------        d-----w-        c:\program files (x86)\Samsung SSD Magician
2013-05-29 12:25 . 2013-06-12 13:39        --------        d-----w-        c:\users\Sa\AppData\Roaming\dvdcss
2013-05-28 10:15 . 2013-06-16 16:53        --------        d-----w-        c:\users\Sa\AppData\Roaming\vlc
2013-05-24 08:48 . 2013-05-24 08:48        --------        d-----w-        c:\users\Sa\AppData\Local\NVIDIA
2013-05-22 18:21 . 2013-05-24 10:47        --------        d-----w-        c:\users\Sa\AppData\Roaming\LumacDaemon
2013-05-22 18:21 . 2013-05-22 18:21        --------        d-----w-        c:\users\Sa\AppData\Local\Firstload
2013-05-22 18:21 . 2013-05-22 18:21        --------        d-----w-        c:\program files (x86)\VideoLAN
2013-05-21 17:58 . 2013-05-21 17:58        --------        d-----w-        c:\users\Sa\Cyberlink
2013-05-18 10:32 . 2013-05-18 10:32        --------        d-----w-        c:\users\Sa\fontconfig
2013-05-18 10:32 . 2013-05-18 10:44        --------        d-----w-        c:\program files (x86)\PS3 Media Server
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 15:09 . 2013-05-11 17:23        75825640        ----a-w-        c:\windows\system32\MRT.exe
2013-05-21 12:26 . 2013-05-12 00:23        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-21 12:26 . 2013-05-12 00:23        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-13 18:33 . 2013-05-13 18:33        98304        ----a-w-        c:\windows\SysWow64\CmdLineExt.dll
2013-05-13 12:24 . 2013-05-12 18:16        499712        ----a-w-        c:\windows\SysWow64\msvcp71.dll
2013-05-13 12:24 . 2013-05-12 18:16        348160        ----a-w-        c:\windows\SysWow64\msvcr71.dll
2013-05-13 12:24 . 2013-05-12 18:16        29480        ----a-w-        c:\windows\SysWow64\msxml3a.dll
2013-05-12 21:42 . 2013-05-11 16:06        61216        ----a-w-        c:\windows\system32\OpenCL.dll
2013-05-12 21:42 . 2013-05-11 16:06        53024        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2013-05-12 21:42 . 2013-02-25 22:32        2597344        ----a-w-        c:\windows\SysWow64\nvapi.dll
2013-05-12 21:42 . 2013-02-25 22:32        2935696        ----a-w-        c:\windows\system32\nvapi64.dll
2013-05-12 21:42 . 2013-02-25 22:32        1059560        ----a-w-        c:\windows\system32\nvumdshimx.dll
2013-05-12 21:42 . 2013-02-25 22:32        15910736        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2013-05-12 20:34 . 2013-05-11 16:06        6491936        ----a-w-        c:\windows\system32\nvcpl.dll
2013-05-12 20:34 . 2013-05-11 16:06        3514656        ----a-w-        c:\windows\system32\nvsvc64.dll
2013-05-12 20:34 . 2013-05-11 16:06        884512        ----a-w-        c:\windows\system32\nvvsvc.exe
2013-05-12 20:34 . 2013-05-11 16:06        63776        ----a-w-        c:\windows\system32\nvshext.dll
2013-05-12 20:34 . 2013-05-11 16:06        2555680        ----a-w-        c:\windows\system32\nvsvcr.dll
2013-05-12 20:34 . 2013-05-11 16:06        237856        ----a-w-        c:\windows\system32\nvmctray.dll
2013-05-12 18:21 . 2013-05-12 18:19        16384        ----a-w-        c:\windows\SysWow64\lgfwunis.exe
2013-05-12 18:00 . 2013-05-12 18:00        97280        ----a-w-        c:\windows\system32\mshtmled.dll
2013-05-12 18:00 . 2013-05-12 18:00        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-05-12 18:00 . 2013-05-12 18:00        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-05-12 18:00 . 2013-05-12 18:00        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-05-12 18:00 . 2013-05-12 18:00        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-05-12 18:00 . 2013-05-12 18:00        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-05-12 18:00 . 2013-05-12 18:00        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-12 18:00 . 2013-05-12 18:00        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-05-12 18:00 . 2013-05-12 18:00        62976        ----a-w-        c:\windows\system32\pngfilt.dll
2013-05-12 18:00 . 2013-05-12 18:00        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-05-12 18:00 . 2013-05-12 18:00        599552        ----a-w-        c:\windows\system32\vbscript.dll
2013-05-12 18:00 . 2013-05-12 18:00        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-05-12 18:00 . 2013-05-12 18:00        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-05-12 18:00 . 2013-05-12 18:00        51200        ----a-w-        c:\windows\system32\imgutil.dll
2013-05-12 18:00 . 2013-05-12 18:00        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-05-12 18:00 . 2013-05-12 18:00        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-05-12 18:00 . 2013-05-12 18:00        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-05-12 18:00 . 2013-05-12 18:00        441856        ----a-w-        c:\windows\system32\html.iec
2013-05-12 18:00 . 2013-05-12 18:00        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-05-12 18:00 . 2013-05-12 18:00        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-05-12 18:00 . 2013-05-12 18:00        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-05-12 18:00 . 2013-05-12 18:00        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-05-12 18:00 . 2013-05-12 18:00        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-05-12 18:00 . 2013-05-12 18:00        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-05-12 18:00 . 2013-05-12 18:00        235008        ----a-w-        c:\windows\system32\url.dll
