Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Befall mehrer Rechner eines Haushalts mit multiplen Trojanern

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.11.2012, 18:20   #1
nicnacs
 
Befall mehrer Rechner eines Haushalts mit multiplen Trojanern - Standard

Befall mehrer Rechner eines Haushalts mit multiplen Trojanern



Hallo,
wie der Betreff bereits beschreibt sind 2 Rechner (Laptop sowie stationärer Desktop) meines Vaters mit multiplen Trojanern befallen. Da es sich bei den Rechnern um teilweise die selben Trojaner handelt, wollte ich nach bereits hier im Forum positiv gemachter Erfahrungen, fragen wie am besten weiter vorzugehen ist. Mein Vater benutzt die Bezahlversion von antivir und wie ich heute feststellen musste sind bei den Funden bereits äußerst alte Einträge vorhanden. Primäre wollte ich euch egtl die Funde Aviras posten, allerdings wurden die Berichte bereits durch feherlhafte einstellungen gelöscht. Kenne mich in Eurem Forum bereits ein wenig aus und habe jetzt erst mal den OTL durchlaufen lassen und poste daher erst mal diese LOGS. Meiner Ansicht nach komme ich wohl um ein Neuaufsetzen beider Systeme nicht herum, aber vielleicht könnt Ihr kurz mal drüber schauen. Vielen Dank im Voraus
Nach Avira handelt es sich bei dem stationären Pc Um die Trojaner:

Crypt.xpack.gen
dropper.gen


Auf dem Laptop findet man folgende sich nicht gut anhörende Trojaner:

Spy.banker.gen8
crypt.epack.gen2
spy.farko.eb
spy.agent.cfat.2
kazy.106845
dcpter.a
spy.agent.cfat3
psw.banker.0.42
kazy.106845.1
BHO.Aduoea.a
Rootkit.gen2
Agent.53248

Vielleicht sollte ich dazu sagen, dass ich auf das Problem meines Vaters aufmerksam wurde, als die Telekom mich in einer mail darauf hinwies, dass sie ,nach einer bereits vor einer Woche stattgefundenen Verwarnung, Port 25 geblockt habe, da man auf den Anschluss meines Vaters spam mailing feststellen konnte.
Ich als sein Sohn besitze zwar einige wenige IT-Kenntnisse, jedoch übersteigt der enorme Umfang der Funde meine Kompetenzen und ich hoffe, dass Ihr mir helfen/raten könnte, was als nächstes zu tun ist. Das Kreditkartenkonto wurde bereits auf fremde nicht bekannte Buchungen überprüft.

Hier die logfiles von OTL des stationären Rechners:

Code:
ATTFilter
OTL logfile created on: 17.11.2012 18:00:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,16 Gb Available Physical Memory | 69,32% Memory free
12,19 Gb Paging File | 10,17 Gb Available in Paging File | 83,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 363,24 Gb Free Space | 62,38% Space Free | Partition Type: NTFS
Drive D: | 13,84 Gb Total Space | 1,95 Gb Free Space | 14,07% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 533,94 Gb Free Space | 89,56% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 858,93 Gb Free Space | 92,21% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe (D-Link)
PRC - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\program files (x86)\avira\antivir desktop\sqlite3.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - c:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll ()
MOD - C:\Windows\SysWOW64\WlanApp.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UPnPService) -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\DRIVERS\avfwot.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys ()
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\DRIVERS\avfwim.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV - (avfwot) -- C:\Windows\SysWOW64\drivers\avfwot.sys (Avira GmbH)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (PCD5SRVC{8AAF211B-043E02A9-05040000}) -- C:\Programme\PC-Doctor for Windows\pcd5srvc_x64.pkms (PC-Doctor, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7C638C6B-5B27-4A85-83CB-40250D1E4AC4}
IE:64bit: - HKLM\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.15.1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.15.1.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.09.10 08:45:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.23 19:53:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.14 23:51:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.06.23 15:00:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2007.01.17 12:18:04 | 000,095,200 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.09.10 08:45:15 | 000,000,000 | ---D | M]
 
[2009.05.25 11:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.11.17 15:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7j1hx27n.default\extensions
[2012.09.10 13:01:25 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7j1hx27n.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.29 21:09:54 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7j1hx27n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.11.17 15:35:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\7j1hx27n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010.07.22 14:01:14 | 000,000,873 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\7j1hx27n.default\searchplugins\conduit.xml
[2010.02.18 22:08:53 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\7j1hx27n.default\searchplugins\icqplugin-1.xml
[2010.04.15 15:29:22 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\7j1hx27n.default\searchplugins\icqplugin-2.xml
[2011.03.02 22:53:56 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\7j1hx27n.default\searchplugins\icqplugin-3.xml
[2011.03.11 20:10:45 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\7j1hx27n.default\searchplugins\icqplugin-4.xml
[2011.03.25 18:24:38 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\7j1hx27n.default\searchplugins\icqplugin-5.xml
[2011.05.12 16:44:17 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\7j1hx27n.default\searchplugins\icqplugin-6.xml
[2011.06.23 23:37:36 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\7j1hx27n.default\searchplugins\icqplugin-7.xml
[2012.09.23 19:53:34 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\7j1hx27n.default\searchplugins\icqplugin-8.xml
[2008.07.10 12:19:06 | 000,000,944 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\7j1hx27n.default\searchplugins\icqplugin.xml
[2012.11.14 15:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.09 23:22:22 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.17 19:32:22 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.11.14 15:44:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.09.23 19:53:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007.03.02 14:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPAPIX.dll
[2007.01.17 12:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPFluxBrowserHelper.dll
[2007.09.07 15:25:50 | 000,103,064 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPMPDRM.dll
[2007.09.07 14:46:48 | 000,098,968 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPWMDRMWrapper.dll
[2012.09.23 19:53:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.23 19:53:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.23 19:53:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.23 19:53:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.23 19:53:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.23 19:53:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Active Process Information eXchange (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPAPIX.dll
CHR - plugin: fluxDVD (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
CHR - plugin: NPMPDRM License Acquisition Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPMPDRM.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: WMMPDRM License Acquisition Wrapper (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPWMDRMWrapper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_MarliesDekkers = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlehphlfahjiajcnjkcbdbehjcchkibb\2_0\
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE (Microsoft)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe (MAGIX AG)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] c:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{953C16C7-131A-4FEA-A0C2-7F1878B6EC2C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\fluxhttp - No CLSID value found
O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: E:\Eigene Bilder\4d9b5b3a-211597bf.bmp
O24 - Desktop BackupWallPaper: E:\Eigene Bilder\4d9b5b3a-211597bf.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{db977eea-9590-11df-9090-00248c2fe217}\Shell - "" = AutoRun
O33 - MountPoints2\{db977eea-9590-11df-9090-00248c2fe217}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.17 17:58:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.11.14 23:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.11.14 15:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.11.14 15:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.11.14 15:44:22 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.11.14 15:44:22 | 000,473,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.11.14 15:44:22 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.11.14 15:44:22 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.11.14 15:44:22 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.17 17:58:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.11.17 17:51:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.17 17:02:09 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.17 17:02:09 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.17 16:45:44 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.17 16:45:44 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.17 16:45:44 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.17 16:45:44 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.17 16:45:44 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.17 15:16:14 | 000,191,050 | ---- | M] () -- C:\Users\user\Documents\cc_20121117_151544.reg
[2012.11.17 15:11:24 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.17 15:02:41 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.17 15:02:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.14 23:51:02 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.11.14 15:44:38 | 000,002,655 | ---- | M] () -- C:\Users\user\Desktop\Microsoft Office Word 2007.lnk
[2012.11.14 15:44:11 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.11.14 15:44:11 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.11.14 15:44:11 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.11.14 15:44:10 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.11.14 15:44:10 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
 
========== Files Created - No Company Name ==========
 
[2012.11.17 15:15:46 | 000,191,050 | ---- | C] () -- C:\Users\user\Documents\cc_20121117_151544.reg
[2012.11.17 15:11:24 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.14 23:51:01 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.11.14 23:51:01 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.09.11 11:26:08 | 000,000,226 | ---- | C] () -- C:\Users\user\Goya.ini
[2012.09.11 10:21:53 | 000,000,074 | RHS- | C] () -- C:\Windows\ICMET20.BIN
[2012.09.11 10:15:47 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2012.09.11 10:13:19 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.09.10 08:41:23 | 000,241,119 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.03.12 17:10:56 | 001,217,260 | ---- | C] () -- C:\Users\user\AppData\Local\tmp12032011324.JPG
[2011.02.22 18:59:37 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010.11.02 23:22:15 | 000,271,790 | ---- | C] () -- C:\Users\user\AppData\Local\tmpDSC00350.5
[2010.11.02 23:22:07 | 000,268,041 | ---- | C] () -- C:\Users\user\AppData\Local\tmpDSC00350.4
[2010.11.02 23:22:04 | 000,271,758 | ---- | C] () -- C:\Users\user\AppData\Local\tmpDSC00350.3
[2010.11.02 23:21:59 | 000,268,015 | ---- | C] () -- C:\Users\user\AppData\Local\tmpDSC00350.2
[2010.11.02 23:21:54 | 000,275,270 | ---- | C] () -- C:\Users\user\AppData\Local\tmpDSC00350.JPG
[2010.11.02 23:21:23 | 000,270,199 | ---- | C] () -- C:\Users\user\AppData\Local\tmpDSC00350.1
[2010.11.02 23:21:06 | 000,986,936 | ---- | C] () -- C:\Users\user\AppData\Local\tmpDSC00350.0
[2010.06.05 21:15:10 | 000,257,132 | ---- | C] () -- C:\Users\user\AppData\Local\tmpCARLOTTA!!.JPG
[2010.06.05 21:15:09 | 000,259,730 | ---- | C] () -- C:\Users\user\AppData\Local\tmpCARLOTTA!!.0
[2010.05.30 20:31:39 | 000,279,419 | ---- | C] () -- C:\Users\user\AppData\Local\tmpCARLOTTA..JPG
[2010.05.30 20:30:38 | 000,271,661 | ---- | C] () -- C:\Users\user\AppData\Local\tmpCARLOTTA..1
[2010.05.30 20:30:30 | 000,994,002 | ---- | C] () -- C:\Users\user\AppData\Local\tmpCARLOTTA..0
[2010.05.30 20:30:09 | 001,063,675 | ---- | C] () -- C:\Users\user\AppData\Local\tmpDSC00336.0
[2010.05.30 20:30:09 | 000,295,128 | ---- | C] () -- C:\Users\user\AppData\Local\tmpDSC00336.JPG
[2010.04.28 17:26:36 | 000,006,489 | ---- | C] () -- C:\Users\user\AppData\Local\tmpHINTERGRUNDBILD DER WINDOWS-FOTOGALERIE_navi.JPG
[2010.04.28 17:26:22 | 000,069,107 | ---- | C] () -- C:\Users\user\AppData\Local\tmpHINTERGRUNDBILD DER WINDOWS-FOTOGALERIE.JPG
[2009.06.21 21:14:19 | 000,001,846 | ---- | C] () -- C:\Users\user\Mozilla Thunderbird.lnk
[2009.06.07 15:23:26 | 000,006,144 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.25 10:42:29 | 000,001,460 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps64.dat
[2009.02.04 20:50:37 | 000,107,908 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.02.04 20:12:38 | 000,130,112 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.02.05 04:27:54 | 012,897,792 | ---- | M] ()
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.02.05 04:27:55 | 011,580,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2008.01.21 03:48:44 | 000,890,368 | ---- | M] ()
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008.01.21 03:49:24 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 17.11.2012 18:00:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,16 Gb Available Physical Memory | 69,32% Memory free
12,19 Gb Paging File | 10,17 Gb Available in Paging File | 83,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 363,24 Gb Free Space | 62,38% Space Free | Partition Type: NTFS
Drive D: | 13,84 Gb Total Space | 1,95 Gb Free Space | 14,07% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 533,94 Gb Free Space | 89,56% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 858,93 Gb Free Space | 92,21% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009721EF-C6F2-480C-A134-D750109E4110}" = rport=445 | protocol=6 | dir=out | app=system | 
"{19F9B07E-DFAE-4DFE-B2F8-EFB4B124A9EC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1ADA3E23-0745-4A78-B12C-F3EFC5F91C31}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2D56AE65-E0E2-4D60-A04D-55493F898318}" = rport=137 | protocol=17 | dir=out | app=system | 
"{438225B8-56FA-4678-99B2-A8686A70363C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4747F2D0-627A-4484-B47C-3645EC7E9D17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{73D26702-7A70-4AA2-AA62-CA2C7918E3D5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8696F7BF-6866-4584-967F-EDBBAB2C1819}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8DC1FEC5-78F6-4579-99A2-7ED1791EE4DD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{95F3EEA6-3333-4021-BDEC-BCAD97DABE16}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B4612AA3-0EC1-4087-8C5A-88709B9B0A71}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F0B04FFF-F506-41F3-82F9-B6678A3B5087}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A8D823-C886-4129-898D-4C35F2178A28}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{230CE759-79A9-4A6C-9748-256BD3F8DF3D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{328A9371-0512-45E6-B643-2BBD09F6A06C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{33E2959F-E26C-44DF-AFA8-213306DA5BF8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{35E318B8-D6C5-4651-B300-0291A29DC4FD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{378D3EC9-391F-4B65-93D8-343E8F17E3D6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{3A1EDF64-14E0-47AF-A2B8-8FA139421005}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{47BE4519-A96E-47EC-BA8F-9911B9F41DBB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{4C8F10D7-D5E1-4855-829A-2BC076F6B7A2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{500CCE24-F335-48F6-9310-5C4F781E6C3E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{505A3B32-54EA-44F9-9B55-CAECCFD196A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{559010AB-F5FD-412B-A3E1-B6D2B11B5EF1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{6D643B4E-7465-41E2-846A-41E32913DF32}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{76EBFEE2-1840-44DF-A8F0-C6B4456480D7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7A9663BC-D9A5-49AE-8C80-AA1C6AEDA359}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{7F703856-E3D4-4187-A78A-7201817B355E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{85602831-0FBC-4799-9710-B09E5F8BD6CA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{89DC59E1-84FF-4A75-B6E0-04C7A9B6291E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{8B915CB9-0F64-4A76-B86E-41C0C73B1FC9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{A67895BD-FC71-4304-8D00-9FEC3E6DBDE6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{B1A5D0A3-853D-47FC-B083-663BC009E5D0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C18CF6E2-C757-4DFD-92DB-AF4E3329891C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{CB9F6505-09B1-4972-AD83-71B4F5AA523A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CDF387FF-B42A-47D2-ACF1-8ED48544CCFB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{D1D57619-2B34-4409-8AF1-A19FBE890D59}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{D359FEE5-AD1B-423C-ADEB-28FB0519ED8C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{D8AB1EFA-75D4-40EA-A97F-0298D22285B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E1E28181-D001-4D11-996B-C783EBFF3E55}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{E2E12B31-2453-4B9B-BE89-0F76DEA5E445}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{EA37BC71-6875-4518-ABF0-18377CF8EE39}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{FD69AF17-AEB4-465F-9C7A-E720A0A815D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"TCP Query User{24E41394-84B6-4DF0-9D74-7007D34CB240}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"PC-Doctor for Windows" = Hardware Diagnose Tools
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{580EC579-E476-469F-9EBF-F82D696FC67A}" = iClone SE
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CF3D8718-EF21-4408-AE38-A6DA98E1E2B6}" = LightScribe System Software  1.14.32.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link RangeBooster N DWA-140
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.23
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Premium Security Suite
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 5.0.3
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.9.29
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"GeoGebra" = GeoGebra
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"IrfanView" = IrfanView (remove only)
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.0.255 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.2
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX PC Visit D" = MAGIX PC Visit
"MAGIX Video deluxe 2008 PLUS D" = MAGIX Video deluxe 2008 PLUS 7.5.1.4 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.23.0 (D)
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.0.1.229 (D)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"pywin32-py2.6" = Python 2.6 pywin32-212
"Uninstall_is1" = Uninstall 1.0.0.1
"Videoload Manager" = Videoload Manager 2.0.2171
"VLC media player" = VLC media player 1.0.3
"WildTangent hp Master Uninstall" = My HP Games
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.96-7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.09.2012 02:38:24 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1231, Zeitstempel
 0x495b4616, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,  Prozess-ID 0xb18, Anwendungsstartzeit
 01cd917a48cf7fd7.
 
