Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner Generic28.BVLH und Crypt.AXUH an Board :(

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.12.2012, 21:37   #1
Ilithrien
 
Trojaner Generic28.BVLH und Crypt.AXUH an Board :( - Standard

Trojaner Generic28.BVLH und Crypt.AXUH an Board :(



Hallo zusammen!

Schonmal Danke voraus, dass ihr euch Zeit für mein Problem nehmt!
Montag ist mir aufgefallen, dass das System einfach absolut unrund läuft, als ich Oblivion mal wieder installieren wollte. Der Rechner war sehr langsam, die Installation min 1 mal abgebrochen und das Spiel ist an untypischen Stellen abgestürzt.
Der Tastmanager lies sich gar nicht öffnen, bzw blitzte kurz auf, schloss sich aber direkt wieder. Auch nach mehreren Neustarts gleiches Phänomen. Dachte erst, okay, vielleicht liegts mit der Installation quer - System zurückgesetzt auf den Zeitpunkt vor der Installation. Immernoch kein Taskmanager! Das hat mich dann stutzig gemacht.
Sobald eine Anwendung etwas mehr Speicher fraß, weil was nicht rundlief, fror der ganze PC ein.
Dienstag konnte ich dann wenigstens noch in den abgesicherten Modus wenn ich ihn wieder hochfuhr. Ab Mittwoch hats während dem Systemstart ausser "F12" um ins Bootmenü oder "Del" für Bios gar nichts erkannt. Ich kann nicht mehr über die Pfeiltasten navigieren oder über "Esc" oder "Enter" was bestätigen oder abbrechen. (USB Tastatur)

AVG hat dann Mittwoch 2 Trojaner entdeckt nachdem Ad-Aware nämlich nix fand. (jetzt weiß ich auch, warum ich nie was von dem Programm gehört hab, bevor mein Ex mir das beim Neuaufsetzten damals da drauf gepappt hat)


Gefunden wurden eben Generic28.BVLH und Crypt.AXUH Als Ort gab es an:

Für Generic28

C:\Windows\SysWOW64\rundll32.exe (2840)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (2908)

Für Crypt:

C:\Windows\SysWOW64\rundll32.exe (2840)


Angeblich entfernt, beim Kontrollscan waren sie direkt wieder da, bzw Crypt war weg, Generic immer wieder da (3 Scans...)

Plötzlich jammerte der PC dann beim Hochfahren das C:\Users\Michi\AppData\Local\Temp\0_0u_i.exe nicht gefunden und gestartet werden konnte.

Beim Lesen über Generic bin ich über die Ansage und ne eeewig lange Liste gestolpert, welche Dateien man manuell alles löschen sollte. Sehr viel auch in Ordnern von Temp Dateien. Das hab ich mich so nicht getraut. Einzig die temporären Daten unter Windows/Temp und eben AppData/Temp hatte ich dann mal kollektiv ausgefegt. Und schwubbs: Die Meldung ploppte nicht mehr auf.
Scan mit AVG: Nichts gefunden, Antivir: nichts gefunden.

EDIT: Ich hab immer nur ein Programm laufen gehabt. Sobald ich weitere Virenscanner benutzt habe, waren die anderen komplett beendet um Konflikte zu vermeiden.

Tipp von nem Freund: "TrojanRemover" verwies dann doch nochmal auf die Datei. Nach nem Neustart hing sich die Kiste dann ganz auf, sobalds sie eine Verbindung zum Neztwerk herstellen wollte.

EDIT: War sogar sowild, das es ne Zeitüberschreitung beim Ausführen von Strg+Alt+Entf gab und ich die Kiste hart ausschalten sollte!! Das Windows mir das mal rät ôO

Heute nach der Arbeit dann nochmal ohne Lan-Verbindung hochgefahren: Ging! TrojanRemover nochmal seinen FastScan gemacht. Soweit gut - nichts gefunden

PC ist seitdem noch nicht neugestartet worden, da ich froh war, ans Internet zu kommen für weitere Hilfe. Dann bin ich über euer Bord gestolpert.

Lange Rede, kurzer Sinn:

Bin ich das miese Vieh wirklich los?


Hier die Logfiles von OTL:

Code:
ATTFilter
OTL logfile created on: 14.12.2012 21:38:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,37% Memory free
8,00 Gb Paging File | 6,43 Gb Available in Paging File | 80,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 76,59 Gb Total Space | 29,32 Gb Free Space | 38,28% Space Free | Partition Type: NTFS
Drive D: | 275,41 Gb Total Space | 263,09 Gb Free Space | 95,53% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 61,66 Mb Free Space | 61,66% Space Free | Partition Type: NTFS
Drive F: | 22,67 Gb Total Space | 22,58 Gb Free Space | 99,57% Space Free | Partition Type: NTFS
Drive G: | 2,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.14 21:33:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe
PRC - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.11.02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2012.10.29 17:33:28 | 001,573,584 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.10.27 09:49:59 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2012.03.29 11:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.10.21 10:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.12 19:25:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.07 20:43:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.11.02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.29 11:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.05.17 17:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.09.04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 05:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.11 15:26:04 | 000,072,280 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011.04.29 13:15:42 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2011.04.05 16:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011.04.05 16:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011.04.05 16:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011.02.08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.04.29 13:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=de_NL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 7E 7E 03 88 D7 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9A21F002-B57C-4B44-8AEC-F78DAE5C3959}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=5d692efb-ad1c-4af5-b74c-3db8907c1e40&apn_sauid=C9498B6C-C066-4741-B4B1-2985A609E5A3
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=de_NL"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&locale=de_NL&apn_uid=5d692efb-ad1c-4af5-b74c-3db8907c1e40&apn_ptnrs=%5EAGY&apn_sauid=C9498B6C-C066-4741-B4B1-2985A609E5A3&apn_dtid=%5EYYYYYY%5EYY%5ENL&&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.11 11:09:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.11 11:09:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.07 20:43:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.04.30 21:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions
[2012.12.13 21:06:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\extensions
[2012.12.13 21:06:35 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\extensions\toolbar@ask.com
[2012.12.13 21:06:35 | 000,002,344 | ---- | M] () -- C:\Users\Michi\AppData\Roaming\mozilla\firefox\profiles\n3ze8381.default-1355223939464\searchplugins\askcom.xml
[2012.12.11 11:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.11 11:09:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.03 11:45:03 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009.08.14 11:33:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2009.08.14 11:33:30 | 000,091,480 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2009.08.14 11:33:26 | 000,020,824 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2007.03.16 16:33:48 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll
[2007.03.16 16:33:48 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll
[2007.03.16 16:33:50 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll
[2009.08.14 11:35:40 | 000,427,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2009.08.14 11:33:22 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012.06.26 17:41:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.03 07:03:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.26 17:41:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 17:41:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 17:41:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 17:41:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [Spotify] C:\Users\Michi\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab (JuniperSetupClientControl64 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F544E0B-93CF-4601-940A-6CF30D3BAFAE}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.14 12:08:11 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{27c5938d-977c-11e1-ba14-001fd05d8c26}\Shell - "" = AutoRun
O33 - MountPoints2\{27c5938d-977c-11e1-ba14-001fd05d8c26}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e5bbf3e7-92f0-11e1-96ff-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e5bbf3e7-92f0-11e1-96ff-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe -- [2009.07.14 12:08:11 | 000,111,880 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.14 21:32:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe
[2012.12.14 21:32:12 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten-Dateien
[2012.12.13 22:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.12.13 22:18:50 | 000,000,000 | ---D | C] -- C:\Users\Michi\Documents\Simply Super Software
[2012.12.13 22:18:50 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Simply Super Software
[2012.12.13 22:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.12.13 22:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.12.13 22:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.12.13 21:09:58 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Avira
[2012.12.13 21:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.12.13 21:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.12.13 21:05:22 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.13 21:05:22 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.13 21:05:22 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.12.13 21:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.12.13 21:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.12.13 20:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.12.13 20:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012.12.13 20:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2012.12.12 19:27:54 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Canneverbe Limited
[2012.12.12 19:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.12.12 19:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012.12.12 19:19:09 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Nero_AG
[2012.12.12 19:18:38 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Nero
[2012.12.12 19:18:19 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Nero
[2012.12.12 19:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012.12.12 19:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012.12.12 19:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012.12.12 19:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.12.12 17:51:18 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\AVG2013
[2012.12.12 17:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.12.12 17:46:40 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\TuneUp Software
[2012.12.12 17:44:54 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.12.12 17:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012.12.12 17:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012.12.12 17:37:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.12 17:37:30 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\MFAData
[2012.12.12 17:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.12.12 17:37:30 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Avg2013
[2012.12.11 13:05:16 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\image win 7
[2012.12.11 12:54:19 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\win 7
[2012.12.11 12:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net
[2012.12.11 12:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roadkil.Net
[2012.12.11 12:51:24 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\isopuzzle
[2012.12.11 12:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[2012.12.11 12:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart File Advisor
[2012.12.11 12:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects
[2012.12.11 12:10:13 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\ImgBurn
[2012.12.11 12:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012.12.11 12:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012.12.11 12:05:42 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\Alte Firefox-Daten
[2012.12.11 11:12:04 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\adaware
[2012.12.10 23:10:32 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\ElevatedDiagnostics
[2012.12.10 18:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Improved
[2012.12.10 18:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oblivion Improved
[2012.12.10 17:03:50 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.12.09 20:31:13 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\oblivion
[2012.12.09 20:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager
[2012.12.09 20:22:03 | 000,000,000 | ---D | C] -- C:\Users\Michi\Documents\my games
[2012.12.09 19:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2012.12.09 19:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012.12.09 18:59:09 | 000,000,000 | RH-D | C] -- C:\Users\Michi\AppData\Roaming\SecuROM
[2012.11.29 19:07:05 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\TeamViewer
[2012.11.29 19:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.11.19 21:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.14 21:35:34 | 000,000,000 | ---- | M] () -- C:\Users\Michi\defogger_reenable
[2012.12.14 21:33:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe
[2012.12.14 21:32:16 | 000,065,416 | ---- | M] () -- C:\Users\Michi\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html
[2012.12.14 21:31:32 | 000,050,477 | ---- | M] () -- C:\Users\Michi\Desktop\Defogger.exe
[2012.12.14 21:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.14 21:21:42 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.14 21:21:42 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.14 21:07:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.14 21:07:06 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.13 22:18:46 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.12.13 21:06:46 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.13 19:38:48 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.12 19:27:24 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.12.12 19:17:29 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012.12.12 17:46:41 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.12.11 19:50:13 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.12.11 19:50:13 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.12.11 12:53:44 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Roadkil's Unstoppable Copier.lnk
[2012.12.11 12:41:23 | 000,001,192 | ---- | M] () -- C:\Users\Michi\Desktop\IsoBuster.lnk
[2012.12.11 12:08:43 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012.12.11 11:17:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[2012.12.09 12:12:53 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.12.06 16:45:55 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.06 16:45:55 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.06 16:45:55 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.06 16:45:55 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.06 16:45:55 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.29 19:05:36 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2012.12.14 21:35:34 | 000,000,000 | ---- | C] () -- C:\Users\Michi\defogger_reenable
[2012.12.14 21:32:12 | 000,065,416 | ---- | C] () -- C:\Users\Michi\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html
[2012.12.14 21:31:30 | 000,050,477 | ---- | C] () -- C:\Users\Michi\Desktop\Defogger.exe
[2012.12.13 22:18:46 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.12.13 21:06:46 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.12 19:27:24 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.12.12 19:27:24 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.12.12 19:17:29 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012.12.12 17:46:41 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.12.11 12:53:44 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Roadkil's Unstoppable Copier.lnk
[2012.12.11 12:41:23 | 000,001,192 | ---- | C] () -- C:\Users\Michi\Desktop\IsoBuster.lnk
[2012.12.11 12:08:43 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012.12.11 12:08:43 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012.12.11 11:52:36 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.12.11 11:52:36 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012.12.11 11:17:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat
[2012.11.29 19:05:36 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.11.29 19:05:36 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.11.18 22:51:44 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.18 22:40:26 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.07.02 18:31:51 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.04.30 21:37:42 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.08 18:53:51 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\.minecraft
[2012.12.11 11:15:41 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Ad-Aware Antivirus
[2012.11.29 19:36:57 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Audacity
[2012.12.12 17:51:18 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\AVG2013
[2012.12.12 19:27:54 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Canneverbe Limited
[2012.05.14 12:59:00 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Canon
[2012.12.14 21:29:21 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Dropbox
[2012.05.10 22:59:25 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Foxit Software
[2012.10.16 17:57:30 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ICAClient
[2012.12.11 12:10:13 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ImgBurn
[2012.07.04 23:48:46 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\IrfanView
[2012.08.28 18:46:32 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Juniper Networks
[2012.05.02 06:44:26 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\OpenOffice.org
[2012.07.04 23:53:29 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\RCP 6
[2012.12.13 22:18:50 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Simply Super Software
[2012.12.14 21:33:26 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Spotify
[2012.11.29 19:22:35 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\TeamViewer
[2012.04.30 21:12:31 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Thunderbird
[2012.05.01 19:37:56 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\TS3Client
[2012.05.01 19:36:47 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ts3overlay
[2012.12.12 17:46:40 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 14.12.2012 21:38:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,37% Memory free
8,00 Gb Paging File | 6,43 Gb Available in Paging File | 80,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 76,59 Gb Total Space | 29,32 Gb Free Space | 38,28% Space Free | Partition Type: NTFS
Drive D: | 275,41 Gb Total Space | 263,09 Gb Free Space | 95,53% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 61,66 Mb Free Space | 61,66% Space Free | Partition Type: NTFS
Drive F: | 22,67 Gb Total Space | 22,58 Gb Free Space | 99,57% Space Free | Partition Type: NTFS
Drive G: | 2,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14F60E8D-C8DE-49BE-9204-F7E2863BB0D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2AEC7EC9-0E3D-45E6-A209-DADBEBCA5594}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{30CDDF08-726B-4192-9E95-DA63102708BA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3146F934-674A-458D-9032-5DDE025022C7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3C329E82-823D-4FB9-8091-60955D61A6E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{41697BEB-BC90-4759-B0B5-DEFE82258C37}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4879CA2C-043C-449B-908B-A46F91FBB97A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4ACF8635-E5D5-457B-9958-7B5C903373F7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{728D48E0-F24D-4B69-A75B-280271D96FFB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{72AFE86F-11B4-4423-8FBC-0C78A59B2043}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8811505D-B057-4E49-91EF-D313040305E4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8CA00294-0804-49FF-83FF-B725F9DE0DAC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{903683B4-E788-44F9-94A3-0EA17C3F999A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{937497CF-B13F-4AEA-B608-8C2DE7D93664}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A849CEC8-D9A6-4D2B-8BF8-087CD022F6DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B3749D49-D066-407C-9FAE-BB34AA0C81D0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B7FCB0AB-9329-4F77-9C16-43C2FE2695A7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BF05A72E-E088-4C13-9A28-9EF75E4C68B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D1D31D53-074C-4725-BDCB-121B3902777A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E7512FEF-C511-446E-AF2B-060157F8E8DE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EAFC6C16-E804-4271-A528-AD7CFE2DE88D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ECA33431-1DA2-4823-8AFD-B447115835A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FD4A5C62-D823-49BD-99B0-641490DDEB5A}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046C9906-2ADE-43B4-A140-0E082A706D3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{062962F7-AC2A-452A-96C8-9FC9F8D395FD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{07CFE2D1-33F8-430D-965D-B891263F2937}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{11736EA1-B3E6-4C25-AFA3-C7FAB51DB000}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{16C17FEC-2829-4BF5-A1D4-AC979F44E585}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe | 
"{21459F0D-CF85-4E65-A669-2B6096673AB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{22A11654-90F9-4392-8C1A-C78E4C83E81A}" = protocol=17 | dir=in | app=c:\users\michi\appdata\roaming\spotify\spotify.exe | 
"{22C80196-6BCD-46F5-AC13-ABFADECE7D75}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{27F8FAA5-8DE4-43A7-9AF9-2BE3F488E752}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2E913C22-E0AE-4648-8099-918682D7DA60}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3791539E-6F69-4FF3-81D9-4CB76E1B842A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{39B1B689-455B-407D-BA9D-C50A1FFF436A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{3BECD75F-0AFC-435D-8693-C1C4789C3AD6}" = protocol=6 | dir=in | app=c:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3E79DB4D-EA1A-425B-B1F9-DF8C01CB7D21}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6316DA77-A4CA-43CF-8483-C4D9451B4B5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6DA76A9B-643F-4CC9-B5F4-834E21E3E582}" = protocol=6 | dir=in | app=c:\users\michi\appdata\roaming\spotify\spotify.exe | 
"{78D721FC-82F5-4EB8-8C2A-CA99E665DE69}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{7CB442C0-9EBB-4E2F-8DE1-5E11FC99E513}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7E2353FF-8F67-44CC-9132-9B98A89E3B3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8E397181-EB2E-4E31-8AC4-23875BFCCACA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{90490784-4963-4582-BB45-2F524D96EDCC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{96586787-5B9A-4F4C-A47B-9DBC2C297D21}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{9B91A62D-54C0-4C6B-966E-4C3B993F8D0F}" = protocol=6 | dir=in | app=c:\users\michi\appdata\roaming\spotify\spotify.exe | 
"{9BDA0D94-F911-4B8D-94EA-2F980BEE0DC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F420CFF-2583-46F6-9A98-89F932996996}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{A0CFEB72-310A-4165-A749-B45645DFFD98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A25ED3FA-053A-4115-B162-CFECE9351AE1}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe | 
"{A5D9EC14-B8C0-4CE8-B6BE-52384555C472}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AD0301E0-9680-4396-B5AA-3C22A57AC57C}" = protocol=17 | dir=in | app=c:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{AD181834-C8D1-4EEA-9B40-20D699CB6E8A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{B8281A05-DD2A-42D1-97CA-6AF8A9378736}" = protocol=6 | dir=out | app=system | 
"{C578EDF6-9459-4579-96FD-AA480D3EE303}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{C96E6E0A-07E2-4129-B741-A8A60C88A5C8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D14314E4-6765-4C84-87EC-3DEBFE50CDFB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{D890A29D-1174-46AA-906A-89C9CE6F4FBF}" = protocol=17 | dir=in | app=c:\users\michi\appdata\roaming\spotify\spotify.exe | 
"{DB3D034C-FFCE-48BB-984A-7E13FE1C9465}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{DBFD7F88-11E5-464E-9A8A-DBD4BAA6C355}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{E86A9B4A-8566-4912-8EC9-1A55DAF678FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F100ACFF-515C-4778-B62E-86F757E26E53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FB1ED8AD-FF73-4765-B2BE-3B44664283B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{76B8A690-EFE2-4271-829B-44E303817930}C:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C2C0422B-830C-4FC8-86B4-6A7229F2FB4E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{01C16974-8243-463F-A0C9-344A78E76F28}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{651E8647-D074-4069-AD78-CE7B6F025B9F}C:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{DAD98ADA-0824-4946-98BB-0BDD03233398}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client 64-bit Activex Control
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2981DA65-BD02-4DCC-9D64-C8E325AE6B9B}" = Nero Kwik Media
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C0B165DC-F037-483F-B1C9-D89D91529CEB}" = Citrix XenApp Web Plugin
"{cc937cbc-4be2-4227-9660-ff2f2a1d9467}" = Ad-Aware Antivirus
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Foxit Reader_is1" = Foxit Reader
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 3.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"LAME_is1" = LAME v3.99.3 (for Windows)
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ReaConverter 6.7 Standard_is1" = ReaConverter 6.7 Standard
"Security Task Manager" = Security Task Manager 1.8d
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Trojan Remover_is1" = Trojan Remover 6.8.5
"VLC media player" = VLC media player 2.0.1
"waterMark V2" = waterMark V2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"Juniper_Citrix_Services" = Juniper Citrix Services Client
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Puzzle Pirates" = Puzzle Pirates
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.12.2012 06:01:04 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Michi\Downloads\SoftonicDownloader_fuer_irfanview.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 11.12.2012 06:13:21 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: c2c_service.exe, Version: 6.3.0.11079,
 Zeitstempel: 0x506ada69  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x5e4  Startzeit der fehlerhaften Anwendung: 0x01cdd787cb9b0740  Pfad der
 fehlerhaften Anwendung: C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 638911f0-437b-11e2-b0c7-001fd05d8c26
 