2013-05-12 18:00 . 2013-05-12 18:00        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-05-12 18:00 . 2013-05-12 18:00        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-05-12 18:00 . 2013-05-12 18:00        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-05-12 18:00 . 2013-05-12 18:00        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-05-12 18:00 . 2013-05-12 18:00        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-05-12 18:00 . 2013-05-12 18:00        173568        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-05-12 18:00 . 2013-05-12 18:00        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-05-12 18:00 . 2013-05-12 18:00        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-05-12 18:00 . 2013-05-12 18:00        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-05-12 18:00 . 2013-05-12 18:00        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-05-12 18:00 . 2013-05-12 18:00        149504        ----a-w-        c:\windows\system32\occache.dll
2013-05-12 18:00 . 2013-05-12 18:00        144896        ----a-w-        c:\windows\system32\wextract.exe
2013-05-12 18:00 . 2013-05-12 18:00        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-05-12 18:00 . 2013-05-12 18:00        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-05-12 18:00 . 2013-05-12 18:00        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-05-12 18:00 . 2013-05-12 18:00        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-05-12 18:00 . 2013-05-12 18:00        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-05-12 18:00 . 2013-05-12 18:00        136192        ----a-w-        c:\windows\system32\iepeers.dll
2013-05-12 18:00 . 2013-05-12 18:00        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-05-12 18:00 . 2013-05-12 18:00        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-05-12 18:00 . 2013-05-12 18:00        12800        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-05-12 18:00 . 2013-05-12 18:00        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-05-12 18:00 . 2013-05-12 18:00        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-12 18:00 . 2013-05-12 18:00        102912        ----a-w-        c:\windows\system32\inseng.dll
2013-05-12 13:43 . 2013-05-12 13:43        566048        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2013-05-12 10:06 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2013-05-12 10:06 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2013-05-12 00:20 . 2013-05-12 00:20        108448        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2013-05-12 00:20 . 2013-05-12 00:20        971680        ----a-w-        c:\windows\system32\deployJava1.dll
2013-05-12 00:20 . 2013-05-12 00:20        311200        ----a-w-        c:\windows\system32\javaws.exe
2013-05-12 00:20 . 2013-05-12 00:20        1092512        ----a-w-        c:\windows\system32\npDeployJava1.dll
2013-05-12 00:20 . 2013-05-12 00:20        188832        ----a-w-        c:\windows\system32\javaw.exe
2013-05-12 00:20 . 2013-05-12 00:20        188320        ----a-w-        c:\windows\system32\java.exe
2013-05-08 14:13 . 2013-05-11 16:06        3165737        ----a-w-        c:\windows\system32\nvcoproc.bin
2013-05-02 15:29 . 2013-05-11 16:03        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-29 18:00 . 2013-05-12 10:44        127488        ----a-w-        c:\windows\system32\ff_vfw.dll
2013-04-13 05:49 . 2013-05-15 10:44        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:44        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:44        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:44        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:44        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:44        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-05-11 16:06        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 10:44        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 10:44        983400        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 10:44        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-03-19 06:04 . 2013-05-11 15:59        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 05:53 . 2013-05-15 10:44        48640        ----a-w-        c:\windows\system32\wwanprotdim.dll
2013-03-19 05:53 . 2013-05-15 10:44        230400        ----a-w-        c:\windows\system32\wwansvc.dll
2013-03-19 05:46 . 2013-05-11 15:59        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-05-11 15:59        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-05-11 15:59        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-05-11 15:59        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-05-11 15:59        112640        ----a-w-        c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2010-09-02 2181744]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2013-05-12 27760]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-08-27 78352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\Sa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung Magician.exe  /AUTOHIDE [2013-6-4 2952096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/05/13 14:26;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 44148450
*NewlyCreated* - PXLDYPOC
*Deregistered* - 44148450
*Deregistered* - CLKMDRV10_38F51D56
*Deregistered* - pxldypoc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-16  19:29:10
ComboFix-quarantined-files.txt  2013-06-16 17:29
.
Vor Suchlauf: 8 Verzeichnis(se), 52.990.156.800 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 52.936.118.272 Bytes frei
.
- - End Of File - - 1FD91A13AC5AD3CFA009902F81964A59
D41D8CD98F00B204E9800998ECF8427E