Error - 13.09.2012 02:38:42 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.09.2012 04:40:49 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.09.2012 02:32:26 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1231, Zeitstempel
 0x495b4616, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,  Prozess-ID 0x76c, Anwendungsstartzeit
 01cd97c2caa61838.
 
Error - 21.09.2012 02:32:59 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.09.2012 03:46:30 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1231, Zeitstempel
 0x495b4616, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,  Prozess-ID 0xa1c, Anwendungsstartzeit
 01cd989647d9e1a0.
 
Error - 22.09.2012 03:46:41 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.09.2012 06:57:30 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1231, Zeitstempel
 0x495b4616, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,  Prozess-ID 0x2f4, Anwendungsstartzeit
 01cd997a1e148ec3.
 
Error - 23.09.2012 06:57:56 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.09.2012 14:53:07 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.2.4182, Zeitstempel
 0x4df8638f, fehlerhaftes Modul NPSWF32_11_3_300_265.dll_unloaded, Version 0.0.0.0,
 Zeitstempel 0x4febd798, Ausnahmecode 0xc0000005, Fehleroffset 0x65e143b6,  Prozess-ID
 0x131c, Anwendungsstartzeit 01cd997c1639edb3.
 
[ OSession Events ]
Error - 08.06.2011 13:48:26 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 85
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.07.2010 08:31:15 | Computer Name = user-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 01.07.2010 08:31:22 | Computer Name = user-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 01.07.2010 08:31:27 | Computer Name = user-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 01.07.2010 08:33:11 | Computer Name = user-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 01.07.2010 08:33:11 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         

Alt 17.11.2012, 19:42   #2
ryder
/// TB-Ausbilder
 
Befall mehrer Rechner eines Haushalts mit multiplen Trojanern - Standard

Befall mehrer Rechner eines Haushalts mit multiplen Trojanern





Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.
Zitat:
Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
  • Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort).
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags). Nicht anhängen ausser ich fordere Dich dazu auf oder das Logfile ist zu gross. Erschwert mir nämlich das auswerten.
  • Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.
  • Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
  • Eine Bitte: Mache bitte solange mit, bis ich oder ein anderer Helfer dir mitteilt, dass du "sauber" bist. Das gebietet alleine schon die Höflichkeit und ein Verschwinden der Symptome bedeutet nicht, dass die Schädlinge auch wirklich alle entfernt wurden.
  • Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Wenn du das alles gelesen und verstanden hast, kannst du loslegen!
Schritt 1:
Laufwerksemulationen abschalten mit Defogger
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully ... Continue?" bestätige dies mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Poste bitte die defogger_disable.txt von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.
Schritt 2:
Scan mit aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
Schritt 3:
Scan mit dem TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke auf Change parameters, setze einen Haken bei Detect TDLFS file system und bestätige mit OK.
  • Drücke Start Scan
  • Warnung:
    Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 17.11.2012, 20:48   #3
nicnacs
 
Befall mehrer Rechner eines Haushalts mit multiplen Trojanern - Standard

Befall mehrer Rechner eines Haushalts mit multiplen Trojanern



Hallo, vorab schon mal Vielen Dank!

Hier die gewünschten Logfiles

ASWMR
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-17 20:26:05
-----------------------------
20:26:05.957    OS Version: Windows x64 6.0.6001 Service Pack 1
20:26:05.957    Number of processors: 4 586 0x1707
20:26:05.958    ComputerName: USER-PC  UserName: user
20:26:07.896    Initialize success
20:27:11.031    AVAST engine defs: 12111700
20:29:27.443    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:29:27.447    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
20:29:27.450    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
20:29:27.453    Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
20:29:27.465    Disk 0 MBR read successfully
20:29:27.467    Disk 0 MBR scan
20:29:27.471    Disk 0 unknown MBR code
20:29:27.474    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       596303 MB offset 63
20:29:27.502    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14174 MB offset 1221229170
20:29:27.542    Disk 0 scanning C:\Windows\system32\drivers
20:29:33.935    Service scanning
20:29:49.035    Modules scanning
20:29:49.042    Disk 0 trace - called modules:
20:29:49.059    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
20:29:49.063    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80061a34c0]
20:29:49.068    3 CLASSPNP.SYS[fffffa60011d1b3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005e4e050]
20:29:50.479    AVAST engine scan C:\
20:40:36.785    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
20:40:36.794    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
         
Defrogger


Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:24 on 17/11/2012 (user)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
TDDSKiller:

Code:
ATTFilter
20:42:22.0675 4536  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:42:24.0676 4536  ============================================================
20:42:24.0676 4536  Current date / time: 2012/11/17 20:42:24.0676
20:42:24.0676 4536  SystemInfo:
20:42:24.0676 4536  
20:42:24.0677 4536  OS Version: 6.0.6001 ServicePack: 1.0
20:42:24.0677 4536  Product type: Workstation
20:42:24.0677 4536  ComputerName: USER-PC
20:42:24.0677 4536  UserName: user
20:42:24.0677 4536  Windows directory: C:\Windows
20:42:24.0677 4536  System windows directory: C:\Windows
20:42:24.0677 4536  Running under WOW64
20:42:24.0677 4536  Processor architecture: Intel x64
20:42:24.0677 4536  Number of processors: 4
20:42:24.0677 4536  Page size: 0x1000
20:42:24.0677 4536  Boot type: Normal boot
20:42:24.0677 4536  ============================================================
20:42:25.0043 4536  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:42:25.0063 4536  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:42:25.0116 4536  ============================================================
20:42:25.0116 4536  \Device\Harddisk0\DR0:
20:42:25.0116 4536  MBR partitions:
20:42:25.0116 4536  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48CA7A33
20:42:25.0116 4536  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48CA7A72, BlocksNum 0x1BAF44F
20:42:25.0116 4536  \Device\Harddisk1\DR1:
20:42:25.0116 4536  MBR partitions:
20:42:25.0116 4536  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
20:42:25.0116 4536  ============================================================
20:42:25.0136 4536  C: <-> \Device\Harddisk0\DR0\Partition1
20:42:25.0157 4536  E: <-> \Device\Harddisk1\DR1\Partition1
20:42:25.0205 4536  D: <-> \Device\Harddisk0\DR0\Partition2
20:42:25.0205 4536  ============================================================
20:42:25.0206 4536  Initialize success
20:42:25.0206 4536  ============================================================
20:42:52.0861 1492  ============================================================
20:42:52.0861 1492  Scan started
20:42:52.0861 1492  Mode: Manual; TDLFS; 
20:42:52.0861 1492  ============================================================
20:42:53.0266 1492  ================ Scan system memory ========================
20:42:53.0266 1492  System memory - ok
20:42:53.0266 1492  ================ Scan services =============================
20:42:53.0382 1492  [ 375243251C24028DA6C9761645B43F21 ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:42:53.0384 1492  ACPI - ok
20:42:53.0409 1492  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:42:53.0414 1492  adp94xx - ok
20:42:53.0449 1492  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:42:53.0453 1492  adpahci - ok
20:42:53.0462 1492  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:42:53.0463 1492  adpu160m - ok
20:42:53.0482 1492  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:42:53.0484 1492  adpu320 - ok
20:42:53.0507 1492  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:42:53.0508 1492  AeLookupSvc - ok
20:42:53.0542 1492  [ DB37041AB857ABC7E179E856D8E1582C ] AFD             C:\Windows\system32\drivers\afd.sys
20:42:53.0546 1492  AFD - ok
20:42:53.0582 1492  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:42:53.0583 1492  agp440 - ok
20:42:53.0622 1492  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:42:53.0623 1492  aic78xx - ok
20:42:53.0670 1492  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
20:42:53.0671 1492  ALG - ok
20:42:53.0708 1492  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:42:53.0709 1492  aliide - ok
20:42:53.0748 1492  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
20:42:53.0749 1492  amdide - ok
20:42:53.0769 1492  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:42:53.0769 1492  AmdK8 - ok
20:42:53.0872 1492  [ 90094521331F35FC1D77B38AFAD51D36 ] AntiVirFirewallService C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
20:42:53.0875 1492  AntiVirFirewallService - ok
20:42:53.0889 1492  [ 8784833784A693716F56B76A7B9B5A0B ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
20:42:53.0891 1492  AntiVirMailService - ok
20:42:53.0919 1492  [ 5158368A68191EEAF1106036D43F826D ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:42:53.0920 1492  AntiVirSchedulerService - ok
20:42:53.0936 1492  [ D57CA9416C71B561EC7FA1071B2941B7 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:42:53.0938 1492  AntiVirService - ok
20:42:53.0961 1492  [ EC75AEF05AF60BFAA983F49239C106D4 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:42:53.0963 1492  AntiVirWebService - ok
20:42:54.0000 1492  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
20:42:54.0000 1492  Appinfo - ok
20:42:54.0062 1492  [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
20:42:54.0063 1492  Apple Mobile Device - ok
20:42:54.0077 1492  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
20:42:54.0078 1492  arc - ok
20:42:54.0083 1492  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:42:54.0084 1492  arcsas - ok
20:42:54.0108 1492  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:42:54.0108 1492  AsyncMac - ok
20:42:54.0132 1492  [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi           C:\Windows\system32\drivers\atapi.sys
20:42:54.0132 1492  atapi - ok
20:42:54.0157 1492  [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:42:54.0161 1492  AudioEndpointBuilder - ok
20:42:54.0169 1492  [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:42:54.0171 1492  AudioSrv - ok
20:42:54.0199 1492  [ 33EED63EC03EB4F1E32AE98548EF8D82 ] avfwim          C:\Windows\system32\DRIVERS\avfwim.sys
20:42:54.0200 1492  avfwim - ok
20:42:54.0218 1492  [ ABE753B6883F2AD24654F74718FFD6E9 ] avfwot          C:\Windows\system32\DRIVERS\avfwot.sys
20:42:54.0220 1492  avfwot - ok
20:42:54.0238 1492  [ B1224E6B086CD6548315B04AB575A23E ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:42:54.0239 1492  avgntflt - ok
20:42:54.0270 1492  [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:42:54.0271 1492  avipbb - ok
20:42:54.0295 1492  [ BC4737AAFFA5964E4F8827C9B8C0EB8E ] BFE             C:\Windows\System32\bfe.dll
20:42:54.0304 1492  BFE - ok
20:42:54.0355 1492  [ D896A0D43F8AB81ECB1FC6C24DECFD58 ] BITS            C:\Windows\System32\qmgr.dll
20:42:54.0372 1492  BITS - ok
20:42:54.0386 1492  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:42:54.0387 1492  blbdrive - ok
20:42:54.0423 1492  [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
20:42:54.0425 1492  Bonjour Service - ok
20:42:54.0435 1492  [ 8B2B19031D0AEADE6E1B933DF1ACBA7E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:42:54.0436 1492  bowser - ok
20:42:54.0454 1492  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:42:54.0455 1492  BrFiltLo - ok
20:42:54.0470 1492  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:42:54.0470 1492  BrFiltUp - ok
20:42:54.0485 1492  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
20:42:54.0485 1492  Browser - ok
20:42:54.0500 1492  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
20:42:54.0500 1492  Brserid - ok
20:42:54.0505 1492  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:42:54.0506 1492  BrSerWdm - ok
20:42:54.0522 1492  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:42:54.0523 1492  BrUsbMdm - ok
20:42:54.0536 1492  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:42:54.0537 1492  BrUsbSer - ok
20:42:54.0542 1492  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:42:54.0542 1492  BTHMODEM - ok
20:42:54.0554 1492  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:42:54.0555 1492  cdfs - ok
20:42:54.0563 1492  [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:42:54.0563 1492  cdrom - ok
20:42:54.0577 1492  [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:42:54.0578 1492  CertPropSvc - ok
20:42:54.0591 1492  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:42:54.0592 1492  circlass - ok
20:42:54.0616 1492  [ 319E4E9A68303F60CBC813EF19F3CF84 ] CLFS            C:\Windows\system32\CLFS.sys
20:42:54.0622 1492  CLFS - ok
20:42:54.0672 1492  [ A4AF4201BD519971F8F34724F3CA9DBB ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:42:54.0673 1492  clr_optimization_v2.0.50727_32 - ok
20:42:54.0742 1492  [ 0EE3F378DFF6A8F0A122B5BFB6F2D9E5 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:42:54.0743 1492  clr_optimization_v2.0.50727_64 - ok
20:42:54.0755 1492  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:42:54.0756 1492  cmdide - ok
20:42:54.0767 1492  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:42:54.0767 1492  Compbatt - ok
20:42:54.0772 1492  COMSysApp - ok
20:42:54.0778 1492  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:42:54.0779 1492  crcdisk - ok
20:42:54.0807 1492  [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:42:54.0808 1492  CryptSvc - ok
20:42:54.0837 1492  [ FF27BE0BA7B3C48D5C99AFCB56D436C2 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:42:54.0844 1492  DcomLaunch - ok
20:42:54.0860 1492  [ BD4ACC56E477AD7419CBE90FCEEB621B ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:42:54.0861 1492  DfsC - ok
20:42:54.0931 1492  [ 1781F99840979EE7B126C9073C377FD0 ] DFSR            C:\Windows\system32\DFSR.exe
20:42:54.0970 1492  DFSR - ok
20:42:55.0008 1492  [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:42:55.0011 1492  Dhcp - ok
20:42:55.0015 1492  [ 2DC415FC05FB8A079F896CBBACB19324 ] disk            C:\Windows\system32\drivers\disk.sys
20:42:55.0016 1492  disk - ok
20:42:55.0026 1492  [ 93CE26DBED3182634F18DD2FE10E41BE ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:42:55.0027 1492  Dnscache - ok
20:42:55.0033 1492  [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:42:55.0037 1492  dot3svc - ok
20:42:55.0078 1492  [ 74C02B1717740C3B8039539E23E4B53F ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
20:42:55.0079 1492  Dot4 - ok
20:42:55.0102 1492  [ 08321D1860235BF42CF2854234337AEA ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:42:55.0102 1492  Dot4Print - ok
20:42:55.0112 1492  [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
20:42:55.0112 1492  dot4usb - ok
20:42:55.0123 1492  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
20:42:55.0124 1492  DPS - ok
20:42:55.0155 1492  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:42:55.0155 1492  drmkaud - ok
20:42:55.0191 1492  [ 412964040CE920FF83AFF6B5B551BF99 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:42:55.0200 1492  DXGKrnl - ok
20:42:55.0228 1492  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
20:42:55.0229 1492  E1G60 - ok
20:42:55.0245 1492  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
20:42:55.0246 1492  EapHost - ok
20:42:55.0256 1492  [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:42:55.0258 1492  Ecache - ok
20:42:55.0302 1492  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:42:55.0308 1492  ehRecvr - ok
20:42:55.0318 1492  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
20:42:55.0320 1492  ehSched - ok
20:42:55.0335 1492  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
20:42:55.0336 1492  ehstart - ok
20:42:55.0358 1492  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:42:55.0363 1492  elxstor - ok
20:42:55.0387 1492  [ E4EB76D0A8FC43DB7F36302E1F33791F ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
20:42:55.0390 1492  EMDMgmt - ok
20:42:55.0403 1492  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:42:55.0403 1492  ErrDev - ok
20:42:55.0438 1492  [ 6B1A97BF9FEFBDC83F3C7C7D0F826C66 ] EventSystem     C:\Windows\system32\es.dll
20:42:55.0441 1492  EventSystem - ok
20:42:55.0447 1492  [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:42:55.0450 1492  exfat - ok
20:42:55.0459 1492  ezSharedSvc - ok
20:42:55.0475 1492  [ FE731D345ED9EEABBC72A59B35941834 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:42:55.0477 1492  fastfat - ok
20:42:55.0503 1492  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:42:55.0504 1492  fdc - ok
20:42:55.0514 1492  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
20:42:55.0515 1492  fdPHost - ok
20:42:55.0525 1492  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
20:42:55.0526 1492  FDResPub - ok
20:42:55.0536 1492  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:42:55.0537 1492  FileInfo - ok
20:42:55.0542 1492  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:42:55.0542 1492  Filetrace - ok
20:42:55.0674 1492  [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
20:42:55.0690 1492  FirebirdServerMAGIXInstance - ok
20:42:55.0706 1492  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:42:55.0706 1492  flpydisk - ok
20:42:55.0719 1492  [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:42:55.0722 1492  FltMgr - ok
20:42:55.0749 1492  [ 3A8059E00C155283323CF57F998A73E0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:42:55.0750 1492  FontCache3.0.0.0 - ok
20:42:55.0764 1492  [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:42:55.0765 1492  Fs_Rec - ok
20:42:55.0781 1492  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:42:55.0781 1492  gagp30kx - ok
20:42:55.0816 1492  [ CD2E359F1B98D67145A821D85B23A8C6 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
20:42:55.0818 1492  GameConsoleService - ok
20:42:55.0849 1492  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:42:55.0850 1492  GEARAspiWDM - ok
20:42:55.0872 1492  [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc           C:\Windows\System32\gpsvc.dll
20:42:55.0880 1492  gpsvc - ok
20:42:55.0999 1492  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:42:55.0999 1492  gupdate - ok
20:42:56.0018 1492  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:42:56.0019 1492  gupdatem - ok
20:42:56.0061 1492  [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:42:56.0064 1492  HdAudAddService - ok
20:42:56.0087 1492  [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:42:56.0088 1492  HDAudBus - ok
20:42:56.0102 1492  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:42:56.0102 1492  HidBth - ok
20:42:56.0117 1492  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:42:56.0118 1492  HidIr - ok
20:42:56.0131 1492  [ 0AA154538544E988429DA2D5AA803A6C ] hidserv         C:\Windows\system32\hidserv.dll
20:42:56.0131 1492  hidserv - ok
20:42:56.0155 1492  [ 128E2DA8483FDD4DD0C7B3F9ABD6F323 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:42:56.0155 1492  HidUsb - ok
20:42:56.0179 1492  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:42:56.0180 1492  hkmsvc - ok
20:42:56.0247 1492  [ AA9EF0B395097F24D289F64445B2FD2E ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
20:42:56.0248 1492  HP Health Check Service - ok
20:42:56.0275 1492  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
20:42:56.0276 1492  HpCISSs - ok
20:42:56.0374 1492  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:42:56.0375 1492  hpqcxs08 - ok
20:42:56.0397 1492  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:42:56.0398 1492  hpqddsvc - ok
20:42:56.0435 1492  [ D972F48D0CE396759B788693CD665926 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
20:42:56.0444 1492  HPSLPSVC - ok
20:42:56.0471 1492  [ 7C39506BC3BE2B77B7671BB320FDB736 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:42:56.0479 1492  HTTP - ok
20:42:56.0494 1492  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
20:42:56.0494 1492  i2omp - ok
20:42:56.0511 1492  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:42:56.0512 1492  i8042prt - ok
20:42:56.0564 1492  [ 1117AF8C53AA278A4C5B7EF1B00E08F4 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:42:56.0567 1492  IAANTMON - ok
20:42:56.0601 1492  [ 5979854E6FDA990107E3170327022117 ] iaStor          C:\Windows\system32\drivers\iastor.sys
20:42:56.0604 1492  iaStor - ok
20:42:56.0622 1492  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
20:42:56.0625 1492  iaStorV - ok
20:42:56.0670 1492  [ F8E071CD7B92E81A2C64D860347EDA1E ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:42:56.0680 1492  idsvc - ok
20:42:56.0690 1492  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:42:56.0690 1492  iirsp - ok
20:42:56.0717 1492  [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:42:56.0723 1492  IKEEXT - ok
20:42:56.0783 1492  [ DC64D46EF8ACE3BD1CEC3A4A61608D4E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:42:56.0807 1492  IntcAzAudAddService - ok
20:42:56.0825 1492  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
20:42:56.0826 1492  intelide - ok
20:42:56.0842 1492  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:42:56.0843 1492  intelppm - ok
20:42:56.0860 1492  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:42:56.0861 1492  IPBusEnum - ok
20:42:56.0881 1492  [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:42:56.0882 1492  IpFilterDriver - ok
20:42:56.0903 1492  [ 82EFC3D6D161DD874F1203C5F60F623C ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:42:56.0905 1492  iphlpsvc - ok
20:42:56.0910 1492  IpInIp - ok
20:42:56.0942 1492  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
20:42:56.0943 1492  IPMIDRV - ok
20:42:56.0964 1492  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
20:42:56.0965 1492  IPNAT - ok
20:42:57.0013 1492  [ 1475A1A0A1FDB9894DCE7D0EE7EDA58A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:42:57.0017 1492  iPod Service - ok
20:42:57.0035 1492  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:42:57.0035 1492  IRENUM - ok
20:42:57.0056 1492  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:42:57.0057 1492  isapnp - ok
20:42:57.0090 1492  [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:42:57.0091 1492  iScsiPrt - ok
20:42:57.0096 1492  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:42:57.0096 1492  iteatapi - ok
20:42:57.0120 1492  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
20:42:57.0120 1492  iteraid - ok
20:42:57.0134 1492  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:42:57.0135 1492  kbdclass - ok
20:42:57.0145 1492  [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:42:57.0146 1492  kbdhid - ok
20:42:57.0168 1492  [ 1B461E9F6DB0EF829B4369F47A24BBEC ] KeyIso          C:\Windows\system32\lsass.exe
20:42:57.0169 1492  KeyIso - ok
20:42:57.0185 1492  [ A6F636C447CF3DEF5F50018F0C0E1AAE ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:42:57.0192 1492  KSecDD - ok
20:42:57.0196 1492  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:42:57.0197 1492  ksthunk - ok
20:42:57.0227 1492  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:42:57.0231 1492  KtmRm - ok
20:42:57.0262 1492  [ 6F212EDD7AAE8BD905C9E8824A34F8AE ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:42:57.0264 1492  LanmanServer - ok
20:42:57.0301 1492  [ D81690276C9E06A50D398CD1AE3C89AB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:42:57.0303 1492  LanmanWorkstation - ok
20:42:57.0362 1492  [ D571C606E4391449293A706588CC4BDD ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:42:57.0363 1492  LightScribeService - ok
20:42:57.0375 1492  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:42:57.0376 1492  lltdio - ok
20:42:57.0394 1492  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:42:57.0399 1492  lltdsvc - ok
20:42:57.0416 1492  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:42:57.0417 1492  lmhosts - ok
20:42:57.0437 1492  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:42:57.0438 1492  LSI_FC - ok
20:42:57.0443 1492  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:42:57.0444 1492  LSI_SAS - ok
20:42:57.0467 1492  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:42:57.0468 1492  LSI_SCSI - ok
20:42:57.0478 1492  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:42:57.0479 1492  luafv - ok
20:42:57.0491 1492  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:42:57.0493 1492  Mcx2Svc - ok
20:42:57.0504 1492  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
20:42:57.0505 1492  megasas - ok
20:42:57.0526 1492  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
20:42:57.0530 1492  MegaSR - ok
20:42:57.0611 1492  [ 033B947AF4A997820E86FCB070B1F450 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:42:57.0612 1492  Microsoft Office Groove Audit Service - ok
20:42:57.0644 1492  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
20:42:57.0645 1492  MMCSS - ok
20:42:57.0655 1492  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
20:42:57.0655 1492  Modem - ok
20:42:57.0674 1492  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:42:57.0675 1492  monitor - ok
20:42:57.0682 1492  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:42:57.0684 1492  mouclass - ok
20:42:57.0705 1492  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:42:57.0705 1492  mouhid - ok
20:42:57.0720 1492  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:42:57.0721 1492  MountMgr - ok
20:42:57.0764 1492  [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:42:57.0764 1492  MozillaMaintenance - ok
20:42:57.0790 1492  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:42:57.0791 1492  mpio - ok
20:42:57.0804 1492  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:42:57.0805 1492  mpsdrv - ok
20:42:57.0827 1492  [ 8A670648C755867A3AA38DA50BA569AA ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:42:57.0834 1492  MpsSvc - ok
20:42:57.0838 1492  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:42:57.0839 1492  Mraid35x - ok
20:42:57.0853 1492  [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:42:57.0854 1492  MRxDAV - ok
20:42:57.0863 1492  [ 8E01ED1D845B0DAC094A9BE50D426187 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:42:57.0864 1492  mrxsmb - ok
20:42:57.0877 1492  [ FBE643C568F40E6CC386E549013AEC99 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:42:57.0885 1492  mrxsmb10 - ok
20:42:57.0901 1492  [ 168DA84EBF8AFBC6E8F8EE229CC6DC9F ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:42:57.0902 1492  mrxsmb20 - ok
20:42:57.0916 1492  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
20:42:57.0916 1492  msahci - ok
20:42:57.0922 1492  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:42:57.0923 1492  msdsm - ok
20:42:57.0938 1492  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
20:42:57.0940 1492  MSDTC - ok
20:42:57.0960 1492  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:42:57.0960 1492  Msfs - ok
20:42:57.0980 1492  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:42:57.0980 1492  msisadrv - ok
20:42:58.0004 1492  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:42:58.0007 1492  MSiSCSI - ok
20:42:58.0011 1492  msiserver - ok
20:42:58.0046 1492  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:42:58.0047 1492  MSKSSRV - ok
20:42:58.0073 1492  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:42:58.0074 1492  MSPCLOCK - ok
20:42:58.0089 1492  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:42:58.0090 1492  MSPQM - ok
20:42:58.0106 1492  [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:42:58.0110 1492  MsRPC - ok
20:42:58.0124 1492  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:42:58.0124 1492  mssmbios - ok
20:42:58.0142 1492  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:42:58.0142 1492  MSTEE - ok
20:42:58.0163 1492  [ DDF133501F68D6988A0F55DFA88637B4 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:42:58.0164 1492  Mup - ok
20:42:58.0190 1492  [ C25022CDD18980846973B598900915F8 ] napagent        C:\Windows\system32\qagentRT.dll
20:42:58.0195 1492  napagent - ok
20:42:58.0218 1492  [ 73B99C98FA3A2ED1566E02D6FE1913A5 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:42:58.0220 1492  NativeWifiP - ok
20:42:58.0248 1492  NAVENG - ok
20:42:58.0251 1492  NAVEX15 - ok
20:42:58.0279 1492  [ 2A2EE457AF36C5C9A6808C768BD3A12B ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:42:58.0285 1492  NDIS - ok
20:42:58.0298 1492  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:42:58.0299 1492  NdisTapi - ok