Error - 11.12.2012 06:13:23 | Computer Name = Michi-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Skype C2C Service" konnte nicht heruntergefahren
 werden.
 
Error - 11.12.2012 06:13:40 | Computer Name = Michi-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 11.12.2012 07:36:21 | Computer Name = Michi-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
 nicht initialisiert werden.  Details: Could not query the status of the EventSystem
 service.  System Error: Der Computer wird heruntergefahren.  .
 
Error - 11.12.2012 07:51:00 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IsoPuzzle.exe, Version: 1.0.0.1, 
Zeitstempel: 0x478bece0  Name des fehlerhaften Moduls: IsoPuzzle.exe, Version: 1.0.0.1,
 Zeitstempel: 0x478bece0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001c0d  ID des fehlerhaften
 Prozesses: 0x1218  Startzeit der fehlerhaften Anwendung: 0x01cdd795c5dbbe40  Pfad der
 fehlerhaften Anwendung: C:\Users\Michi\AppData\Local\Temp\Rar$EXa0.769\IsoPuzzle.exe
Pfad
 des fehlerhaften Moduls: C:\Users\Michi\AppData\Local\Temp\Rar$EXa0.769\IsoPuzzle.exe
Berichtskennung:
 07f8b300-4389-11e2-a795-001fd05d8c26
 
Error - 11.12.2012 07:51:42 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IsoPuzzle.exe, Version: 1.0.0.1, 
Zeitstempel: 0x478bece0  Name des fehlerhaften Moduls: IsoPuzzle.exe, Version: 1.0.0.1,
 Zeitstempel: 0x478bece0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001c0d  ID des fehlerhaften
 Prozesses: 0x724  Startzeit der fehlerhaften Anwendung: 0x01cdd795dec4ba10  Pfad der
 fehlerhaften Anwendung: C:\Users\Michi\Desktop\isopuzzle\IsoPuzzle.exe  Pfad des 
fehlerhaften Moduls: C:\Users\Michi\Desktop\isopuzzle\IsoPuzzle.exe  Berichtskennung:
 20bfde90-4389-11e2-a795-001fd05d8c26
 
Error - 11.12.2012 14:34:18 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Michi\Downloads\SoftonicDownloader_fuer_irfanview.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 12.12.2012 13:42:06 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avgui.exe, Version: 13.0.0.2792, 
Zeitstempel: 0x50993af1  Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.1,
 Zeitstempel: 0x4d5f0c22  Ausnahmecode: 0x40000015  Fehleroffset: 0x0008d6fd  ID des fehlerhaften
 Prozesses: 0xc34  Startzeit der fehlerhaften Anwendung: 0x01cdd888e801bdb4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\AVG\AVG2013\avgui.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\MSVCR100.dll  Berichtskennung: 3e924aac-4483-11e2-a09d-001fd05d8c26
 
Error - 13.12.2012 15:57:56 | Computer Name = Michi-PC | Source = Application Hang | ID = 1002
Description = Programm SpybotSD.exe, Version 1.6.2.46 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 123c    Startzeit:
 01cdd96c124b3350    Endzeit: 94    Anwendungspfad: C:\Program Files (x86)\Spybot - Search
 & Destroy\SpybotSD.exe    Berichts-ID: 5bfab1b1-455f-11e2-99e9-001fd05d8c26  
 
[ System Events ]
Error - 13.12.2012 17:40:05 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 13.12.2012 17:42:03 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Ad-Aware" wurde nicht richtig gestartet.
 
Error - 13.12.2012 17:42:55 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 13.12.2012 17:42:56 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 13.12.2012 17:43:19 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst eventlog erreicht.
 
Error - 14.12.2012 16:07:09 | Computer Name = Michi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?12.?2012 um 22:43:30 unerwartet heruntergefahren.
 
Error - 14.12.2012 16:07:21 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 14.12.2012 16:07:56 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 SBSD Security Center Service erreicht.
 
Error - 14.12.2012 16:07:56 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 14.12.2012 16:07:58 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
 
< End of report >
         
Ich hoffe, ihr könnt mir weiter helfen!!

Geändert von Ilithrien (14.12.2012 um 22:03 Uhr)

Alt 15.12.2012, 12:13   #2
markusg
/// Malware-holic
 
Trojaner Generic28.BVLH und Crypt.AXUH an Board :( - Standard

Trojaner Generic28.BVLH und Crypt.AXUH an Board :(



Hi
trojan hunter ist schrott...
schaun wir mal weiter.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Alt 15.12.2012, 13:21   #3
Ilithrien
 
Trojaner Generic28.BVLH und Crypt.AXUH an Board :( - Standard

Trojaner Generic28.BVLH und Crypt.AXUH an Board :(



Hallo

Ich hab alles soweit deaktiviert, wie es sich deaktivieren, bzw beenden ließ. Ich hoffe, da hat nichts mehr gestört.

Combofix log:

Code:
ATTFilter
ComboFix 12-12-14.01 - Michi 15.12.2012  13:24:53.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4095.2838 [GMT 1:00]
ausgeführt von:: c:\users\Michi\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Aware *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\l_u0_0.pad
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-15 bis 2012-12-15  ))))))))))))))))))))))))))))))
.
.
2012-12-15 12:34 . 2012-12-15 12:34	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-12-15 12:34 . 2012-12-15 12:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-14 20:54 . 2012-12-14 21:54	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2012-12-13 21:18 . 2012-12-13 21:18	--------	d-----w-	c:\users\Michi\AppData\Roaming\Simply Super Software
2012-12-13 21:18 . 2012-12-13 21:18	--------	d-----w-	c:\program files (x86)\Trojan Remover
2012-12-13 21:18 . 2012-12-13 21:18	--------	d-----w-	c:\programdata\Simply Super Software
2012-12-13 20:09 . 2012-12-13 20:09	--------	d-----w-	c:\users\Michi\AppData\Roaming\Avira
2012-12-13 20:06 . 2012-12-13 20:06	--------	d-----w-	c:\program files (x86)\Ask.com
2012-12-13 20:05 . 2012-12-03 14:36	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-13 20:05 . 2012-12-03 14:36	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-13 20:05 . 2012-11-16 19:17	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-12-13 20:05 . 2012-12-13 20:06	--------	d-----w-	c:\programdata\Avira
2012-12-13 20:05 . 2012-12-13 20:05	--------	d-----w-	c:\program files (x86)\Avira
2012-12-13 19:04 . 2012-12-13 19:07	--------	d-----w-	c:\programdata\SecTaskMan
2012-12-13 19:04 . 2012-12-13 19:04	--------	d-----w-	c:\program files (x86)\Security Task Manager
2012-12-12 19:33 . 2012-11-14 07:06	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-12-12 19:33 . 2012-11-14 06:32	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-12-12 18:27 . 2012-12-12 18:27	--------	d-----w-	c:\users\Michi\AppData\Roaming\Canneverbe Limited
2012-12-12 18:27 . 2012-12-12 18:27	--------	d-----w-	c:\programdata\Canneverbe Limited
2012-12-12 18:27 . 2012-12-12 18:27	--------	d-----w-	c:\program files (x86)\CDBurnerXP
2012-12-12 18:18 . 2012-12-12 18:18	--------	d-----w-	c:\users\Michi\AppData\Roaming\Nero
2012-12-12 18:18 . 2012-12-12 18:20	--------	d-----w-	c:\users\Michi\AppData\Local\Nero
2012-12-12 18:16 . 2012-12-12 18:17	--------	d-----w-	c:\program files (x86)\Nero
2012-12-12 18:15 . 2012-12-12 18:16	--------	d-----w-	c:\program files (x86)\Common Files\Nero
2012-12-12 18:15 . 2012-12-12 18:18	--------	d-----w-	c:\programdata\Nero
2012-12-12 18:14 . 2010-05-26 10:41	248672	----a-w-	c:\windows\SysWow64\d3dx11_43.dll
2012-12-12 18:13 . 2010-05-26 10:41	470880	----a-w-	c:\windows\SysWow64\d3dx10_43.dll
2012-12-12 18:13 . 2010-05-26 10:41	1998168	----a-w-	c:\windows\SysWow64\D3DX9_43.dll
2012-12-12 18:12 . 2010-05-26 10:41	1868128	----a-w-	c:\windows\SysWow64\d3dcsx_43.dll
2012-12-12 18:12 . 2010-05-26 10:41	2106216	----a-w-	c:\windows\SysWow64\D3DCompiler_43.dll
2012-12-12 16:51 . 2012-12-12 16:51	--------	d-----w-	c:\users\Michi\AppData\Roaming\AVG2013
2012-12-12 16:50 . 2012-11-05 20:41	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-12 16:50 . 2012-11-05 21:35	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-12 16:50 . 2012-11-05 20:32	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-12 16:50 . 2012-11-05 20:32	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-12 16:50 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-12 16:50 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-12 16:50 . 2012-11-22 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-12-12 16:50 . 2012-10-04 17:41	424960	----a-w-	c:\windows\system32\KernelBase.dll
2012-12-12 16:50 . 2012-10-04 17:41	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-12-12 16:50 . 2012-10-04 17:45	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-12-12 16:50 . 2012-10-04 15:21	338432	----a-w-	c:\windows\system32\conhost.exe
2012-12-12 16:46 . 2012-12-12 16:46	--------	d-----w-	c:\users\Michi\AppData\Roaming\TuneUp Software
2012-12-12 16:45 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-12 16:45 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-12 16:44 . 2012-12-12 16:47	--------	d-----w-	c:\programdata\AVG2013
2012-12-12 16:44 . 2012-12-12 16:44	--------	d-----w-	C:\$AVG
2012-12-12 16:43 . 2012-12-12 16:43	--------	d-----w-	c:\program files (x86)\AVG
2012-12-12 16:37 . 2012-12-15 10:44	--------	d-----w-	c:\programdata\MFAData
2012-12-12 16:37 . 2012-12-12 16:52	--------	d-----w-	c:\users\Michi\AppData\Local\Avg2013
2012-12-12 16:37 . 2012-12-12 16:37	--------	d--h--w-	c:\programdata\Common Files
2012-12-12 16:37 . 2012-12-12 16:37	--------	d-----w-	c:\users\Michi\AppData\Local\MFAData
2012-12-11 11:53 . 2012-12-11 11:53	--------	d-----w-	c:\program files (x86)\Roadkil.Net
2012-12-11 11:41 . 2012-12-11 11:41	--------	d-----w-	c:\program files (x86)\Smart File Advisor
2012-12-11 11:41 . 2012-12-11 11:41	--------	d-----w-	c:\program files (x86)\Smart Projects
2012-12-11 11:10 . 2012-12-11 11:10	--------	d-----w-	c:\users\Michi\AppData\Roaming\ImgBurn
2012-12-11 11:08 . 2012-12-11 11:08	--------	d-----w-	c:\program files (x86)\ImgBurn
2012-12-11 10:12 . 2012-12-11 11:05	--------	d-----w-	c:\users\Michi\AppData\Local\adaware
2012-12-10 22:10 . 2012-12-10 22:10	--------	d-----w-	c:\users\Michi\AppData\Local\ElevatedDiagnostics
2012-12-10 17:03 . 2012-12-10 17:04	--------	d-----w-	c:\program files (x86)\Oblivion Improved
2012-12-09 19:31 . 2012-12-10 16:03	--------	d-----w-	c:\users\Michi\AppData\Local\oblivion
2012-12-09 18:01 . 2012-12-09 18:01	--------	d-----w-	c:\program files (x86)\Bethesda Softworks
2012-12-09 17:59 . 2012-12-09 17:59	--------	d--h--r-	c:\users\Michi\AppData\Roaming\SecuROM
2012-11-29 18:07 . 2012-11-29 18:22	--------	d-----w-	c:\users\Michi\AppData\Roaming\TeamViewer
2012-11-29 18:05 . 2012-11-29 18:05	--------	d-----w-	c:\program files (x86)\TeamViewer
2012-11-18 21:51 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-18 21:51 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-18 21:51 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-18 21:51 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-18 21:40 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-18 21:40 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-18 21:40 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-18 21:40 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-18 21:40 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-18 21:40 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-18 21:40 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-18 16:22 . 2012-09-25 22:46	95744	----a-w-	c:\windows\system32\synceng.dll
2012-11-18 16:22 . 2012-09-25 22:47	78336	----a-w-	c:\windows\SysWow64\synceng.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 19:38 . 2010-06-24 10:11	67413224	----a-w-	c:\windows\system32\mrt.exe
2012-12-12 18:25 . 2012-04-30 20:31	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 18:25 . 2012-04-30 20:31	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-22 12:02 . 2012-10-22 12:02	154464	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-27 19:40	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 19:40	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 19:40	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-15 02:48 . 2012-10-15 02:48	63328	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2012-10-10 20:23 . 2012-10-10 20:23	1867112	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23	18252136	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23	1482600	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23	6127464	----a-w-	c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23	2574696	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23	25256296	----a-w-	c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23	7414632	----a-w-	c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23	2731880	----a-w-	c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2012-10-10 20:23	14922600	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23	9146728	----a-w-	c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23	7697768	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23	2218344	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23	12501352	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22	2428776	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22	26331496	----a-w-	c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2012-04-30 18:32	1760104	----a-w-	c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2012-10-10 20:22	15309160	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22	2747240	----a-w-	c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22	19906920	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22	13443944	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22	17559912	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-10-05 02:32 . 2012-10-05 02:32	111456	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2012-10-04 16:40 . 2012-12-12 16:49	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-02 19:51 . 2012-04-30 18:35	3293544	----a-w-	c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-04-30 18:35	6200680	----a-w-	c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-04-30 18:35	891240	----a-w-	c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-04-30 18:35	63336	----a-w-	c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-04-30 18:35	2557800	----a-w-	c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2012-04-30 18:35	118120	----a-w-	c:\windows\system32\nvmctray.dll
2012-10-02 12:15 . 2012-10-02 12:15	430952	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-10-02 02:30 . 2012-10-02 02:30	185696	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2012-09-21 02:46 . 2012-09-21 02:46	200032	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2012-09-21 02:46 . 2012-09-21 02:46	225120	----a-w-	c:\windows\system32\drivers\avgloga.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-10-29 16:33	1521872	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Spotify"="c:\users\Michi\AppData\Roaming\Spotify\Spotify.exe" [2012-10-27 7880664]
"Spotify Web Helper"="c:\users\Michi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-10-29 1573584]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-09-14 1247504]
.
c:\users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-04 85280]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-12-04 565024]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-11-01 1340976]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-05-11 72280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-09 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 10:44]
.
2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 18:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=de_NL
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=de_NL
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&locale=de_NL&apn_uid=5d692efb-ad1c-4af5-b74c-3db8907c1e40&apn_ptnrs=%5EAGY&apn_sauid=C9498B6C-C066-4741-B4B1-2985A609E5A3&apn_dtid=%5EYYYYYY%5EYY%5ENL&&q=
FF - ExtSQL: 2012-12-11 11:09; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-12-13 21:06; toolbar@ask.com; c:\users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\extensions\toolbar@ask.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-15  13:54:43
ComboFix-quarantined-files.txt  2012-12-15 12:54
.
Vor Suchlauf: 7 Verzeichnis(se), 33.034.924.032 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 32.687.755.264 Bytes frei
.
- - End Of File - - B9C2DAF640CA30AC7DEB9183A7FD211C
         
Beim Neustarten kam nicht deine Meldung, jedoch folgendes:

Zitat:
Smart File Advisor ist nicht mit unbekannten Dateien verbunden. Smart File Advisor installieren, um dieses Problem zu beheben?
Hab von dem Tool/Programm noch nie was gehört? Wo kommt es her?
__________________

Alt 15.12.2012, 13:56   #4
markusg
/// Malware-holic
 
Trojaner Generic28.BVLH und Crypt.AXUH an Board :( - Standard

Trojaner Generic28.BVLH und Crypt.AXUH an Board :(



hi
ich sehe noch Avira, gabs da auch Fundmeldungen?
http://www.trojaner-board.de/125889-...en-posten.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.12.2012, 14:09   #5
Ilithrien
 
Trojaner Generic28.BVLH und Crypt.AXUH an Board :( - Standard

Trojaner Generic28.BVLH und Crypt.AXUH an Board :(



Hey!