markusg 16.06.2013 18:34
gibt es malwarebytes logs mit Funden? dann mal bitte posten:
http://www.trojaner-board.de/125889-...en-posten.html

Sa1366 16.06.2013 18:40
Nein, laut Log ist alles frei von Infizierungen.

Microsoft Security Essentials hat ebenfalls nichts gemeldet. Habe aber bei dem Programm auch noch keine Log-Dateien gefunden.

markusg 16.06.2013 18:42
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Sa1366 16.06.2013 18:56
und weiter gehts

Code:
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        21.05.2013        6,00MB        11.7.700.202                            benötigt
Adobe Reader XI (11.0.03) - Deutsch        Adobe Systems Incorporated        15.05.2013        134MB        11.0.03                          benötigt
AIDA64 Extreme Edition v2.85        FinalWire Ltd.        11.05.2013        26,6MB        2.85                                                    unnötig
Apple Application Support        Apple Inc.        18.05.2013        64,7MB        2.3.4                                                    benötigt
Apple Mobile Device Support        Apple Inc.        12.05.2013        25,2MB        6.1.0.13                                                benötigt
Apple Software Update        Apple Inc.        12.05.2013        2,38MB        2.1.3.127                                                        benötigt
ATI Catalyst Install Manager        ATI Technologies, Inc.        11.05.2013        22,1MB        3.0.765.0                                        benötigt 
Bonjour        Apple Inc.        12.05.2013        2,04MB        3.0.0.10                                                                        benötigt
CCleaner        Piriform        23.04.2013                4.01                                                                    benötigt
Cool & Quiet                12.06.2013                                                                                                benötigt
CyberLink PowerDVD 10        CyberLink Corp.        13.05.2013        246MB        10.0.4508.52                                                    benötigt
EXPERTool 7.13        Gainward Co., Ltd        11.05.2013        11,1MB                                                                        benötigt
Free Video Dub version 2.0.18.430        DVDVideoSoft Ltd.        13.05.2013        65,7MB        2.0.18.430                              benötigt
FUSSBALL MANAGER 11        Electronic Arts        13.05.2013                1.0.0.3                                                          unnötig
iTunes        Apple Inc.        06.06.2013        187MB        11.0.4.4                                                                        benötigt
Java 7 Update 21 (64-bit)        Oracle        12.05.2013        128MB        7.0.210                                                          benötigt
JDownloader 0.9        AppWork GmbH        12.05.2013                0.9                                                                      benötigt
K-Lite Codec Pack 9.9.0 (64-bit)                12.05.2013        45,6MB        9.9.0                                                    benötigt
LG Burning Tool        CyberLink Corp.        12.05.2013        121MB        6.2.6009                                                                benötigt
LG CyberLink BD Advisor        CyberLink Corp.        12.05.2013                2.0.4606                                                        benötigt
LG CyberLink LabelPrint        CyberLink Corp.        12.05.2013        57,3MB        2.5.3624                                                        benötigt
LG CyberLink Media Suite        CyberLink Corp.        12.05.2013        37,3MB        8.0.2820                                                benötigt
LG CyberLink MediaEspresso        CyberLink Corp.        12.05.2013        175MB        6.5.1622_37397b                                          benötigt
LG CyberLink MediaShow        CyberLink Corp.        12.05.2013        157MB        4.1.3402                                                        benötigt
LG CyberLink PowerProducer        CyberLink Corp.        12.05.2013        183MB        5.0.2.2820a                                              benötigt
LG CyberLink YouCam        CyberLink Corp.        12.05.2013        41,8MB        2.0.3718                                                        benötigt
LG Tool Kit                12.05.2013                10.01.0712.01                                                                    benötigt
LightScribe System Software        LightScribe        12.05.2013        25,1MB        1.18.22.2                                                benötigt
Malwarebytes Anti-Malware Version 1.75.0.1300        Malwarebytes Corporation        12.06.2013        19,2MB        1.75.0.1300              benötigt