20:42:58.0313 1492  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:42:58.0314 1492  Ndisuio - ok
20:42:58.0329 1492  [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:42:58.0330 1492  NdisWan - ok
20:42:58.0344 1492  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:42:58.0344 1492  NDProxy - ok
20:42:58.0385 1492  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:42:58.0410 1492  Net Driver HPZ12 - ok
20:42:58.0414 1492  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:42:58.0415 1492  NetBIOS - ok
20:42:58.0444 1492  [ 7A29CA243A629230799754162D80120F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
20:42:58.0447 1492  netbt - ok
20:42:58.0453 1492  [ 1B461E9F6DB0EF829B4369F47A24BBEC ] Netlogon        C:\Windows\system32\lsass.exe
20:42:58.0454 1492  Netlogon - ok
20:42:58.0477 1492  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
20:42:58.0480 1492  Netman - ok
20:42:58.0497 1492  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
20:42:58.0500 1492  netprofm - ok
20:42:58.0542 1492  [ AF59AC2D8B751B8F0A28F29951E855C4 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
20:42:58.0551 1492  netr28ux - ok
20:42:58.0592 1492  [ F9102685F97F9BA85F4A70AFCF722CFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:42:58.0594 1492  NetTcpPortSharing - ok
20:42:58.0621 1492  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:42:58.0622 1492  nfrd960 - ok
20:42:58.0639 1492  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:42:58.0641 1492  NlaSvc - ok
20:42:58.0646 1492  [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:42:58.0647 1492  Npfs - ok
20:42:58.0661 1492  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
20:42:58.0662 1492  nsi - ok
20:42:58.0677 1492  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:42:58.0677 1492  nsiproxy - ok
20:42:58.0711 1492  [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:42:58.0730 1492  Ntfs - ok
20:42:58.0738 1492  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
20:42:58.0739 1492  Null - ok
20:42:58.0795 1492  [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:42:58.0798 1492  NVHDA - ok
20:42:59.0020 1492  [ CC1EFEA1F0AB17E59BD4B5BAFF3E5CB0 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:42:59.0258 1492  nvlddmkm - ok
20:42:59.0275 1492  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:42:59.0276 1492  nvraid - ok
20:42:59.0292 1492  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:42:59.0293 1492  nvstor - ok
20:42:59.0336 1492  [ 39F933CA2798156B0B7A19D104B73B9A ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:42:59.0352 1492  nvsvc - ok
20:42:59.0372 1492  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:42:59.0373 1492  nv_agp - ok
20:42:59.0379 1492  NwlnkFlt - ok
20:42:59.0386 1492  NwlnkFwd - ok
20:42:59.0455 1492  [ E54AA592A65F317390EEE386A8821692 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:42:59.0460 1492  odserv - ok
20:42:59.0492 1492  [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:42:59.0493 1492  ohci1394 - ok
20:42:59.0522 1492  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:42:59.0523 1492  ose - ok
20:42:59.0565 1492  [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:42:59.0574 1492  p2pimsvc - ok
20:42:59.0587 1492  [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc          C:\Windows\system32\p2psvc.dll
20:42:59.0592 1492  p2psvc - ok
20:42:59.0609 1492  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
20:42:59.0610 1492  Parport - ok
20:42:59.0627 1492  [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:42:59.0629 1492  partmgr - ok
20:42:59.0643 1492  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:42:59.0645 1492  PcaSvc - ok
20:42:59.0754 1492  [ 7204F835A4355D1AB2853E57C9FF177C ] PCD5SRVC{8AAF211B-043E02A9-05040000} C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms
20:42:59.0756 1492  PCD5SRVC{8AAF211B-043E02A9-05040000} - ok
20:42:59.0762 1492  [ 2A5B2A51559066EA84742909B5B2CD69 ] pci             C:\Windows\system32\drivers\pci.sys
20:42:59.0777 1492  pci - ok
20:42:59.0789 1492  [ 8D618C829034479985A9ED56106CC732 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:42:59.0789 1492  pciide - ok
20:42:59.0804 1492  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:42:59.0806 1492  pcmcia - ok
20:42:59.0825 1492  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:42:59.0834 1492  PEAUTH - ok
20:42:59.0906 1492  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:42:59.0907 1492  PerfHost - ok
20:42:59.0964 1492  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
20:42:59.0985 1492  pla - ok
20:43:00.0002 1492  [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:43:00.0005 1492  PlugPlay - ok
20:43:00.0069 1492  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:43:00.0070 1492  Pml Driver HPZ12 - ok
20:43:00.0095 1492  [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
20:43:00.0101 1492  PNRPAutoReg - ok
20:43:00.0112 1492  [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc         C:\Windows\system32\p2psvc.dll
20:43:00.0117 1492  PNRPsvc - ok
20:43:00.0141 1492  [ EEF3688D5E9592CBBBED00DE71DDA1EF ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:43:00.0146 1492  PolicyAgent - ok
20:43:00.0172 1492  [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:43:00.0173 1492  PptpMiniport - ok
20:43:00.0184 1492  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
20:43:00.0185 1492  Processor - ok
20:43:00.0214 1492  [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:43:00.0216 1492  ProfSvc - ok
20:43:00.0236 1492  [ 1B461E9F6DB0EF829B4369F47A24BBEC ] ProtectedStorage C:\Windows\system32\lsass.exe
20:43:00.0237 1492  ProtectedStorage - ok
20:43:00.0258 1492  [ 1D0A3F565397D08707F3D75B88586645 ] Ps2             C:\Windows\system32\DRIVERS\PS2.sys
20:43:00.0259 1492  Ps2 - ok
20:43:00.0285 1492  [ 0E0E205A296095FE4C631E6A4775AD6C ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:43:00.0286 1492  PSched - ok
20:43:00.0313 1492  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:43:00.0327 1492  ql2300 - ok
20:43:00.0332 1492  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:43:00.0334 1492  ql40xx - ok
20:43:00.0353 1492  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
20:43:00.0356 1492  QWAVE - ok
20:43:00.0367 1492  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:43:00.0367 1492  QWAVEdrv - ok
20:43:00.0376 1492  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:43:00.0376 1492  RasAcd - ok
20:43:00.0395 1492  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
20:43:00.0396 1492  RasAuto - ok
20:43:00.0409 1492  [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:43:00.0410 1492  Rasl2tp - ok
20:43:00.0425 1492  [ 2A63D46B01685FD4BE9778CA3C231C2D ] RasMan          C:\Windows\System32\rasmans.dll
20:43:00.0428 1492  RasMan - ok
20:43:00.0443 1492  [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:43:00.0443 1492  RasPppoe - ok
20:43:00.0448 1492  [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:43:00.0449 1492  RasSstp - ok
20:43:00.0459 1492  [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:43:00.0462 1492  rdbss - ok
20:43:00.0472 1492  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:43:00.0472 1492  RDPCDD - ok
20:43:00.0491 1492  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
20:43:00.0494 1492  rdpdr - ok
20:43:00.0499 1492  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:43:00.0499 1492  RDPENCDD - ok
20:43:00.0521 1492  [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:43:00.0524 1492  RDPWD - ok
20:43:00.0538 1492  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:43:00.0540 1492  RemoteAccess - ok
20:43:00.0559 1492  [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:43:00.0563 1492  RemoteRegistry - ok
20:43:00.0574 1492  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
20:43:00.0575 1492  RpcLocator - ok
20:43:00.0601 1492  [ FF27BE0BA7B3C48D5C99AFCB56D436C2 ] RpcSs           C:\Windows\system32\rpcss.dll
20:43:00.0608 1492  RpcSs - ok
20:43:00.0625 1492  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:43:00.0626 1492  rspndr - ok
20:43:00.0657 1492  [ 8B91737DA75ADD21CB1554B38089196A ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
20:43:00.0659 1492  RTL8169 - ok
20:43:00.0667 1492  [ 1B461E9F6DB0EF829B4369F47A24BBEC ] SamSs           C:\Windows\system32\lsass.exe
20:43:00.0668 1492  SamSs - ok
20:43:00.0689 1492  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:43:00.0690 1492  sbp2port - ok
20:43:00.0704 1492  [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:43:00.0706 1492  SCardSvr - ok
20:43:00.0730 1492  [ C74C6C01353D87AAFE1193B426D667B0 ] Schedule        C:\Windows\system32\schedsvc.dll
20:43:00.0742 1492  Schedule - ok
20:43:00.0772 1492  [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:43:00.0772 1492  SCPolicySvc - ok
20:43:00.0790 1492  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:43:00.0792 1492  SDRSVC - ok
20:43:00.0803 1492  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:43:00.0803 1492  secdrv - ok
20:43:00.0818 1492  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
20:43:00.0819 1492  seclogon - ok
20:43:00.0830 1492  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
20:43:00.0832 1492  SENS - ok
20:43:00.0849 1492  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:43:00.0850 1492  Serenum - ok
20:43:00.0868 1492  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
20:43:00.0869 1492  Serial - ok
20:43:00.0882 1492  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:43:00.0883 1492  sermouse - ok
20:43:00.0921 1492  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:43:00.0923 1492  SessionEnv - ok
20:43:00.0940 1492  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:43:00.0940 1492  sffdisk - ok
20:43:00.0960 1492  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:43:00.0960 1492  sffp_mmc - ok
20:43:00.0973 1492  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:43:00.0973 1492  sffp_sd - ok
20:43:00.0983 1492  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:43:00.0984 1492  sfloppy - ok
20:43:01.0002 1492  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:43:01.0005 1492  SharedAccess - ok
20:43:01.0028 1492  [ EB3114330236CF030E8EDF62881BAF67 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:43:01.0031 1492  ShellHWDetection - ok
20:43:01.0036 1492  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
20:43:01.0037 1492  SiSRaid2 - ok
20:43:01.0057 1492  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:43:01.0058 1492  SiSRaid4 - ok
20:43:01.0099 1492  [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc           C:\Windows\system32\SLsvc.exe
20:43:01.0119 1492  slsvc - ok
20:43:01.0136 1492  [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
20:43:01.0138 1492  SLUINotify - ok
20:43:01.0150 1492  [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:43:01.0151 1492  Smb - ok
20:43:01.0181 1492  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:43:01.0183 1492  SNMPTRAP - ok
20:43:01.0195 1492  [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:43:01.0196 1492  spldr - ok
20:43:01.0208 1492  [ E6519A9E756D74DC51C697BA62162F51 ] Spooler         C:\Windows\System32\spoolsv.exe
20:43:01.0210 1492  Spooler - ok
20:43:01.0214 1492  SRTSP - ok
20:43:01.0220 1492  SRTSPX - ok
20:43:01.0245 1492  [ D13537333E1A0DDF9A9A9CD8252E9F70 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:43:01.0249 1492  srv - ok
20:43:01.0256 1492  [ 68DCD148225F40EF1CDF6CFC115CB6FE ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:43:01.0257 1492  srv2 - ok
20:43:01.0264 1492  [ 4D0858B640CDBCBA671C5439A8EF45CB ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:43:01.0265 1492  srvnet - ok
20:43:01.0291 1492  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:43:01.0293 1492  SSDPSRV - ok
20:43:01.0316 1492  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:43:01.0318 1492  SstpSvc - ok
20:43:01.0443 1492  [ 9BF7E58D9113CE15CF4F1E1B18CEFF83 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:43:01.0445 1492  Stereo Service - ok
20:43:01.0474 1492  [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc          C:\Windows\System32\wiaservc.dll
20:43:01.0480 1492  stisvc - ok
20:43:01.0493 1492  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:43:01.0494 1492  swenum - ok
20:43:01.0505 1492  [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv           C:\Windows\System32\swprv.dll
20:43:01.0510 1492  swprv - ok
20:43:01.0519 1492  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
20:43:01.0520 1492  Symc8xx - ok
20:43:01.0526 1492  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
20:43:01.0527 1492  Sym_hi - ok
20:43:01.0532 1492  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
20:43:01.0532 1492  Sym_u3 - ok
20:43:01.0550 1492  [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain         C:\Windows\system32\sysmain.dll
20:43:01.0559 1492  SysMain - ok
20:43:01.0584 1492  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:43:01.0586 1492  TabletInputService - ok
20:43:01.0593 1492  [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:43:01.0597 1492  TapiSrv - ok
20:43:01.0611 1492  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
20:43:01.0612 1492  TBS - ok
20:43:01.0658 1492  [ 8E041924441FF8755E5B4F135C8C3767 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:43:01.0676 1492  Tcpip - ok
20:43:01.0695 1492  [ 8E041924441FF8755E5B4F135C8C3767 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
20:43:01.0703 1492  Tcpip6 - ok
20:43:01.0712 1492  [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:43:01.0712 1492  tcpipreg - ok
20:43:01.0729 1492  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:43:01.0730 1492  TDPIPE - ok
20:43:01.0744 1492  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:43:01.0744 1492  TDTCP - ok
20:43:01.0763 1492  [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:43:01.0764 1492  tdx - ok
20:43:01.0772 1492  [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:43:01.0774 1492  TermDD - ok
20:43:01.0795 1492  [ F870A5589D6A94B426EFB13689023946 ] TermService     C:\Windows\System32\termsrv.dll
20:43:01.0801 1492  TermService - ok
20:43:01.0815 1492  [ EB3114330236CF030E8EDF62881BAF67 ] Themes          C:\Windows\system32\shsvcs.dll
20:43:01.0818 1492  Themes - ok
20:43:01.0848 1492  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:43:01.0849 1492  THREADORDER - ok
20:43:01.0861 1492  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
20:43:01.0863 1492  TrkWks - ok
20:43:01.0903 1492  [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:43:01.0904 1492  TrustedInstaller - ok
20:43:01.0924 1492  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:43:01.0925 1492  tssecsrv - ok
20:43:01.0951 1492  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
20:43:01.0952 1492  tunmp - ok
20:43:01.0964 1492  [ F6A4FBA7C03AC2EFD00F3301C0C1E067 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:43:01.0965 1492  tunnel - ok
20:43:01.0995 1492  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:43:01.0996 1492  uagp35 - ok
20:43:02.0023 1492  [ 655156D84EC37559EE230B888A4F23C5 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:43:02.0026 1492  udfs - ok
20:43:02.0036 1492  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:43:02.0037 1492  UI0Detect - ok
20:43:02.0051 1492  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:43:02.0051 1492  uliagpkx - ok
20:43:02.0076 1492  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
20:43:02.0079 1492  uliahci - ok
20:43:02.0085 1492  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
20:43:02.0087 1492  UlSata - ok
20:43:02.0102 1492  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
20:43:02.0103 1492  ulsata2 - ok
20:43:02.0113 1492  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:43:02.0114 1492  umbus - ok
20:43:02.0124 1492  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
20:43:02.0128 1492  upnphost - ok
20:43:02.0261 1492  [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService     C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
20:43:02.0265 1492  UPnPService - ok
20:43:02.0312 1492  [ 9E58997A211C8C9AC9E6CFFA53614A73 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:43:02.0312 1492  USBAAPL64 - ok
20:43:02.0368 1492  [ C899FB269BE4740DBE2801B204CD71D4 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:43:02.0368 1492  usbaudio - ok
20:43:02.0407 1492  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:43:02.0408 1492  usbccgp - ok
20:43:02.0422 1492  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:43:02.0423 1492  usbcir - ok
20:43:02.0434 1492  [ DA6D8D8ED0A53C63AC6F4BD40FE83FBE ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:43:02.0434 1492  usbehci - ok
20:43:02.0449 1492  [ 99045369AE3216216573D0775FD7ED56 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:43:02.0452 1492  usbhub - ok
20:43:02.0471 1492  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:43:02.0472 1492  usbohci - ok
20:43:02.0493 1492  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:43:02.0494 1492  usbprint - ok
20:43:02.0521 1492  [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:43:02.0522 1492  usbscan - ok
20:43:02.0533 1492  [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:43:02.0534 1492  USBSTOR - ok
20:43:02.0548 1492  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:43:02.0549 1492  usbuhci - ok
20:43:02.0595 1492  [ FC33099877790D51B0927B7039059855 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:43:02.0596 1492  usbvideo - ok
20:43:02.0631 1492  [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms           C:\Windows\System32\uxsms.dll
20:43:02.0633 1492  UxSms - ok
20:43:02.0648 1492  [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds             C:\Windows\System32\vds.exe
20:43:02.0653 1492  vds - ok
20:43:02.0683 1492  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:43:02.0684 1492  vga - ok
20:43:02.0703 1492  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:43:02.0703 1492  VgaSave - ok
20:43:02.0719 1492  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
20:43:02.0720 1492  viaide - ok
20:43:02.0739 1492  [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:43:02.0740 1492  volmgr - ok
20:43:02.0752 1492  [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:43:02.0758 1492  volmgrx - ok
20:43:02.0765 1492  [ DE4307412D98050239026E56A7DFF3C0 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:43:02.0769 1492  volsnap - ok
20:43:02.0783 1492  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:43:02.0785 1492  vsmraid - ok
20:43:02.0819 1492  [ 186BD53F8A408AD20F5A056C05678629 ] VSS             C:\Windows\system32\vssvc.exe
20:43:02.0832 1492  VSS - ok
20:43:02.0841 1492  [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time         C:\Windows\system32\w32time.dll
20:43:02.0844 1492  W32Time - ok
20:43:02.0867 1492  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:43:02.0868 1492  WacomPen - ok
20:43:02.0882 1492  [ AEA75207E443C8623C36B8D03596F84F ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
20:43:02.0883 1492  Wanarp - ok
20:43:02.0887 1492  [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:43:02.0888 1492  Wanarpv6 - ok
20:43:02.0901 1492  [ 055449247C490E24B968B44FE8A969EB ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:43:02.0907 1492  wcncsvc - ok
20:43:02.0928 1492  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:43:02.0929 1492  WcsPlugInService - ok
20:43:02.0942 1492  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
20:43:02.0943 1492  Wd - ok
20:43:02.0972 1492  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:43:02.0983 1492  Wdf01000 - ok
20:43:02.0998 1492  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:43:03.0000 1492  WdiServiceHost - ok
20:43:03.0004 1492  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:43:03.0005 1492  WdiSystemHost - ok
20:43:03.0024 1492  [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient       C:\Windows\System32\webclnt.dll
20:43:03.0027 1492  WebClient - ok
20:43:03.0043 1492  [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:43:03.0046 1492  Wecsvc - ok
20:43:03.0054 1492  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:43:03.0056 1492  wercplsupport - ok
20:43:03.0073 1492  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
20:43:03.0075 1492  WerSvc - ok
20:43:03.0096 1492  WinDefend - ok
20:43:03.0102 1492  WinHttpAutoProxySvc - ok
20:43:03.0155 1492  [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:43:03.0157 1492  Winmgmt - ok
20:43:03.0196 1492  [ AEB6C5200FD5517F06076AF0EE4538E1 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:43:03.0209 1492  WinRM - ok
20:43:03.0225 1492  [ 05477E53B7B529435026F705B4235324 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:43:03.0232 1492  Wlansvc - ok
20:43:03.0247 1492  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:43:03.0248 1492  WmiAcpi - ok
20:43:03.0257 1492  [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:43:03.0264 1492  wmiApSrv - ok
20:43:03.0278 1492  WMPNetworkSvc - ok
20:43:03.0291 1492  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:43:03.0293 1492  WPCSvc - ok
20:43:03.0302 1492  [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:43:03.0303 1492  WPDBusEnum - ok
20:43:03.0321 1492  [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
20:43:03.0321 1492  WpdUsb - ok
20:43:03.0343 1492  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:43:03.0344 1492  ws2ifsl - ok
20:43:03.0358 1492  [ CB8EA6D95949384925CCFCA21CC6DFD8 ] wscsvc          C:\Windows\System32\wscsvc.dll
20:43:03.0360 1492  wscsvc - ok
20:43:03.0364 1492  WSearch - ok
20:43:03.0416 1492  [ 69F2BC7B46E3E15C8EC688F42A65B57F ] wuauserv        C:\Windows\system32\wuaueng.dll
20:43:03.0440 1492  wuauserv - ok
20:43:03.0467 1492  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:43:03.0468 1492  WUDFRd - ok
20:43:03.0482 1492  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:43:03.0484 1492  wudfsvc - ok
20:43:03.0561 1492  [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {55662437-DA8C-40c0-AADA-2C816A897A49} c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
20:43:03.0563 1492  {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
20:43:03.0569 1492  ================ Scan global ===============================
20:43:03.0596 1492  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
20:43:03.0619 1492  [ A9C654098A5CA39618DA9D022A6691B8 ] C:\Windows\system32\winsrv.dll
20:43:03.0630 1492  [ A9C654098A5CA39618DA9D022A6691B8 ] C:\Windows\system32\winsrv.dll
20:43:03.0658 1492  [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe
20:43:03.0660 1492  [Global] - ok
20:43:03.0661 1492  ================ Scan MBR ==================================
20:43:03.0672 1492  [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
20:43:04.0207 1492  \Device\Harddisk0\DR0 - ok
20:43:04.0210 1492  [ F05261C246CE4B3C544521FFFF7AEF5D ] \Device\Harddisk1\DR1
20:43:06.0374 1492  \Device\Harddisk1\DR1 - ok
20:43:06.0374 1492  ================ Scan VBR ==================================
20:43:06.0377 1492  [ 0195742A65C7EE1BA1E620D5B4B828A5 ] \Device\Harddisk0\DR0\Partition1
20:43:06.0394 1492  \Device\Harddisk0\DR0\Partition1 - ok
20:43:06.0398 1492  [ 56ACAB07268653601D6771A4EAB0DDD3 ] \Device\Harddisk0\DR0\Partition2
20:43:06.0419 1492  \Device\Harddisk0\DR0\Partition2 - ok
20:43:06.0422 1492  [ 3C86E7712B52FA115A1064D2DE77EA04 ] \Device\Harddisk1\DR1\Partition1
20:43:06.0445 1492  \Device\Harddisk1\DR1\Partition1 - ok
20:43:06.0445 1492  ============================================================
20:43:06.0445 1492  Scan finished
20:43:06.0445 1492  ============================================================
20:43:06.0455 4496  Detected object count: 0
20:43:06.0455 4496  Actual detected object count: 0
         