Avira hat nur gemeldet, das etwas auf die Registry zugreift und gefragt, ob ich scannen will, was ich verneint hab.

Es gibt unter Ereignisse nur die dazugehörige Warnung:

Zitat:
Echtzeitscanner: Registry blockiert
Datum/Uhrzeit: 12.12.2012 13:23:24
Typ: Warnung

Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Registry blockiert.
Über Exportieren des Berichts In Antivir tut er irgendwie nichts. Speichert er das automatisch? Wenn ja, wo?

Soll ich im Zweifel Antivir mal runter schmeißen und den Log neuschreiben lassen? Weil ich Avira nicht ganz aus krieg. Nicht mal übern Taskmanager kann ich den Prozess beenden.
Oder geht das so? Soll ja alles richtig funktionieren.


Alt 15.12.2012, 14:20   #6
markusg
/// Malware-holic
 
Trojaner Generic28.BVLH und Crypt.AXUH an Board :( - Standard

Trojaner Generic28.BVLH und Crypt.AXUH an Board :(



Hi, geht so.
wenn du Avira beenden willst, rechtsklick auf den Schirm, deaktivieren, dass ist dann ok.
Gibts unter:
Avira, Verwaltung, Quarantäne, irgendwelche gefundenen Objekte?
Wenn ja, benötige ich sie, mit Fundnamen und Pfadangabe.
Warum hast du AVG und Avira gleichzeitig instaliert? war das Schon immer so? Falls ja, ist das nicht gut :-)
__________________
--> Trojaner Generic28.BVLH und Crypt.AXUH an Board :(

Alt 15.12.2012, 16:03   #7
Ilithrien
 
Trojaner Generic28.BVLH und Crypt.AXUH an Board :( - Standard

Trojaner Generic28.BVLH und Crypt.AXUH an Board :(



Hallo!

Ja, Avira hatte ich per Rechtsklick deaktiviert. Kam halt dennoch die Warnung, als ich Combofix ausgeführt hatte.
In Quarantäne ist nichts.

Ich hatte die ganze Zeit nur Ad Aware, was ja auch nichts gefunden hatte. Daraufhin hatte ich AVG am Mittwoch installiert, welches dann die beiden Trojaner in den oben genannten Pfaden fand. Donnerstag hatte ich dan Avira noch installiert, nach dem AVG dann keine Funde mehr meldete, und ich wissen wollte, ob vllt Avira noch was findet. Wenn die ganze Sache hier gut über der Bühne ist, wird auch alles wieder runter geworfen und ich werd wohl AVG als Schutzprogramm behalten.

Brauchst du noch weitere Informationen von mir? Dann immer her mit den Anweisungen

Alt 15.12.2012, 17:51   #8
markusg
/// Malware-holic
 
Trojaner Generic28.BVLH und Crypt.AXUH an Board :( - Standard

Trojaner Generic28.BVLH und Crypt.AXUH an Board :(



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.12.2012, 11:38   #9
Ilithrien
 
Trojaner Generic28.BVLH und Crypt.AXUH an Board :( - Standard

Trojaner Generic28.BVLH und Crypt.AXUH an Board :(



Hey

Also TDSS Killer hat nichts gefunden, hier der Log:

Code:
ATTFilter
12:30:41.0999 2184  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:30:42.0015 2184  ============================================================
12:30:42.0015 2184  Current date / time: 2012/12/16 12:30:42.0015
12:30:42.0015 2184  SystemInfo:
12:30:42.0015 2184  
12:30:42.0015 2184  OS Version: 6.1.7601 ServicePack: 1.0
12:30:42.0015 2184  Product type: Workstation
12:30:42.0015 2184  ComputerName: MICHI-PC
12:30:42.0015 2184  UserName: Michi
12:30:42.0015 2184  Windows directory: C:\Windows
12:30:42.0015 2184  System windows directory: C:\Windows
12:30:42.0015 2184  Running under WOW64
12:30:42.0015 2184  Processor architecture: Intel x64
12:30:42.0015 2184  Number of processors: 2
12:30:42.0015 2184  Page size: 0x1000
12:30:42.0015 2184  Boot type: Normal boot
12:30:42.0015 2184  ============================================================
12:30:43.0123 2184  Drive \Device\Harddisk1\DR1 - Size: 0x132C467E00 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x298D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
12:30:43.0123 2184  Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:30:43.0123 2184  ============================================================
12:30:43.0123 2184  \Device\Harddisk1\DR1:
12:30:43.0123 2184  MBR partitions:
12:30:43.0123 2184  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:30:43.0123 2184  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x992F000
12:30:43.0123 2184  \Device\Harddisk0\DR0:
12:30:43.0123 2184  MBR partitions:
12:30:43.0123 2184  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x226D3F70, BlocksNum 0x2D59751
12:30:43.0123 2184  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x226D3EF2
12:30:43.0123 2184  ============================================================
12:30:43.0154 2184  C: <-> \Device\Harddisk1\DR1\Partition2
12:30:43.0216 2184  D: <-> \Device\Harddisk0\DR0\Partition2
12:30:43.0263 2184  E: <-> \Device\Harddisk1\DR1\Partition1
12:30:43.0279 2184  F: <-> \Device\Harddisk0\DR0\Partition1
12:30:43.0279 2184  ============================================================
12:30:43.0279 2184  Initialize success
12:30:43.0279 2184  ============================================================
12:30:59.0596 0628  ============================================================
12:30:59.0596 0628  Scan started
12:30:59.0596 0628  Mode: Manual; SigCheck; TDLFS; 
12:30:59.0596 0628  ============================================================
12:31:00.0548 0628  ================ Scan system memory ========================
12:31:00.0548 0628  System memory - ok
12:31:00.0548 0628  ================ Scan services =============================
12:31:00.0907 0628  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:31:00.0985 0628  1394ohci - ok
12:31:01.0000 0628  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:31:01.0016 0628  ACPI - ok
12:31:01.0047 0628  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:31:01.0141 0628  AcpiPmi - ok
12:31:01.0234 0628  [ FB182AD520910442ABF146BB325DE79B ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
12:31:01.0281 0628  Ad-Aware Service - ok
12:31:01.0375 0628  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:31:01.0390 0628  AdobeFlashPlayerUpdateSvc - ok
12:31:01.0437 0628  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:31:01.0468 0628  adp94xx - ok
12:31:01.0484 0628  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:31:01.0515 0628  adpahci - ok
12:31:01.0531 0628  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:31:01.0546 0628  adpu320 - ok
12:31:01.0577 0628  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:31:01.0733 0628  AeLookupSvc - ok
12:31:01.0811 0628  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
12:31:01.0874 0628  AFD - ok
12:31:01.0905 0628  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:31:01.0921 0628  agp440 - ok
12:31:01.0952 0628  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:31:02.0014 0628  ALG - ok
12:31:02.0045 0628  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:31:02.0061 0628  aliide - ok
12:31:02.0077 0628  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:31:02.0092 0628  amdide - ok
12:31:02.0123 0628  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:31:02.0201 0628  AmdK8 - ok
12:31:02.0217 0628  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:31:02.0279 0628  AmdPPM - ok
12:31:02.0326 0628  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:31:02.0357 0628  amdsata - ok
12:31:02.0373 0628  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:31:02.0389 0628  amdsbs - ok
12:31:02.0389 0628  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:31:02.0404 0628  amdxata - ok
12:31:02.0482 0628  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:31:02.0498 0628  AntiVirSchedulerService - ok
12:31:02.0529 0628  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:31:02.0529 0628  AntiVirService - ok
12:31:02.0560 0628  [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
12:31:02.0576 0628  AntiVirWebService - ok
12:31:02.0654 0628  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:31:02.0794 0628  AppID - ok
12:31:02.0825 0628  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:31:02.0888 0628  AppIDSvc - ok
12:31:02.0935 0628  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
12:31:03.0013 0628  Appinfo - ok
12:31:03.0044 0628  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:31:03.0091 0628  AppMgmt - ok
12:31:03.0122 0628  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:31:03.0137 0628  arc - ok
12:31:03.0137 0628  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:31:03.0153 0628  arcsas - ok
12:31:03.0184 0628  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:31:03.0231 0628  AsyncMac - ok
12:31:03.0278 0628  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:31:03.0278 0628  atapi - ok
12:31:03.0325 0628  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:31:03.0434 0628  AudioEndpointBuilder - ok
12:31:03.0496 0628  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:31:03.0543 0628  AudioSrv - ok
12:31:03.0590 0628  [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6a.sys
12:31:03.0590 0628  Avgfwfd - ok
12:31:03.0761 0628  [ 733D86815BEB34E2982BC7F561C35AE3 ] avgfws          C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
12:31:03.0917 0628  avgfws - ok
12:31:04.0183 0628  [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
12:31:04.0276 0628  AVGIDSAgent - ok
12:31:04.0339 0628  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
12:31:04.0463 0628  AVGIDSDriver - ok
12:31:04.0479 0628  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
12:31:04.0619 0628  AVGIDSHA - ok
12:31:04.0713 0628  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
12:31:04.0869 0628  Avgldx64 - ok
12:31:04.0931 0628  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
12:31:05.0056 0628  Avgloga - ok
12:31:05.0103 0628  [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
12:31:05.0290 0628  Avgmfx64 - ok
12:31:05.0337 0628  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:31:05.0477 0628  avgntflt - ok
12:31:05.0524 0628  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
12:31:05.0665 0628  Avgrkx64 - ok
12:31:05.0727 0628  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
12:31:05.0867 0628  Avgtdia - ok
12:31:05.0930 0628  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
12:31:06.0101 0628  avgwd - ok
12:31:06.0133 0628  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:31:06.0273 0628  avipbb - ok
12:31:06.0304 0628  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:31:06.0445 0628  avkmgr - ok
12:31:06.0476 0628  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:31:06.0569 0628  AxInstSV - ok
12:31:06.0663 0628  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:31:06.0757 0628  b06bdrv - ok
12:31:06.0788 0628  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:31:06.0835 0628  b57nd60a - ok
12:31:06.0881 0628  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:31:06.0928 0628  BDESVC - ok
12:31:06.0959 0628  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:31:07.0022 0628  Beep - ok
12:31:07.0100 0628  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:31:07.0178 0628  BFE - ok
12:31:07.0225 0628  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
12:31:07.0318 0628  BITS - ok
12:31:07.0349 0628  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:31:07.0381 0628  blbdrive - ok
12:31:07.0412 0628  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:31:07.0459 0628  bowser - ok
12:31:07.0474 0628  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:31:07.0552 0628  BrFiltLo - ok
12:31:07.0552 0628  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:31:07.0568 0628  BrFiltUp - ok
12:31:07.0646 0628  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:31:07.0724 0628  BridgeMP - ok
12:31:07.0849 0628  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:31:07.0911 0628  Browser - ok
12:31:07.0927 0628  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:31:07.0989 0628  Brserid - ok
12:31:07.0989 0628  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:31:08.0067 0628  BrSerWdm - ok
12:31:08.0083 0628  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:31:08.0129 0628  BrUsbMdm - ok
12:31:08.0145 0628  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:31:08.0192 0628  BrUsbSer - ok
12:31:08.0192 0628  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:31:08.0223 0628  BTHMODEM - ok
12:31:08.0270 0628  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:31:08.0332 0628  bthserv - ok
12:31:08.0363 0628  catchme - ok
12:31:08.0410 0628  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:31:08.0441 0628  cdfs - ok
12:31:08.0488 0628  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:31:08.0519 0628  cdrom - ok
12:31:08.0551 0628  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:31:08.0629 0628  CertPropSvc - ok
12:31:08.0707 0628  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:31:08.0722 0628  circlass - ok
12:31:08.0785 0628  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:31:08.0831 0628  CLFS - ok
12:31:09.0019 0628  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:31:09.0050 0628  clr_optimization_v2.0.50727_32 - ok
12:31:09.0097 0628  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:31:09.0112 0628  clr_optimization_v2.0.50727_64 - ok
12:31:09.0175 0628  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:31:09.0206 0628  clr_optimization_v4.0.30319_32 - ok
12:31:09.0253 0628  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:31:09.0284 0628  clr_optimization_v4.0.30319_64 - ok
12:31:09.0299 0628  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:31:09.0331 0628  CmBatt - ok
12:31:09.0346 0628  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:31:09.0362 0628  cmdide - ok
12:31:09.0440 0628  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
12:31:09.0471 0628  CNG - ok
12:31:09.0487 0628  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:31:09.0502 0628  Compbatt - ok
12:31:09.0533 0628  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:31:09.0565 0628  CompositeBus - ok
12:31:09.0580 0628  COMSysApp - ok
12:31:09.0674 0628  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:31:09.0689 0628  crcdisk - ok
12:31:09.0721 0628  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:31:09.0783 0628  CryptSvc - ok
12:31:09.0830 0628  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
12:31:09.0908 0628  CSC - ok
12:31:10.0048 0628  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
12:31:10.0079 0628  CscService - ok
12:31:10.0142 0628  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:31:10.0189 0628  DcomLaunch - ok
12:31:10.0235 0628  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:31:10.0298 0628  defragsvc - ok
12:31:10.0345 0628  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:31:10.0391 0628  DfsC - ok
12:31:10.0454 0628  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:31:10.0501 0628  Dhcp - ok
12:31:10.0547 0628  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:31:10.0641 0628  discache - ok
12:31:10.0688 0628  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:31:10.0703 0628  Disk - ok
12:31:10.0735 0628  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:31:10.0781 0628  Dnscache - ok
12:31:10.0813 0628  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:31:10.0875 0628  dot3svc - ok
12:31:10.0937 0628  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:31:10.0984 0628  DPS - ok
12:31:11.0015 0628  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:31:11.0047 0628  drmkaud - ok
12:31:11.0125 0628  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:31:11.0171 0628  DXGKrnl - ok
12:31:11.0203 0628  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:31:11.0265 0628  EapHost - ok
12:31:11.0717 0628  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:31:11.0842 0628  ebdrv - ok