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        11.05.2013        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        24.05.2013        2,93MB        4.0.30319
Microsoft .NET Framework 4 Extended        Microsoft Corporation        24.05.2013        51,9MB        4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        24.05.2013        10,6MB        4.0.30319
Microsoft LifeCam        Microsoft Corporation        12.05.2013        33,2MB        3.60.253.0
Microsoft Office Home and Student 2010        Microsoft Corporation        12.05.2013                14.0.6029.1000
Microsoft Security Essentials        Microsoft Corporation        12.06.2013                4.2.223.1
Microsoft Silverlight        Microsoft Corporation        13.05.2013        100MB        5.1.20125.0
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        12.05.2013        298KB        8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        11.05.2013        788KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        12.05.2013        788KB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        12.05.2013        594KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        12.05.2013        600KB        9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        06.06.2013        13,8MB        10.0.40219

Mozilla Firefox 21.0 (x86 de)        Mozilla        24.05.2013        44,5MB        21.0                                                              benötigt
Mozilla Maintenance Service        Mozilla        24.05.2013        333KB        21.0                                                              benötigt
NVIDIA 3D Vision Controller-Treiber 320.18        NVIDIA Corporation        24.05.2013                320.18                            unnötig
NVIDIA 3D Vision Treiber 320.18        NVIDIA Corporation        24.05.2013                320.18                                            unnötig
NVIDIA GeForce Experience 1.5        NVIDIA Corporation        24.05.2013                1.5                                              benötigt
NVIDIA Grafiktreiber 320.18        NVIDIA Corporation        24.05.2013                320.18                                            benötigt
NVIDIA HD-Audiotreiber 1.3.24.2        NVIDIA Corporation        24.05.2013                1.3.24.2                                          benötigt
NVIDIA PhysX-Systemsoftware 9.12.1031        NVIDIA Corporation        12.05.2013                9.12.1031                                benötigt
PS3 Media Server                18.05.2013                                                                                          benötigt
Realtek Ethernet Controller Driver For Windows 7        Realtek        11.05.2013                7.21.531.2010                            benötigt
Renesas Electronics USB 3.0 Host Controller Driver        Renesas Electronics Corporation        12.06.2013        1,02MB        2.0.32.0          benötigt
Samsung Magician        Samsung Electronics        04.06.2013        50,4MB        4.1.0                                                    benötigt
Sid Meier's Railroads!        Firaxis Games        13.05.2013                1.00                                                              unnötig
Skype™ 6.5        Skype Technologies S.A.        12.06.2013        21,9MB        6.5.158                                                          benötigt
VLC media player 2.0.6        VideoLAN        12.05.2013                2.0.6                                                            benötigt
VoiceOver Kit        Apple Inc.        12.05.2013        41,7MB        1.42.128.0                                                                benötigt
WinRAR 4.20 (64-Bit)        win.rar GmbH        11.05.2013                4.20.0                                                            benötigt
Xvid Video Codec        Xvid Team        13.05.2013                1.3.2                                                            benötigt
µTorrent        BitTorrent Inc.        12.05.2013                3.3.0.29609                                                              unnötig
Hinter den Microsoft updates habe ich mir den Kommentar gespart.