__________________

Alt 17.11.2012, 21:43   #4
ryder
/// TB-Ausbilder
 
Befall mehrer Rechner eines Haushalts mit multiplen Trojanern - Standard

Befall mehrer Rechner eines Haushalts mit multiplen Trojanern



Gut, dann bitte Combofix ausführen.

Scan mit Combofix
Zitat:
WARNUNG:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 17.11.2012, 22:11   #5
nicnacs
 
Befall mehrer Rechner eines Haushalts mit multiplen Trojanern - Standard

Befall mehrer Rechner eines Haushalts mit multiplen Trojanern



Habe Combofix durchlaufen lassen.
Werde erst morgen früh wieder weitermachen können. Allerdings bin ich nur noch morgen bei meinem Vater und ich hoffe das Problem noch in dieser Zeit einigermaßen lösen zu können. Aber wie bereits zuvor erwähnt: Vielen Dank für die Hilfe sowie die schnellen Antworten.

hier die log file:
Code:
ATTFilter
ComboFix 12-11-16.02 - user 17.11.2012  22:00:05.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.6142.3942 [GMT 1:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\sponsoring\ebay.ico
c:\program files (x86)\xp-AntiSpy\sponsoring\ebay_desktop.ico
c:\program files (x86)\xp-AntiSpy\sponsoring\ebay_hover.ico
c:\program files (x86)\xp-AntiSpy\sponsoring\ebayGadget.gadget
c:\program files (x86)\xp-AntiSpy\sponsoring\sponsor.html
c:\program files (x86)\xp-AntiSpy\sponsoring\sponsor.url
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-17 bis 2012-11-17  ))))))))))))))))))))))))))))))
.
.
2012-11-17 21:06 . 2012-11-17 21:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-14 14:46 . 2012-11-14 14:46	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-11-14 14:44 . 2012-11-14 14:44	477168	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-11-14 14:44 . 2012-11-14 14:44	473072	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08	2393184	----a-w-	c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2008-12-31 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-15 1152296]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-15 189736]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link RangeBooster N DWA-140"="c:\program files (x86)\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [2008-04-15 1675264]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe" [2007-03-29 90112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
Picture Motion Browser Medien-Prüfung.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2012-9-10 385024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 73628075
*NewlyCreated* - ASWMBR
*Deregistered* - 73628075
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 18:32]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 18:32]
.
2009-05-25 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-11-05 18:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-11-03 182808]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to iPod Converter - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to Mp3 Converter - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7j1hx27n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - ExtSQL: 2012-11-14 15:44; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-17 15:35; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7j1hx27n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2012-09-10 09:45; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2012-11-17  22:08:15
ComboFix-quarantined-files.txt  2012-11-17 21:08
.
Vor Suchlauf: 8 Verzeichnis(se), 388.491.513.856 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 388.545.527.808 Bytes frei
.
- - End Of File - - 71B555423A138343925F14EDB9649BD6
         


Alt 18.11.2012, 11:37   #6
ryder
/// TB-Ausbilder
 
Befall mehrer Rechner eines Haushalts mit multiplen Trojanern - Standard

Befall mehrer Rechner eines Haushalts mit multiplen Trojanern



Hm .... zwei Sachen gefallen mir nicht, die müssen wir noch untersuchen.