12:31:11.0873 0628  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
12:31:11.0936 0628  EFS - ok
12:31:11.0998 0628  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:31:12.0061 0628  ehRecvr - ok
12:31:12.0076 0628  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:31:12.0139 0628  ehSched - ok
12:31:12.0185 0628  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:31:12.0248 0628  elxstor - ok
12:31:12.0295 0628  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:31:12.0341 0628  ErrDev - ok
12:31:12.0451 0628  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:31:12.0497 0628  EventSystem - ok
12:31:12.0591 0628  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:31:12.0731 0628  exfat - ok
12:31:12.0763 0628  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:31:12.0841 0628  fastfat - ok
12:31:12.0887 0628  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:31:12.0950 0628  Fax - ok
12:31:12.0965 0628  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:31:12.0997 0628  fdc - ok
12:31:13.0028 0628  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:31:13.0059 0628  fdPHost - ok
12:31:13.0075 0628  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:31:13.0121 0628  FDResPub - ok
12:31:13.0153 0628  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:31:13.0184 0628  FileInfo - ok
12:31:13.0199 0628  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:31:13.0246 0628  Filetrace - ok
12:31:13.0277 0628  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:31:13.0293 0628  flpydisk - ok
12:31:13.0340 0628  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:31:13.0355 0628  FltMgr - ok
12:31:13.0402 0628  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
12:31:13.0480 0628  FontCache - ok
12:31:13.0558 0628  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:31:13.0589 0628  FontCache3.0.0.0 - ok
12:31:13.0667 0628  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:31:13.0683 0628  FsDepends - ok
12:31:13.0699 0628  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:31:13.0714 0628  Fs_Rec - ok
12:31:13.0745 0628  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:31:13.0761 0628  fvevol - ok
12:31:13.0777 0628  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:31:13.0792 0628  gagp30kx - ok
12:31:13.0917 0628  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:31:14.0026 0628  gpsvc - ok
12:31:14.0057 0628  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:31:14.0120 0628  hcw85cir - ok
12:31:14.0167 0628  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:31:14.0198 0628  HdAudAddService - ok
12:31:14.0245 0628  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:31:14.0245 0628  HDAudBus - ok
12:31:14.0276 0628  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:31:14.0307 0628  HidBatt - ok
12:31:14.0338 0628  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:31:14.0354 0628  HidBth - ok
12:31:14.0385 0628  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:31:14.0432 0628  HidIr - ok
12:31:14.0479 0628  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
12:31:14.0557 0628  hidserv - ok
12:31:14.0666 0628  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:31:14.0681 0628  HidUsb - ok
12:31:14.0713 0628  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:31:14.0775 0628  hkmsvc - ok
12:31:14.0806 0628  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:31:14.0853 0628  HomeGroupListener - ok
12:31:14.0900 0628  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:31:14.0931 0628  HomeGroupProvider - ok
12:31:14.0962 0628  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:31:14.0978 0628  HpSAMD - ok
12:31:15.0025 0628  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:31:15.0071 0628  HTTP - ok
12:31:15.0103 0628  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:31:15.0103 0628  hwpolicy - ok
12:31:15.0134 0628  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:31:15.0134 0628  i8042prt - ok
12:31:15.0165 0628  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:31:15.0196 0628  iaStorV - ok
12:31:15.0321 0628  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:31:15.0368 0628  idsvc - ok
12:31:15.0383 0628  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:31:15.0399 0628  iirsp - ok
12:31:15.0555 0628  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:31:15.0617 0628  IKEEXT - ok
12:31:16.0054 0628  [ ACACD1B925D448558C1C9D0258749451 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:31:16.0257 0628  IntcAzAudAddService - ok
12:31:16.0288 0628  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:31:16.0304 0628  intelide - ok
12:31:16.0335 0628  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:31:16.0366 0628  intelppm - ok
12:31:16.0413 0628  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:31:16.0507 0628  IPBusEnum - ok
12:31:16.0553 0628  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:31:16.0616 0628  IpFilterDriver - ok
12:31:16.0772 0628  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:31:16.0834 0628  iphlpsvc - ok
12:31:16.0897 0628  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:31:16.0959 0628  IPMIDRV - ok
12:31:17.0006 0628  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:31:17.0037 0628  IPNAT - ok
12:31:17.0068 0628  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:31:17.0131 0628  IRENUM - ok
12:31:17.0146 0628  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:31:17.0162 0628  isapnp - ok
12:31:17.0193 0628  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:31:17.0209 0628  iScsiPrt - ok
12:31:17.0255 0628  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:31:17.0271 0628  kbdclass - ok
12:31:17.0287 0628  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:31:17.0302 0628  kbdhid - ok
12:31:17.0318 0628  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
12:31:17.0333 0628  KeyIso - ok
12:31:17.0365 0628  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:31:17.0396 0628  KSecDD - ok
12:31:17.0427 0628  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:31:17.0443 0628  KSecPkg - ok
12:31:17.0458 0628  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:31:17.0521 0628  ksthunk - ok
12:31:17.0583 0628  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:31:17.0723 0628  KtmRm - ok
12:31:17.0770 0628  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:31:17.0817 0628  LanmanServer - ok
12:31:17.0848 0628  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:31:17.0911 0628  LanmanWorkstation - ok
12:31:17.0957 0628  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:31:17.0989 0628  lltdio - ok
12:31:18.0035 0628  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:31:18.0145 0628  lltdsvc - ok
12:31:18.0160 0628  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:31:18.0191 0628  lmhosts - ok
12:31:18.0223 0628  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:31:18.0238 0628  LSI_FC - ok
12:31:18.0254 0628  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:31:18.0269 0628  LSI_SAS - ok
12:31:18.0269 0628  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:31:18.0285 0628  LSI_SAS2 - ok
12:31:18.0301 0628  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:31:18.0316 0628  LSI_SCSI - ok
12:31:18.0316 0628  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:31:18.0379 0628  luafv - ok
12:31:18.0410 0628  [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
12:31:18.0550 0628  LVRS64 - ok
12:31:18.0862 0628  [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
12:31:19.0159 0628  LVUVC64 - ok
12:31:19.0190 0628  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:31:19.0237 0628  Mcx2Svc - ok
12:31:19.0283 0628  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:31:19.0315 0628  megasas - ok
12:31:19.0330 0628  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:31:19.0346 0628  MegaSR - ok
12:31:19.0377 0628  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:31:19.0439 0628  MMCSS - ok
12:31:19.0455 0628  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:31:19.0517 0628  Modem - ok
12:31:19.0549 0628  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:31:19.0580 0628  monitor - ok
12:31:19.0658 0628  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:31:19.0673 0628  mouclass - ok
12:31:19.0705 0628  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:31:19.0720 0628  mouhid - ok
12:31:19.0751 0628  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:31:19.0767 0628  mountmgr - ok
12:31:19.0829 0628  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:31:19.0861 0628  MozillaMaintenance - ok
12:31:19.0892 0628  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:31:19.0923 0628  mpio - ok
12:31:19.0954 0628  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:31:20.0001 0628  mpsdrv - ok
12:31:20.0032 0628  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:31:20.0110 0628  MpsSvc - ok
12:31:20.0141 0628  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:31:20.0188 0628  MRxDAV - ok
12:31:20.0219 0628  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:31:20.0235 0628  mrxsmb - ok
12:31:20.0251 0628  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:31:20.0266 0628  mrxsmb10 - ok
12:31:20.0297 0628  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:31:20.0313 0628  mrxsmb20 - ok
12:31:20.0329 0628  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:31:20.0344 0628  msahci - ok
12:31:20.0375 0628  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:31:20.0391 0628  msdsm - ok
12:31:20.0407 0628  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:31:20.0438 0628  MSDTC - ok
12:31:20.0485 0628  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:31:20.0516 0628  Msfs - ok
12:31:20.0547 0628  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:31:20.0594 0628  mshidkmdf - ok
12:31:20.0641 0628  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:31:20.0656 0628  msisadrv - ok
12:31:20.0672 0628  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:31:20.0734 0628  MSiSCSI - ok
12:31:20.0734 0628  msiserver - ok
12:31:20.0781 0628  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:31:20.0828 0628  MSKSSRV - ok
12:31:20.0828 0628  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:31:20.0875 0628  MSPCLOCK - ok
12:31:20.0890 0628  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:31:20.0921 0628  MSPQM - ok
12:31:20.0953 0628  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:31:20.0968 0628  MsRPC - ok
12:31:20.0999 0628  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:31:21.0015 0628  mssmbios - ok
12:31:21.0046 0628  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:31:21.0093 0628  MSTEE - ok
12:31:21.0093 0628  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:31:21.0124 0628  MTConfig - ok
12:31:21.0155 0628  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:31:21.0155 0628  Mup - ok
12:31:21.0265 0628  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:31:21.0311 0628  napagent - ok
12:31:21.0343 0628  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:31:21.0389 0628  NativeWifiP - ok
12:31:21.0483 0628  [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
12:31:21.0499 0628  NAUpdate - ok
12:31:21.0545 0628  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:31:21.0561 0628  NDIS - ok
12:31:21.0592 0628  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:31:21.0686 0628  NdisCap - ok
12:31:21.0717 0628  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:31:21.0779 0628  NdisTapi - ok
12:31:21.0811 0628  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:31:21.0857 0628  Ndisuio - ok
12:31:21.0889 0628  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:31:21.0951 0628  NdisWan - ok
12:31:21.0982 0628  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:31:22.0029 0628  NDProxy - ok
12:31:22.0060 0628  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:31:22.0154 0628  NetBIOS - ok
12:31:22.0185 0628  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:31:22.0247 0628  NetBT - ok
12:31:22.0279 0628  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
12:31:22.0294 0628  Netlogon - ok
12:31:22.0325 0628  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:31:22.0372 0628  Netman - ok
12:31:22.0466 0628  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:31:22.0528 0628  netprofm - ok
12:31:22.0559 0628  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:31:22.0591 0628  NetTcpPortSharing - ok
12:31:22.0637 0628  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:31:22.0653 0628  nfrd960 - ok
12:31:22.0684 0628  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:31:22.0747 0628  NlaSvc - ok
12:31:22.0778 0628  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:31:22.0840 0628  Npfs - ok
12:31:22.0856 0628  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:31:22.0903 0628  nsi - ok
12:31:22.0934 0628  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:31:23.0012 0628  nsiproxy - ok