markusg 16.06.2013 19:02
deinstaliere:
AIDA64
FUSSBALL
Sid
µTorrent
Öffne CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Sa1366 16.06.2013 19:13
Hier das Ergebnis:

Code:
# AdwCleaner v2.303 - Datei am 16/06/2013 um 20:11:42 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Sa - SA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sa\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [712 octets] - [16/06/2013 20:11:42]

########## EOF - C:\AdwCleaner[S1].txt - [771 octets] ##########

markusg 17.06.2013 14:20
passt.
Hitmanpro laden:
HitmanPro - Download - Filepony

doppelklicken, scan klicken. nichts löschen, weiter klicken.
Log speichern und posten, bzw als xml exportieren packen und anhängen

Sa1366 17.06.2013 17:50
Hallo

Code:
HitmanPro 3.7.6.201
www.hitmanpro.com

  Computer name . . . . : SA-PC
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : Sa-PC\Sa
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2013-06-17 18:49:16
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 33s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 228

  Objects scanned . . . : 1.333.502
  Files scanned . . . . : 14.460
  Remnants scanned  . . : 354.350 files / 964.692 keys

Cookies _____________________________________________________________________

  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ad.360yield.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ad.dyntracker.de
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ad.yieldmanager.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ad.zanox.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ads.creative-serving.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ads.medialevel.co
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ads.naughtyreviews.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ads.p161.net
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:adtech.de
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:adultfriendfinder.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:advertising.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:apmebf.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:at.atwola.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:atdmt.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:bs.serving-sys.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:casalemedia.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:doubleclick.net
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:eas.apm.emediate.eu
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:exoclick.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:fastclick.net
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:fl01.ct2.comclick.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:freelifetimefuckbook.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:invitemedia.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:livejasmin.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:mediaplex.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:new.livejasmin.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:olympiaverlag.122.2o7.net
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:revsci.net
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ru4.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:serving-sys.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:sexad.net
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:smartadserver.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:track.adform.net
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:tradedoubler.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:tribalfusion.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ww251.smartadserver.com
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:www.etracker.de
  C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:www.freelifetimefuckbook.com

markusg 18.06.2013 15:00
sieht alles gut aus.
Wird noch was angezeigt, neues otl log bitte.

Sa1366 18.06.2013 18:42
Guten Abend Markus,

leider wird der Virus im Wartungscenter immer noch angezeigt :headbang:

hier ist das aktuelle OTL.log

Code:
OTL logfile created on: 18.06.2013 19:35:51 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Sa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 10,26 Gb Available Physical Memory | 85,48% Memory free
23,99 Gb Paging File | 22,24 Gb Available in Paging File | 92,69% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 49,06 Gb Free Space | 43,89% Space Free | Partition Type: NTFS
Drive D: | 931,41 Gb Total Space | 419,55 Gb Free Space | 45,04% Space Free | Partition Type: NTFS
Drive F: | 100,00 Mb Total Space | 71,75 Mb Free Space | 71,75% Space Free | Partition Type: NTFS
 