Schritt 1:
Scan mit MBAR

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile (mbar-log-<Jahr-Monat-Tag>.txt) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
Schritt 3:
Customscan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Stelle folgendes ein:
    • Haken bei "Alle Benutzer scannen" und "Inklusive 64bit Scans"
    • Ausgabe: Minimal
    • Benutze SafeList in jedem Feld.
    • Haken bei "Benutze Hersteller-Whitelist"
    • Dateien erstellt und verändert innerhalb Datei-Alter
    • Haken bei LOP Prüfung und Purity Prüfung
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.exe
%PROGRAMFILES(X86)%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /10
%appdata%\*. 
%appdata%\*.* 
%appdata%\*.exe /s
%localappdata%\*. 
%localappdata%\*.*
%localappdata%\*.exe /s
%allusersprofile%\*. 
%allusersprofile%\*.*
%allusersprofile%\*.exe /s
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread (möglichst in CODE-Tags)
__________________
--> Befall mehrer Rechner eines Haushalts mit multiplen Trojanern

Alt 18.11.2012, 13:20   #7
nicnacs
 
Befall mehrer Rechner eines Haushalts mit multiplen Trojanern - Standard

Befall mehrer Rechner eines Haushalts mit multiplen Trojanern



Hallo,
wie bereits in meinen Vorposts beschrieben, kümmere ich mich zurzeit um die Rechner meines Vaters. Das oben durchgeführte Prozedere findet am stationären PC statt. Nachdem ich einige Monate nicht mehr hier war musste ich feststellen, dass auf dem Rechner absolutes Chaos herrscht. Daher denke ich, dass ein Neuaufsetzen des PCs am sinnvollsten wäre, um übersichtliche Ordner sowie Benutzerfunktionen einzurichten. Ich wollte aber kurz mit Euch Rücksprache halten, ob dies eine sinnvolle Idee ist, vor allem vor dem Hintergrund, dass keine Wiederherstellungs CDs angefertigt wurden und ich nur über eine auf der Festplatte liegende Wiederherstellungspartition den Computer Neuaufsetzen könnte. Ist es ausgeschlossen, dass sich Trojaner in dieser Wiederherstellungspartition befinden?

Vielen Dank schon mal für die Step by step anleitung, aber nachdem ich das Ausmaß des Chaos langsam überblicke, wäre ein kompletter Restart meiner Meinung anch die beste Lösung.

Alt 18.11.2012, 14:12   #8
ryder
/// TB-Ausbilder
 
Befall mehrer Rechner eines Haushalts mit multiplen Trojanern - Standard

Befall mehrer Rechner eines Haushalts mit multiplen Trojanern



So eine Entscheidung ist natürlich immer richtig und absolut sicher. Es gibt aber eben auch Schädlinge, die eine Neuinstallation überstehen können. Und das könnte bei dir der Fall sein.

Jetzt ist die Frage, wollen wir weiter bereinigen, oder alles klar für eine Neuinstallation machen?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 18.11.2012, 14:22   #9
nicnacs
 
Befall mehrer Rechner eines Haushalts mit multiplen Trojanern - Standard

Befall mehrer Rechner eines Haushalts mit multiplen Trojanern



hallo ryder,
ich persönlich würde gerne den rechner neuaufsetzen. Ich wäre dir aber dankbar, wenn wir den Rechner sicher für eine Neuinstallation machen. Ich möchte mich wirklich noch mal ausdrücklich für die Hilfe bedanken. Klasse, dass es das in unserer heutigen Zeit noch gibt!

Alt 18.11.2012, 14:39   #10
ryder
/// TB-Ausbilder
 
Befall mehrer Rechner eines Haushalts mit multiplen Trojanern - Standard

Befall mehrer Rechner eines Haushalts mit multiplen Trojanern



Gut, dann starte bitte aswmbr und klicke fix mbr. Neues aswmbr log und dann sag ich dir ob es losgehen kann.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 18.11.2012, 15:54   #11
nicnacs
 
Befall mehrer Rechner eines Haushalts mit multiplen Trojanern - Standard

Befall mehrer Rechner eines Haushalts mit multiplen Trojanern



Hier die logfile sowie Fixmbr durchgeführt:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 15:02:40
-----------------------------
15:02:40.408    OS Version: Windows x64 6.0.6001 Service Pack 1
15:02:40.409    Number of processors: 4 586 0x1707
15:02:40.409    ComputerName: USER-PC  UserName: user
15:02:42.660    Initialize success
15:03:54.832    AVAST engine defs: 12111800
15:03:58.605    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:03:58.607    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
15:03:58.610    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
15:03:58.612    Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
15:03:58.641    Disk 0 MBR read successfully
15:03:58.644    Disk 0 MBR scan
15:03:58.648    Disk 0 unknown MBR code
15:03:58.672    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       596303 MB offset 63
15:03:58.709    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14174 MB offset 1221229170
15:03:58.829    Disk 0 scanning C:\Windows\system32\drivers
15:04:21.363    Service scanning
15:04:49.707    Modules scanning
15:04:49.714    Disk 0 trace - called modules:
15:04:49.731    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
15:04:49.735    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007db54d0]
15:04:49.740    3 CLASSPNP.SYS[fffffa6000eafb3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005e4d050]
15:04:54.103    AVAST engine scan C:\Windows
15:05:00.696    AVAST engine scan C:\Windows\system32
15:12:32.201    AVAST engine scan C:\Windows\system32\drivers
15:13:06.896    AVAST engine scan C:\Users\user
15:38:12.861    AVAST engine scan C:\ProgramData
15:51:23.009    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
15:51:23.208    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
         

Alt 18.11.2012, 16:10   #12
ryder
/// TB-Ausbilder
 
Befall mehrer Rechner eines Haushalts mit multiplen Trojanern - Standard

Befall mehrer Rechner eines Haushalts mit multiplen Trojanern



Du hast den Fix gemacht, dann nochmal gestartet und nochmal ein log gemacht?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 18.11.2012, 16:15   #13
nicnacs
 
Befall mehrer Rechner eines Haushalts mit multiplen Trojanern - Standard

Befall mehrer Rechner eines Haushalts mit multiplen Trojanern



Nein, dass habe ich falsch verstanden. Zurzeit läuft noch der Updatevorgang von Windows der bei 115 durchzuführenden Updates länger nicht mehr durchgeführt wurde. Werde die benötigte Logfile nach einem erneuten Durchlauf posten. Bis gleich!

So, jetzt sind alle neuen Windows Updates installiert sowie der gewünschte Scan gelaufen. hier die logfile:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 16:50:30
-----------------------------
16:50:30.465    OS Version: Windows x64 6.0.6001 Service Pack 1
16:50:30.465    Number of processors: 4 586 0x1707
16:50:30.466    ComputerName: USER-PC  UserName: user
16:50:32.603    Initialize success
16:50:40.540    AVAST engine defs: 12111800
16:50:57.920    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:50:57.923    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.925    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:50:57.928    Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.965    Disk 0 MBR read successfully
16:50:57.968    Disk 0 MBR scan
16:50:57.974    Disk 0 Windows VISTA default MBR code
16:50:57.995    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       596303 MB offset 63
16:50:58.032    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14174 MB offset 1221229170
16:50:58.115    Disk 0 scanning C:\Windows\system32\drivers
16:51:30.305    Service scanning
16:51:54.212    Modules scanning
16:51:54.218    Disk 0 trace - called modules:
16:51:54.262    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
16:51:54.266    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cef790]
16:51:54.271    3 CLASSPNP.SYS[fffffa6000fcab3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005e2e050]
16:51:56.287    AVAST engine scan C:\Windows
16:52:11.131    AVAST engine scan C:\Windows\system32
16:59:24.749    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f8a4bff323da1a154bb66efb86094835\Microsoft.PowerShell.Commands.Management.ni.dll **HIDDEN**
16:59:24.959    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a528d11d0b501bc339fbbb4d436a0f6f **HIDDEN**
16:59:25.151    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7d964b677165b093dd02a684cd0156b2 **HIDDEN**
16:59:26.019    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b6b199fb068091c5fe84c320a9efbe82\Microsoft.PowerShell.Commands.Utility.ni.dll **HIDDEN**
16:59:26.821    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\03650614e86fbe15b055eb38f0b6ab1b\WindowsBase.ni.dll **HIDDEN**
16:59:27.557    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\39802a9e059a5c5472ece6283935ebab\Microsoft.PowerShell.ConsoleHost.ni.dll **HIDDEN**
16:59:27.904    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8fe312e872a074b7766fe902c74fac44\PresentationCFFRasterizer.ni.dll **HIDDEN**
17:00:04.212    AVAST engine scan C:\Windows\system32\drivers
17:00:44.539    AVAST engine scan C:\Users\user
17:05:30.340    Verifying
17:05:40.372    Disk 0 Windows 600 MBR fixed successfully
17:05:46.705    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
17:05:46.709    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
         
Poste es noch mal, da ich nicht weiß, ob der post als aktualisiert angezeigt wird!

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 16:50:30
-----------------------------
16:50:30.465    OS Version: Windows x64 6.0.6001 Service Pack 1
16:50:30.465    Number of processors: 4 586 0x1707
16:50:30.466    ComputerName: USER-PC  UserName: user
16:50:32.603    Initialize success
16:50:40.540    AVAST engine defs: 12111800
16:50:57.920    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:50:57.923    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.925    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:50:57.928    Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.965    Disk 0 MBR read successfully
16:50:57.968    Disk 0 MBR scan
16:50:57.974    Disk 0 Windows VISTA default MBR code
16:50:57.995    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       596303 MB offset 63
16:50:58.032    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14174 MB offset 1221229170
16:50:58.115    Disk 0 scanning C:\Windows\system32\drivers
16:51:30.305    Service scanning
16:51:54.212    Modules scanning
16:51:54.218    Disk 0 trace - called modules:
16:51:54.262    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
16:51:54.266    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cef790]
16:51:54.271    3 CLASSPNP.SYS[fffffa6000fcab3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005e2e050]
16:51:56.287    AVAST engine scan C:\Windows
16:52:11.131    AVAST engine scan C:\Windows\system32
16:59:24.749    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f8a4bff323da1a154bb66efb86094835\Microsoft.PowerShell.Commands.Management.ni.dll **HIDDEN**
16:59:24.959    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a528d11d0b501bc339fbbb4d436a0f6f **HIDDEN**
16:59:25.151    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7d964b677165b093dd02a684cd0156b2 **HIDDEN**
16:59:26.019    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b6b199fb068091c5fe84c320a9efbe82\Microsoft.PowerShell.Commands.Utility.ni.dll **HIDDEN**
16:59:26.821    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\03650614e86fbe15b055eb38f0b6ab1b\WindowsBase.ni.dll **HIDDEN**
16:59:27.557    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\39802a9e059a5c5472ece6283935ebab\Microsoft.PowerShell.ConsoleHost.ni.dll **HIDDEN**
16:59:27.904    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8fe312e872a074b7766fe902c74fac44\PresentationCFFRasterizer.ni.dll **HIDDEN**
17:00:04.212    AVAST engine scan C:\Windows\system32\drivers
17:00:44.539    AVAST engine scan C:\Users\user
17:05:30.340    Verifying
17:05:40.372    Disk 0 Windows 600 MBR fixed successfully
17:05:46.705    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
17:05:46.709    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
         
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 16:50:30
-----------------------------
16:50:30.465    OS Version: Windows x64 6.0.6001 Service Pack 1
16:50:30.465    Number of processors: 4 586 0x1707
16:50:30.466    ComputerName: USER-PC  UserName: user
16:50:32.603    Initialize success
16:50:40.540    AVAST engine defs: 12111800
16:50:57.920    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:50:57.923    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.925    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:50:57.928    Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.965    Disk 0 MBR read successfully
16:50:57.968    Disk 0 MBR scan
16:50:57.974    Disk 0 Windows VISTA default MBR code
16:50:57.995    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       596303 MB offset 63
16:50:58.032    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14174 MB offset 1221229170
16:50:58.115    Disk 0 scanning C:\Windows\system32\drivers
16:51:30.305    Service scanning
16:51:54.212    Modules scanning
16:51:54.218    Disk 0 trace - called modules:
16:51:54.262    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
16:51:54.266    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cef790]
16:51:54.271    3 CLASSPNP.SYS[fffffa6000fcab3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005e2e050]
16:51:56.287    AVAST engine scan C:\Windows
16:52:11.131    AVAST engine scan C:\Windows\system32
16:59:24.749    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f8a4bff323da1a154bb66efb86094835\Microsoft.PowerShell.Commands.Management.ni.dll **HIDDEN**
16:59:24.959    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a528d11d0b501bc339fbbb4d436a0f6f **HIDDEN**
16:59:25.151    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7d964b677165b093dd02a684cd0156b2 **HIDDEN**
16:59:26.019    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b6b199fb068091c5fe84c320a9efbe82\Microsoft.PowerShell.Commands.Utility.ni.dll **HIDDEN**
16:59:26.821    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\03650614e86fbe15b055eb38f0b6ab1b\WindowsBase.ni.dll **HIDDEN**
16:59:27.557    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\39802a9e059a5c5472ece6283935ebab\Microsoft.PowerShell.ConsoleHost.ni.dll **HIDDEN**
16:59:27.904    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8fe312e872a074b7766fe902c74fac44\PresentationCFFRasterizer.ni.dll **HIDDEN**
17:00:04.212    AVAST engine scan C:\Windows\system32\drivers
17:00:44.539    AVAST engine scan C:\Users\user
17:05:30.340    Verifying
17:05:40.372    Disk 0 Windows 600 MBR fixed successfully
17:05:46.705    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
17:05:46.709    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
         
ich weiss nicht warum er kein neuen EEintrag erstellt:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 16:50:30
-----------------------------
16:50:30.465    OS Version: Windows x64 6.0.6001 Service Pack 1
16:50:30.465    Number of processors: 4 586 0x1707
16:50:30.466    ComputerName: USER-PC  UserName: user
16:50:32.603    Initialize success
16:50:40.540    AVAST engine defs: 12111800
16:50:57.920    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:50:57.923    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.925    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:50:57.928    Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.965    Disk 0 MBR read successfully
16:50:57.968    Disk 0 MBR scan
16:50:57.974    Disk 0 Windows VISTA default MBR code
16:50:57.995    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       596303 MB offset 63
16:50:58.032    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14174 MB offset 1221229170
16:50:58.115    Disk 0 scanning C:\Windows\system32\drivers
16:51:30.305    Service scanning
16:51:54.212    Modules scanning
16:51:54.218    Disk 0 trace - called modules:
16:51:54.262    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
16:51:54.266    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cef790]
16:51:54.271    3 CLASSPNP.SYS[fffffa6000fcab3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005e2e050]
16:51:56.287    AVAST engine scan C:\Windows
16:52:11.131    AVAST engine scan C:\Windows\system32
16:59:24.749    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f8a4bff323da1a154bb66efb86094835\Microsoft.PowerShell.Commands.Management.ni.dll **HIDDEN**
16:59:24.959    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a528d11d0b501bc339fbbb4d436a0f6f **HIDDEN**
16:59:25.151    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7d964b677165b093dd02a684cd0156b2 **HIDDEN**
16:59:26.019    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b6b199fb068091c5fe84c320a9efbe82\Microsoft.PowerShell.Commands.Utility.ni.dll **HIDDEN**
16:59:26.821    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\03650614e86fbe15b055eb38f0b6ab1b\WindowsBase.ni.dll **HIDDEN**
16:59:27.557    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\39802a9e059a5c5472ece6283935ebab\Microsoft.PowerShell.ConsoleHost.ni.dll **HIDDEN**
16:59:27.904    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8fe312e872a074b7766fe902c74fac44\PresentationCFFRasterizer.ni.dll **HIDDEN**
17:00:04.212    AVAST engine scan C:\Windows\system32\drivers
17:00:44.539    AVAST engine scan C:\Users\user
17:05:30.340    Verifying
17:05:40.372    Disk 0 Windows 600 MBR fixed successfully
17:05:46.705    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
17:05:46.709    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
         
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 16:50:30
-----------------------------
16:50:30.465    OS Version: Windows x64 6.0.6001 Service Pack 1
16:50:30.465    Number of processors: 4 586 0x1707
16:50:30.466    ComputerName: USER-PC  UserName: user
16:50:32.603    Initialize success
16:50:40.540    AVAST engine defs: 12111800
16:50:57.920    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:50:57.923    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.925    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:50:57.928    Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.965    Disk 0 MBR read successfully
16:50:57.968    Disk 0 MBR scan
16:50:57.974    Disk 0 Windows VISTA default MBR code
16:50:57.995    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       596303 MB offset 63
16:50:58.032    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14174 MB offset 1221229170
16:50:58.115    Disk 0 scanning C:\Windows\system32\drivers
16:51:30.305    Service scanning
16:51:54.212    Modules scanning
16:51:54.218    Disk 0 trace - called modules:
16:51:54.262    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
16:51:54.266    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cef790]
16:51:54.271    3 CLASSPNP.SYS[fffffa6000fcab3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005e2e050]
16:51:56.287    AVAST engine scan C:\Windows
16:52:11.131    AVAST engine scan C:\Windows\system32
16:59:24.749    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f8a4bff323da1a154bb66efb86094835\Microsoft.PowerShell.Commands.Management.ni.dll **HIDDEN**
16:59:24.959    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a528d11d0b501bc339fbbb4d436a0f6f **HIDDEN**
16:59:25.151    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7d964b677165b093dd02a684cd0156b2 **HIDDEN**
16:59:26.019    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b6b199fb068091c5fe84c320a9efbe82\Microsoft.PowerShell.Commands.Utility.ni.dll **HIDDEN**
16:59:26.821    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\03650614e86fbe15b055eb38f0b6ab1b\WindowsBase.ni.dll **HIDDEN**
16:59:27.557    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\39802a9e059a5c5472ece6283935ebab\Microsoft.PowerShell.ConsoleHost.ni.dll **HIDDEN**
16:59:27.904    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8fe312e872a074b7766fe902c74fac44\PresentationCFFRasterizer.ni.dll **HIDDEN**
17:00:04.212    AVAST engine scan C:\Windows\system32\drivers
17:00:44.539    AVAST engine scan C:\Users\user
17:05:30.340    Verifying
17:05:40.372    Disk 0 Windows 600 MBR fixed successfully
17:05:46.705    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
17:05:46.709    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
         
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 16:50:30
-----------------------------
16:50:30.465    OS Version: Windows x64 6.0.6001 Service Pack 1
16:50:30.465    Number of processors: 4 586 0x1707
16:50:30.466    ComputerName: USER-PC  UserName: user
16:50:32.603    Initialize success
16:50:40.540    AVAST engine defs: 12111800
16:50:57.920    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:50:57.923    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.925    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:50:57.928    Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.965    Disk 0 MBR read successfully
16:50:57.968    Disk 0 MBR scan
16:50:57.974    Disk 0 Windows VISTA default MBR code
16:50:57.995    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       596303 MB offset 63
16:50:58.032    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14174 MB offset 1221229170
16:50:58.115    Disk 0 scanning C:\Windows\system32\drivers
16:51:30.305    Service scanning
16:51:54.212    Modules scanning
16:51:54.218    Disk 0 trace - called modules:
16:51:54.262    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
16:51:54.266    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cef790]
16:51:54.271    3 CLASSPNP.SYS[fffffa6000fcab3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005e2e050]
16:51:56.287    AVAST engine scan C:\Windows
16:52:11.131    AVAST engine scan C:\Windows\system32
16:59:24.749    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f8a4bff323da1a154bb66efb86094835\Microsoft.PowerShell.Commands.Management.ni.dll **HIDDEN**
16:59:24.959    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a528d11d0b501bc339fbbb4d436a0f6f **HIDDEN**
16:59:25.151    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7d964b677165b093dd02a684cd0156b2 **HIDDEN**
16:59:26.019    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b6b199fb068091c5fe84c320a9efbe82\Microsoft.PowerShell.Commands.Utility.ni.dll **HIDDEN**
16:59:26.821    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\03650614e86fbe15b055eb38f0b6ab1b\WindowsBase.ni.dll **HIDDEN**
16:59:27.557    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\39802a9e059a5c5472ece6283935ebab\Microsoft.PowerShell.ConsoleHost.ni.dll **HIDDEN**
16:59:27.904    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8fe312e872a074b7766fe902c74fac44\PresentationCFFRasterizer.ni.dll **HIDDEN**
17:00:04.212    AVAST engine scan C:\Windows\system32\drivers
17:00:44.539    AVAST engine scan C:\Users\user
17:05:30.340    Verifying
17:05:40.372    Disk 0 Windows 600 MBR fixed successfully
17:05:46.705    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
17:05:46.709    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
         
Ich weiss nicht, ob du siehst, dass ich die benötigten Logfiles gepostet habe, da er nicht wie zuvor immer eine komplett neue antwort erstellt.

Zitat:
Zitat von nicnacs Beitrag anzeigen
Nein, dass habe ich falsch verstanden. Zurzeit läuft noch der Updatevorgang von Windows der bei 115 durchzuführenden Updates länger nicht mehr durchgeführt wurde. Werde die benötigte Logfile nach einem erneuten Durchlauf posten. Bis gleich!

So, jetzt sind alle neuen Windows Updates installiert sowie der gewünschte Scan gelaufen. hier die logfile:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 16:50:30
-----------------------------
16:50:30.465    OS Version: Windows x64 6.0.6001 Service Pack 1
16:50:30.465    Number of processors: 4 586 0x1707
16:50:30.466    ComputerName: USER-PC  UserName: user
16:50:32.603    Initialize success
16:50:40.540    AVAST engine defs: 12111800
16:50:57.920    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:50:57.923    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.925    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:50:57.928    Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.965    Disk 0 MBR read successfully
16:50:57.968    Disk 0 MBR scan
16:50:57.974    Disk 0 Windows VISTA default MBR code
16:50:57.995    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       596303 MB offset 63
16:50:58.032    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14174 MB offset 1221229170
16:50:58.115    Disk 0 scanning C:\Windows\system32\drivers
16:51:30.305    Service scanning
16:51:54.212    Modules scanning
16:51:54.218    Disk 0 trace - called modules:
16:51:54.262    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
16:51:54.266    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cef790]
16:51:54.271    3 CLASSPNP.SYS[fffffa6000fcab3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005e2e050]
16:51:56.287    AVAST engine scan C:\Windows
16:52:11.131    AVAST engine scan C:\Windows\system32
16:59:24.749    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f8a4bff323da1a154bb66efb86094835\Microsoft.PowerShell.Commands.Management.ni.dll **HIDDEN**
16:59:24.959    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a528d11d0b501bc339fbbb4d436a0f6f **HIDDEN**
16:59:25.151    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7d964b677165b093dd02a684cd0156b2 **HIDDEN**
16:59:26.019    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b6b199fb068091c5fe84c320a9efbe82\Microsoft.PowerShell.Commands.Utility.ni.dll **HIDDEN**
16:59:26.821    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\03650614e86fbe15b055eb38f0b6ab1b\WindowsBase.ni.dll **HIDDEN**
16:59:27.557    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\39802a9e059a5c5472ece6283935ebab\Microsoft.PowerShell.ConsoleHost.ni.dll **HIDDEN**
16:59:27.904    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8fe312e872a074b7766fe902c74fac44\PresentationCFFRasterizer.ni.dll **HIDDEN**
17:00:04.212    AVAST engine scan C:\Windows\system32\drivers
17:00:44.539    AVAST engine scan C:\Users\user
17:05:30.340    Verifying
17:05:40.372    Disk 0 Windows 600 MBR fixed successfully
17:05:46.705    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
17:05:46.709    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
         
Poste es noch mal, da ich nicht weiß, ob der post als aktualisiert angezeigt wird!

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 16:50:30
-----------------------------
16:50:30.465    OS Version: Windows x64 6.0.6001 Service Pack 1
16:50:30.465    Number of processors: 4 586 0x1707
16:50:30.466    ComputerName: USER-PC  UserName: user
16:50:32.603    Initialize success
16:50:40.540    AVAST engine defs: 12111800
16:50:57.920    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:50:57.923    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.925    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:50:57.928    Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.965    Disk 0 MBR read successfully
16:50:57.968    Disk 0 MBR scan
16:50:57.974    Disk 0 Windows VISTA default MBR code
16:50:57.995    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       596303 MB offset 63
16:50:58.032    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14174 MB offset 1221229170
16:50:58.115    Disk 0 scanning C:\Windows\system32\drivers
16:51:30.305    Service scanning
16:51:54.212    Modules scanning
16:51:54.218    Disk 0 trace - called modules:
16:51:54.262    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
16:51:54.266    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cef790]
16:51:54.271    3 CLASSPNP.SYS[fffffa6000fcab3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005e2e050]
16:51:56.287    AVAST engine scan C:\Windows
16:52:11.131    AVAST engine scan C:\Windows\system32
16:59:24.749    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f8a4bff323da1a154bb66efb86094835\Microsoft.PowerShell.Commands.Management.ni.dll **HIDDEN**
16:59:24.959    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a528d11d0b501bc339fbbb4d436a0f6f **HIDDEN**
16:59:25.151    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7d964b677165b093dd02a684cd0156b2 **HIDDEN**
16:59:26.019    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b6b199fb068091c5fe84c320a9efbe82\Microsoft.PowerShell.Commands.Utility.ni.dll **HIDDEN**
16:59:26.821    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\03650614e86fbe15b055eb38f0b6ab1b\WindowsBase.ni.dll **HIDDEN**
16:59:27.557    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\39802a9e059a5c5472ece6283935ebab\Microsoft.PowerShell.ConsoleHost.ni.dll **HIDDEN**
16:59:27.904    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8fe312e872a074b7766fe902c74fac44\PresentationCFFRasterizer.ni.dll **HIDDEN**
17:00:04.212    AVAST engine scan C:\Windows\system32\drivers
17:00:44.539    AVAST engine scan C:\Users\user
17:05:30.340    Verifying
17:05:40.372    Disk 0 Windows 600 MBR fixed successfully
17:05:46.705    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
17:05:46.709    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
         