Computer Name: SA-PC | User Name: Sa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.16 15:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sa\Desktop\OTL.exe
PRC - [2013.05.24 14:38:46 | 002,952,096 | ---- | M] (Samsung Electronics.) -- C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.05.12 20:20:36 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.27 18:25:30 | 000,078,352 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2012.07.13 15:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.09.02 10:57:52 | 002,181,744 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe
PRC - [2009.12.15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.17 19:02:42 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Samsung SSD Magician\SAMSUNG_SSD.dll
MOD - [2013.01.28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013.01.28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011.03.04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011.03.04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009.12.15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.12.15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [1998.10.31 10:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\EXPERTool\TBManage.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.24 11:51:04 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.08.27 18:25:30 | 000,243,728 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.12.13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010.12.10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.10.07 12:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.07 12:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 41 A7 B3 60 4E CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.05.11 18:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sa\AppData\Roaming\mozilla\Extensions
[2013.05.24 11:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.24 11:51:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.06.16 19:28:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Sa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8AF9D13-C41E-4118-BB70-7512C0AB5B39}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.17 18:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.06.17 18:48:21 | 009,833,328 | ---- | C] (SurfRight B.V.) -- C:\Users\Sa\Desktop\HitmanPro_x64.exe
[2013.06.16 19:31:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.16 19:29:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.16 19:24:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.16 19:24:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.16 19:24:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.16 19:24:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.16 19:24:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.16 19:22:55 | 005,080,151 | R--- | C] (Swearware) -- C:\Users\Sa\Desktop\ComboFix.exe
[2013.06.16 19:15:30 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sa\Desktop\tdsskiller.exe
[2013.06.16 15:55:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sa\Desktop\OTL.exe
[2013.06.12 20:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2013.06.12 20:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2013.06.12 20:17:26 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\Malwarebytes
[2013.06.12 20:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.12 20:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.12 20:17:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.12 20:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.12 17:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013.06.12 17:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013.06.11 16:23:38 | 000,000,000 | --SD | C] -- C:\Users\Sa\Documents\Passwords Database
[2013.06.06 20:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.06 20:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.06 20:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.06 20:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.06.05 23:18:32 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\thriXXX
[2013.06.04 11:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician
[2013.06.04 11:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung SSD Magician
[2013.05.29 14:25:41 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\dvdcss
[2013.05.28 12:15:31 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\vlc
[2013.05.28 12:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.05.24 11:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.24 10:48:29 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Local\NVIDIA
[2013.05.22 20:21:45 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\LumacDaemon
[2013.05.22 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Local\Firstload
[2013.05.22 20:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.05.21 19:58:48 | 000,000,000 | ---D | C] -- C:\Users\Sa\Cyberlink
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.18 19:34:22 | 001,640,712 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.18 19:34:22 | 000,711,206 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.18 19:34:22 | 000,656,234 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.18 19:34:22 | 000,152,478 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.18 19:34:22 | 000,124,974 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.18 19:29:47 | 000,000,344 | ---- | M] () -- C:\Windows\lgfwup.ini
[2013.06.18 19:29:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.18 19:29:28 | 1072,295,934 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.17 18:53:54 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.17 18:53:54 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.17 18:48:16 | 009,833,328 | ---- | M] (SurfRight B.V.) -- C:\Users\Sa\Desktop\HitmanPro_x64.exe
[2013.06.16 20:04:46 | 000,648,201 | ---- | M] () -- C:\Users\Sa\Desktop\adwcleaner.exe
[2013.06.16 19:28:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.16 19:22:43 | 005,080,151 | R--- | M] (Swearware) -- C:\Users\Sa\Desktop\ComboFix.exe
[2013.06.16 19:15:12 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sa\Desktop\tdsskiller.exe
[2013.06.16 18:13:20 | 000,000,000 | ---- | M] () -- C:\Users\Sa\defogger_reenable
[2013.06.16 15:54:28 | 000,050,477 | ---- | M] () -- C:\Users\Sa\Desktop\Defogger.exe
[2013.06.16 15:54:18 | 000,377,856 | ---- | M] () -- C:\Users\Sa\Desktop\gmer_2.1.19163.exe
[2013.06.16 15:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sa\Desktop\OTL.exe
[2013.06.12 20:17:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.12 17:13:17 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.06.12 17:08:37 | 001,617,670 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.12 15:30:38 | 000,543,333 | ---- | M] () -- C:\Users\Sa\Desktop\gutschein.pdf
[2013.06.06 20:09:32 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.04 11:10:26 | 000,001,193 | ---- | M] () -- C:\Users\Sa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
[2013.06.04 11:10:26 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Magician.lnk
[2013.05.28 12:15:27 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.24 10:46:52 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.21 20:13:16 | 000,003,584 | ---- | M] () -- C:\Users\Sa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2013.06.16 20:04:54 | 000,648,201 | ---- | C] () -- C:\Users\Sa\Desktop\adwcleaner.exe
[2013.06.16 19:24:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.16 19:24:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.16 19:24:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.16 19:24:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.16 19:24:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.16 18:13:20 | 000,000,000 | ---- | C] () -- C:\Users\Sa\defogger_reenable
[2013.06.16 15:54:55 | 000,377,856 | ---- | C] () -- C:\Users\Sa\Desktop\gmer_2.1.19163.exe
[2013.06.16 15:54:46 | 000,050,477 | ---- | C] () -- C:\Users\Sa\Desktop\Defogger.exe
[2013.06.12 20:48:37 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2013.06.12 20:48:37 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013.06.12 20:48:36 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013.06.12 20:48:36 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013.06.12 20:17:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.12 17:13:17 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013.06.12 17:13:11 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013.06.12 15:30:38 | 000,543,333 | ---- | C] () -- C:\Users\Sa\Desktop\gutschein.pdf
[2013.06.06 20:09:32 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.28 12:15:27 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.24 10:46:52 | 000,001,351 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.24 10:44:30 | 001,617,670 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.05.21 20:13:16 | 000,003,584 | ---- | C] () -- C:\Users\Sa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.13 13:39:42 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.05.13 13:39:42 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.05.12 20:19:47 | 000,000,344 | ---- | C] () -- C:\Windows\lgfwup.ini
[2013.05.11 17:43:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.05.11 17:43:52 | 000,029,940 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.13 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\Sa\AppData\Roaming\DVDVideoSoft
[2013.05.24 12:47:18 | 000,000,000 | ---D | M] -- C:\Users\Sa\AppData\Roaming\LumacDaemon
[2013.06.05 23:18:32 | 000,000,000 | ---D | M] -- C:\Users\Sa\AppData\Roaming\thriXXX
[2013.06.16 20:09:26 | 000,000,000 | ---D | M] -- C:\Users\Sa\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >

markusg 18.06.2013 20:05
Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.

Sa1366 19.06.2013 18:40
Hi Markus,

hier das Log

Code:
All processes killed
========== OTL ==========
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Sa
->Temp folder emptied: 14109503 bytes
->Temporary Internet Files folder emptied: 4261651 bytes
->FireFox cache emptied: 384546864 bytes
->Flash cache emptied: 5210 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36604 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287547 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 425,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06192013_192220

Files\Folders moved on Reboot...
C:\Users\Sa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FXSTIFFDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Der Virus wird jetzt auch nicht mehr im Wartungscenter angezeigt! :applaus::applaus:
Firefox und IE sind ohne Toolbars und auch der Ordner aus meinem Eingangspost kommt jetzt ohne Runtime Error aus. Alles andere läuft wie gewohnt problemlos.

Boah, vielen Dank, ohne deine Step by Step-Hilfe hätte ich das nicht geschafft

markusg 19.06.2013 18:43
Kein Prob
öffne otl, bereinigen, PC startet neu, Remover werden gelöscht.
Lösche übrig gebliebene Logs, Remover, von uns verwendete Programme.
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
http://support.google.com/chrome/bin...&answer=118663
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

Sa1366 19.06.2013 19:15
So, hab die Hilfsprogramme und Log-Dateien deinstalliert. Windows Update ist aktuell, als optionale Updates werden mir jetzt Microsoft Security Essentials und Bing Desktop angezeigt.

MSE habe ich gerade deinstalliert und würde dafür jetzt Avast nutzen wollen. Den Bing Desktop würde ich dafür gerne weglassen, hatte ich schonmal und gefällt mir nicht.

Als Standard-Browser benutze ich im Moment Firefox 21.0

markusg 19.06.2013 19:20
Hi, bing über window supdate, optionam, ausblenden.
chrome sollte schneller sein, bietet auch mehr Sicherheit.
adblock für chrome:
http://filepony.de/download-adblock_chrome/
damit sollte das leben werbefreier von statten gehen.
ghostery um tracking zu verhindern:
http://filepony.de/download-ghostery_chrome/
HTTPS Everywhere
https://chrome.google.com/webstore/d...jekcdonpmejbdp
wählt, wenn möglich, eine sichere Verbindung
sicher surfen mit chrome:
Sicher surfen mit Google Chrome | Verbraucher sicher online



nich wundern, bin ab morgen für ne Woche im Urlaub

Sa1366 19.06.2013 19:51
Ok, Avast und Chrome plus die von dir vorgeschlagenen add-ons habe ich erstmal installiert. Werde mich jetzt nach und nach an die Anleitung für Win 7 halten und die einzelnen Schritte abarbeiten. Wenn ich ein Problem habe, poste ich das hier.

Ansonsten wünsche ich erstmal einen angenehmen Urlaub und man liest sich danach dann wieder.

:dankeschoen:

markusg 19.06.2013 21:21
Ja, danke dir :-)


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131