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 16:50:30
-----------------------------
16:50:30.465    OS Version: Windows x64 6.0.6001 Service Pack 1
16:50:30.465    Number of processors: 4 586 0x1707
16:50:30.466    ComputerName: USER-PC  UserName: user
16:50:32.603    Initialize success
16:50:40.540    AVAST engine defs: 12111800
16:50:57.920    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:50:57.923    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.925    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:50:57.928    Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.965    Disk 0 MBR read successfully
16:50:57.968    Disk 0 MBR scan
16:50:57.974    Disk 0 Windows VISTA default MBR code
16:50:57.995    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       596303 MB offset 63
16:50:58.032    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14174 MB offset 1221229170
16:50:58.115    Disk 0 scanning C:\Windows\system32\drivers
16:51:30.305    Service scanning
16:51:54.212    Modules scanning
16:51:54.218    Disk 0 trace - called modules:
16:51:54.262    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
16:51:54.266    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cef790]
16:51:54.271    3 CLASSPNP.SYS[fffffa6000fcab3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005e2e050]
16:51:56.287    AVAST engine scan C:\Windows
16:52:11.131    AVAST engine scan C:\Windows\system32
16:59:24.749    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f8a4bff323da1a154bb66efb86094835\Microsoft.PowerShell.Commands.Management.ni.dll **HIDDEN**
16:59:24.959    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a528d11d0b501bc339fbbb4d436a0f6f **HIDDEN**
16:59:25.151    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7d964b677165b093dd02a684cd0156b2 **HIDDEN**
16:59:26.019    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b6b199fb068091c5fe84c320a9efbe82\Microsoft.PowerShell.Commands.Utility.ni.dll **HIDDEN**
16:59:26.821    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\03650614e86fbe15b055eb38f0b6ab1b\WindowsBase.ni.dll **HIDDEN**
16:59:27.557    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\39802a9e059a5c5472ece6283935ebab\Microsoft.PowerShell.ConsoleHost.ni.dll **HIDDEN**
16:59:27.904    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8fe312e872a074b7766fe902c74fac44\PresentationCFFRasterizer.ni.dll **HIDDEN**
17:00:04.212    AVAST engine scan C:\Windows\system32\drivers
17:00:44.539    AVAST engine scan C:\Users\user
17:05:30.340    Verifying
17:05:40.372    Disk 0 Windows 600 MBR fixed successfully
17:05:46.705    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
17:05:46.709    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
         
ich weiss nicht warum er kein neuen EEintrag erstellt:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 16:50:30
-----------------------------
16:50:30.465    OS Version: Windows x64 6.0.6001 Service Pack 1
16:50:30.465    Number of processors: 4 586 0x1707
16:50:30.466    ComputerName: USER-PC  UserName: user
16:50:32.603    Initialize success
16:50:40.540    AVAST engine defs: 12111800
16:50:57.920    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:50:57.923    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.925    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:50:57.928    Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.965    Disk 0 MBR read successfully
16:50:57.968    Disk 0 MBR scan
16:50:57.974    Disk 0 Windows VISTA default MBR code
16:50:57.995    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       596303 MB offset 63
16:50:58.032    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14174 MB offset 1221229170
16:50:58.115    Disk 0 scanning C:\Windows\system32\drivers
16:51:30.305    Service scanning
16:51:54.212    Modules scanning
16:51:54.218    Disk 0 trace - called modules:
16:51:54.262    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
16:51:54.266    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cef790]
16:51:54.271    3 CLASSPNP.SYS[fffffa6000fcab3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005e2e050]
16:51:56.287    AVAST engine scan C:\Windows
16:52:11.131    AVAST engine scan C:\Windows\system32
16:59:24.749    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f8a4bff323da1a154bb66efb86094835\Microsoft.PowerShell.Commands.Management.ni.dll **HIDDEN**
16:59:24.959    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a528d11d0b501bc339fbbb4d436a0f6f **HIDDEN**
16:59:25.151    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7d964b677165b093dd02a684cd0156b2 **HIDDEN**
16:59:26.019    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b6b199fb068091c5fe84c320a9efbe82\Microsoft.PowerShell.Commands.Utility.ni.dll **HIDDEN**
16:59:26.821    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\03650614e86fbe15b055eb38f0b6ab1b\WindowsBase.ni.dll **HIDDEN**
16:59:27.557    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\39802a9e059a5c5472ece6283935ebab\Microsoft.PowerShell.ConsoleHost.ni.dll **HIDDEN**
16:59:27.904    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8fe312e872a074b7766fe902c74fac44\PresentationCFFRasterizer.ni.dll **HIDDEN**
17:00:04.212    AVAST engine scan C:\Windows\system32\drivers
17:00:44.539    AVAST engine scan C:\Users\user
17:05:30.340    Verifying
17:05:40.372    Disk 0 Windows 600 MBR fixed successfully
17:05:46.705    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
17:05:46.709    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
         
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 16:50:30
-----------------------------
16:50:30.465    OS Version: Windows x64 6.0.6001 Service Pack 1
16:50:30.465    Number of processors: 4 586 0x1707
16:50:30.466    ComputerName: USER-PC  UserName: user
16:50:32.603    Initialize success
16:50:40.540    AVAST engine defs: 12111800
16:50:57.920    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:50:57.923    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.925    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:50:57.928    Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.965    Disk 0 MBR read successfully
16:50:57.968    Disk 0 MBR scan
16:50:57.974    Disk 0 Windows VISTA default MBR code
16:50:57.995    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       596303 MB offset 63
16:50:58.032    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14174 MB offset 1221229170
16:50:58.115    Disk 0 scanning C:\Windows\system32\drivers
16:51:30.305    Service scanning
16:51:54.212    Modules scanning
16:51:54.218    Disk 0 trace - called modules:
16:51:54.262    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
16:51:54.266    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cef790]
16:51:54.271    3 CLASSPNP.SYS[fffffa6000fcab3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005e2e050]
16:51:56.287    AVAST engine scan C:\Windows
16:52:11.131    AVAST engine scan C:\Windows\system32
16:59:24.749    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f8a4bff323da1a154bb66efb86094835\Microsoft.PowerShell.Commands.Management.ni.dll **HIDDEN**
16:59:24.959    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a528d11d0b501bc339fbbb4d436a0f6f **HIDDEN**
16:59:25.151    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7d964b677165b093dd02a684cd0156b2 **HIDDEN**
16:59:26.019    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b6b199fb068091c5fe84c320a9efbe82\Microsoft.PowerShell.Commands.Utility.ni.dll **HIDDEN**
16:59:26.821    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\03650614e86fbe15b055eb38f0b6ab1b\WindowsBase.ni.dll **HIDDEN**
16:59:27.557    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\39802a9e059a5c5472ece6283935ebab\Microsoft.PowerShell.ConsoleHost.ni.dll **HIDDEN**
16:59:27.904    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8fe312e872a074b7766fe902c74fac44\PresentationCFFRasterizer.ni.dll **HIDDEN**
17:00:04.212    AVAST engine scan C:\Windows\system32\drivers
17:00:44.539    AVAST engine scan C:\Users\user
17:05:30.340    Verifying
17:05:40.372    Disk 0 Windows 600 MBR fixed successfully
17:05:46.705    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
17:05:46.709    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
         
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 16:50:30
-----------------------------
16:50:30.465    OS Version: Windows x64 6.0.6001 Service Pack 1
16:50:30.465    Number of processors: 4 586 0x1707
16:50:30.466    ComputerName: USER-PC  UserName: user
16:50:32.603    Initialize success
16:50:40.540    AVAST engine defs: 12111800
16:50:57.920    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:50:57.923    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.925    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:50:57.928    Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:50:57.965    Disk 0 MBR read successfully
16:50:57.968    Disk 0 MBR scan
16:50:57.974    Disk 0 Windows VISTA default MBR code
16:50:57.995    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       596303 MB offset 63
16:50:58.032    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14174 MB offset 1221229170
16:50:58.115    Disk 0 scanning C:\Windows\system32\drivers
16:51:30.305    Service scanning
16:51:54.212    Modules scanning
16:51:54.218    Disk 0 trace - called modules:
16:51:54.262    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
16:51:54.266    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cef790]
16:51:54.271    3 CLASSPNP.SYS[fffffa6000fcab3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005e2e050]
16:51:56.287    AVAST engine scan C:\Windows
16:52:11.131    AVAST engine scan C:\Windows\system32
16:59:24.749    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f8a4bff323da1a154bb66efb86094835\Microsoft.PowerShell.Commands.Management.ni.dll **HIDDEN**
16:59:24.959    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a528d11d0b501bc339fbbb4d436a0f6f **HIDDEN**
16:59:25.151    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7d964b677165b093dd02a684cd0156b2 **HIDDEN**
16:59:26.019    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b6b199fb068091c5fe84c320a9efbe82\Microsoft.PowerShell.Commands.Utility.ni.dll **HIDDEN**
16:59:26.821    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\03650614e86fbe15b055eb38f0b6ab1b\WindowsBase.ni.dll **HIDDEN**
16:59:27.557    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\39802a9e059a5c5472ece6283935ebab\Microsoft.PowerShell.ConsoleHost.ni.dll **HIDDEN**
16:59:27.904    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8fe312e872a074b7766fe902c74fac44\PresentationCFFRasterizer.ni.dll **HIDDEN**
17:00:04.212    AVAST engine scan C:\Windows\system32\drivers
17:00:44.539    AVAST engine scan C:\Users\user
17:05:30.340    Verifying
17:05:40.372    Disk 0 Windows 600 MBR fixed successfully
17:05:46.705    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
17:05:46.709    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
         
Ich weiss nicht, ob du siehst, dass ich die benötigten Logfiles gepostet habe, da er nicht wie zuvor immer eine komplett neue antwort erstellt.
Ich weiss nicht warum er keine neue antwort erstellt...

vielleicht gehts so...

updateversuch

Eintrag wird nicht aktualisiert

erneuter check zum update

Zitat:
Zitat von ryder Beitrag anzeigen
Du hast den Fix gemacht, dann nochmal gestartet und nochmal ein log gemacht?

hoffe, dass mein eintrag als aktualisiert angezeigt wird

erneuter versuch

Alt 18.11.2012, 18:14   #14
ryder
/// TB-Ausbilder
 
Befall mehrer Rechner eines Haushalts mit multiplen Trojanern - Standard

Befall mehrer Rechner eines Haushalts mit multiplen Trojanern



Ja einmal hätte wirkliich ausgereicht.

Gut, also das hat jetzt einen Schädling ausser Kraft gesetzt.

Du willst jetzt also neu installieren oder versuchen zu bereinigen?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 18.11.2012, 18:45   #15
nicnacs
 
Befall mehrer Rechner eines Haushalts mit multiplen Trojanern - Standard

Befall mehrer Rechner eines Haushalts mit multiplen Trojanern



Sorry, wusste nicht, dass das Thema dann als aktualisiert gilt.
Ja, möchte den Rechner gerne neu aufsetzen.

Antwort

Themen zu Befall mehrer Rechner eines Haushalts mit multiplen Trojanern
7-zip, antivir, autorun, bonjour, conduit, converter, desktop, error, firefox, flash player, frage, google, home, install.exe, intranet, karte, kreditkarte, microsoft office word, mozilla, mozilla thunderbird, mp3, officejet, plug-in, problem, realtek, registry, rundll, scan, sched.exe, searchscopes, security, senden, software, studio, svchost.exe, trojaner, version=1.0, vista



Ähnliche Themen: Befall mehrer Rechner eines Haushalts mit multiplen Trojanern


  1. Positiver Befall mit 4 Trojanern unter Windows7 #1
    Log-Analyse und Auswertung - 22.05.2015 (20)
  2. Acer Windows 7-Rechner * Befall von Viren und Trojanern? * Antivir Rescue CD beseitigt Viren/Trojanernicht
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (15)
  3. Mehrfacher Befall von Trojanern
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (15)
  4. Befall mehrerer Rechner eines Netzwerks Eintrag wird nicht aktualisiert
    Mülltonne - 18.11.2012 (1)
  5. Befall von 2 trojanern
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (1)
  6. Spyeye Befall Rechner A - Neuinstallation über Rechner B
    Log-Analyse und Auswertung - 19.10.2011 (5)
  7. Multipler Befall von Trojanern
    Log-Analyse und Auswertung - 28.03.2011 (18)
  8. Mit multiplen Online-Persönlichkeiten gegen Feindpropaganda
    Nachrichten - 18.03.2011 (0)
  9. Bekämpfungsprogramme, um meinen Rechner von Trojanern und Viren freizukriegen?
    Antiviren-, Firewall- und andere Schutzprogramme - 28.01.2011 (1)
  10. Befall mit sshnas21.dll und weiteren Trojanern - erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (16)
  11. Befall mehrer Viren/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (1)
  12. Rechner befallen von Trojanern (wahrscheinlich ihaupd32.exe)
    Plagegeister aller Art und deren Bekämpfung - 02.04.2010 (8)
  13. Befall mit Trojanern&Malware.Entfernen mit Antivir, Housecall, Spybot klappt nicht
    Plagegeister aller Art und deren Bekämpfung - 29.11.2008 (0)
  14. Befall von Antivirus xp, Trojanern und sonstiges
    Plagegeister aller Art und deren Bekämpfung - 16.09.2008 (8)
  15. Mailmanager mit multiplen Mailkontenmanagement gesucht
    Alles rund um Windows - 29.09.2007 (6)
  16. Befall mit verschiedenen Trojanern!
    Plagegeister aller Art und deren Bekämpfung - 25.04.2006 (8)
  17. Rechner voll mit Trojanern und Viren???
    Log-Analyse und Auswertung - 10.10.2005 (4)

Zum Thema Befall mehrer Rechner eines Haushalts mit multiplen Trojanern - Hallo, wie der Betreff bereits beschreibt sind 2 Rechner (Laptop sowie stationärer Desktop) meines Vaters mit multiplen Trojanern befallen. Da es sich bei den Rechnern um teilweise die selben Trojaner - Befall mehrer Rechner eines Haushalts mit multiplen Trojanern...
Archiv
Du betrachtest: Befall mehrer Rechner eines Haushalts mit multiplen Trojanern auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.