12:31:23.0308 0628  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:31:23.0417 0628  Ntfs - ok
12:31:23.0433 0628  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:31:23.0495 0628  Null - ok
12:31:23.0558 0628  [ 1AC8BE0BBCE42C7C0DD46B854803C911 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx64.sys
12:31:23.0698 0628  NVENETFD - ok
12:31:24.0743 0628  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:31:25.0087 0628  nvlddmkm - ok
12:31:25.0133 0628  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:31:25.0165 0628  nvraid - ok
12:31:25.0211 0628  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:31:25.0243 0628  nvstor - ok
12:31:25.0305 0628  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:31:25.0461 0628  nvsvc - ok
12:31:25.0695 0628  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:31:25.0882 0628  nvUpdatusService - ok
12:31:25.0945 0628  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:31:25.0960 0628  nv_agp - ok
12:31:25.0976 0628  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:31:25.0991 0628  ohci1394 - ok
12:31:26.0007 0628  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:31:26.0069 0628  p2pimsvc - ok
12:31:26.0132 0628  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:31:26.0147 0628  p2psvc - ok
12:31:26.0179 0628  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:31:26.0194 0628  Parport - ok
12:31:26.0210 0628  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:31:26.0225 0628  partmgr - ok
12:31:26.0241 0628  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:31:26.0288 0628  PcaSvc - ok
12:31:26.0303 0628  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:31:26.0319 0628  pci - ok
12:31:26.0350 0628  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:31:26.0366 0628  pciide - ok
12:31:26.0413 0628  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:31:26.0475 0628  pcmcia - ok
12:31:26.0491 0628  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:31:26.0506 0628  pcw - ok
12:31:26.0647 0628  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:31:26.0709 0628  PEAUTH - ok
12:31:27.0037 0628  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:31:27.0161 0628  PeerDistSvc - ok
12:31:27.0239 0628  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:31:27.0271 0628  PerfHost - ok
12:31:27.0520 0628  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:31:27.0676 0628  pla - ok
12:31:27.0723 0628  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:31:27.0754 0628  PlugPlay - ok
12:31:27.0785 0628  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:31:27.0832 0628  PNRPAutoReg - ok
12:31:27.0848 0628  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:31:27.0863 0628  PNRPsvc - ok
12:31:27.0910 0628  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:31:28.0004 0628  PolicyAgent - ok
12:31:28.0051 0628  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:31:28.0097 0628  Power - ok
12:31:28.0129 0628  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:31:28.0175 0628  PptpMiniport - ok
12:31:28.0207 0628  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:31:28.0207 0628  Processor - ok
12:31:28.0238 0628  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:31:28.0285 0628  ProfSvc - ok
12:31:28.0300 0628  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:31:28.0316 0628  ProtectedStorage - ok
12:31:28.0363 0628  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:31:28.0409 0628  Psched - ok
12:31:28.0472 0628  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:31:28.0519 0628  ql2300 - ok
12:31:28.0550 0628  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:31:28.0565 0628  ql40xx - ok
12:31:28.0628 0628  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:31:28.0675 0628  QWAVE - ok
12:31:28.0706 0628  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:31:28.0768 0628  QWAVEdrv - ok
12:31:28.0799 0628  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:31:28.0846 0628  RasAcd - ok
12:31:28.0877 0628  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:31:28.0924 0628  RasAgileVpn - ok
12:31:28.0940 0628  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:31:29.0002 0628  RasAuto - ok
12:31:29.0033 0628  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:31:29.0080 0628  Rasl2tp - ok
12:31:29.0111 0628  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:31:29.0174 0628  RasMan - ok
12:31:29.0205 0628  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:31:29.0299 0628  RasPppoe - ok
12:31:29.0330 0628  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:31:29.0439 0628  RasSstp - ok
12:31:29.0486 0628  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:31:29.0548 0628  rdbss - ok
12:31:29.0564 0628  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:31:29.0595 0628  rdpbus - ok
12:31:29.0642 0628  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:31:29.0689 0628  RDPCDD - ok
12:31:29.0735 0628  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:31:29.0767 0628  RDPDR - ok
12:31:29.0782 0628  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:31:29.0845 0628  RDPENCDD - ok
12:31:29.0845 0628  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:31:29.0907 0628  RDPREFMP - ok
12:31:29.0969 0628  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:31:30.0016 0628  RdpVideoMiniport - ok
12:31:30.0079 0628  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:31:30.0157 0628  RDPWD - ok
12:31:30.0203 0628  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:31:30.0219 0628  rdyboost - ok
12:31:30.0235 0628  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:31:30.0313 0628  RemoteAccess - ok
12:31:30.0359 0628  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:31:30.0422 0628  RemoteRegistry - ok
12:31:30.0469 0628  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:31:30.0500 0628  RpcEptMapper - ok
12:31:30.0531 0628  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:31:30.0562 0628  RpcLocator - ok
12:31:30.0640 0628  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
12:31:30.0718 0628  RpcSs - ok
12:31:30.0749 0628  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:31:30.0812 0628  rspndr - ok
12:31:30.0859 0628  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
12:31:30.0999 0628  RTL8167 - ok
12:31:31.0061 0628  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:31:31.0108 0628  s3cap - ok
12:31:31.0124 0628  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
12:31:31.0139 0628  SamSs - ok
12:31:31.0685 0628  [ C7D53053541A448FEBB1373ABBAF79EF ] SBAMSvc         C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
12:31:31.0873 0628  SBAMSvc - ok
12:31:31.0904 0628  [ DB7F9394B2F2D446DF14D46C61B0E94B ] sbapifs         C:\Windows\system32\DRIVERS\sbapifs.sys
12:31:32.0029 0628  sbapifs - ok
12:31:32.0075 0628  [ CDB954C736D51DC5FA712C039AF4F683 ] SbFw            C:\Windows\system32\drivers\SbFw.sys
12:31:32.0200 0628  SbFw - ok
12:31:32.0231 0628  [ 5DE22E3CB6140213DA2E0599B08D525C ] SBFWIMCL        C:\Windows\system32\DRIVERS\sbfwim.sys
12:31:32.0356 0628  SBFWIMCL - ok
12:31:32.0372 0628  [ 5DE22E3CB6140213DA2E0599B08D525C ] SBFWIMCLMP      C:\Windows\system32\DRIVERS\SBFWIM.sys
12:31:32.0512 0628  SBFWIMCLMP - ok
12:31:32.0575 0628  [ A5BC45F8C2F30350E7566799C86B2F5D ] sbhips          C:\Windows\system32\drivers\sbhips.sys
12:31:32.0809 0628  sbhips - ok
12:31:32.0840 0628  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:31:32.0871 0628  sbp2port - ok
12:31:32.0902 0628  [ FD833BEE2FD9BEFDC0AFD1941A306D9E ] SBRE            C:\Windows\system32\drivers\SBREdrv.sys
12:31:33.0027 0628  SBRE - ok
12:31:33.0152 0628  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
12:31:33.0199 0628  SBSDWSCService - ok
12:31:33.0245 0628  [ F9955774A6BF0A5CA696F591C7B80A79 ] SbTis           C:\Windows\system32\drivers\sbtis.sys
12:31:33.0370 0628  SbTis - ok
12:31:33.0417 0628  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:31:33.0495 0628  SCardSvr - ok
12:31:33.0526 0628  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:31:33.0635 0628  scfilter - ok
12:31:33.0854 0628  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:31:33.0916 0628  Schedule - ok
12:31:33.0963 0628  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:31:33.0994 0628  SCPolicySvc - ok
12:31:34.0025 0628  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:31:34.0057 0628  SDRSVC - ok
12:31:34.0072 0628  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:31:34.0119 0628  secdrv - ok
12:31:34.0135 0628  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:31:34.0197 0628  seclogon - ok
12:31:34.0244 0628  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
12:31:34.0291 0628  SENS - ok
12:31:34.0353 0628  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:31:34.0415 0628  SensrSvc - ok
12:31:34.0447 0628  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:31:34.0493 0628  Serenum - ok
12:31:34.0540 0628  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:31:34.0587 0628  Serial - ok
12:31:34.0649 0628  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:31:34.0681 0628  sermouse - ok
12:31:34.0821 0628  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:31:34.0883 0628  SessionEnv - ok
12:31:34.0930 0628  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:31:34.0961 0628  sffdisk - ok
12:31:34.0993 0628  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:31:35.0008 0628  sffp_mmc - ok
12:31:35.0039 0628  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:31:35.0055 0628  sffp_sd - ok
12:31:35.0086 0628  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:31:35.0102 0628  sfloppy - ok
12:31:35.0133 0628  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:31:35.0195 0628  SharedAccess - ok
12:31:35.0273 0628  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:31:35.0336 0628  ShellHWDetection - ok
12:31:35.0367 0628  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:31:35.0383 0628  SiSRaid2 - ok
12:31:35.0398 0628  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:31:35.0414 0628  SiSRaid4 - ok
12:31:35.0726 0628  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:31:35.0788 0628  Skype C2C Service - ok
12:31:35.0835 0628  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:31:35.0851 0628  SkypeUpdate - ok
12:31:35.0882 0628  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:31:35.0944 0628  Smb - ok
12:31:35.0991 0628  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:31:35.0991 0628  SNMPTRAP - ok
12:31:36.0022 0628  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:31:36.0038 0628  spldr - ok
12:31:36.0085 0628  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
12:31:36.0147 0628  Spooler - ok
12:31:36.0365 0628  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:31:36.0537 0628  sppsvc - ok
12:31:36.0568 0628  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:31:36.0662 0628  sppuinotify - ok
12:31:36.0709 0628  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:31:36.0755 0628  srv - ok
12:31:36.0771 0628  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:31:36.0849 0628  srv2 - ok
12:31:36.0880 0628  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:31:36.0927 0628  srvnet - ok
12:31:36.0958 0628  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:31:37.0005 0628  SSDPSRV - ok
12:31:37.0036 0628  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:31:37.0067 0628  SstpSvc - ok
12:31:37.0114 0628  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:31:37.0255 0628  Stereo Service - ok
12:31:37.0286 0628  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:31:37.0301 0628  stexstor - ok
12:31:37.0333 0628  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:31:37.0379 0628  stisvc - ok
12:31:37.0411 0628  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:31:37.0426 0628  storflt - ok
12:31:37.0457 0628  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:31:37.0473 0628  storvsc - ok
12:31:37.0489 0628  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:31:37.0504 0628  swenum - ok
12:31:37.0551 0628  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:31:37.0691 0628  swprv - ok
12:31:37.0707 0628  Synth3dVsc - ok
12:31:37.0894 0628  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:31:37.0988 0628  SysMain - ok
12:31:38.0019 0628  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:31:38.0066 0628  TabletInputService - ok
12:31:38.0113 0628  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:31:38.0206 0628  TapiSrv - ok
12:31:38.0237 0628  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:31:38.0269 0628  TBS - ok
12:31:38.0581 0628  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:31:38.0705 0628  Tcpip - ok
12:31:38.0737 0628  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:31:38.0783 0628  TCPIP6 - ok
12:31:38.0815 0628  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:31:38.0830 0628  tcpipreg - ok
12:31:38.0877 0628  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:31:38.0908 0628  TDPIPE - ok
12:31:38.0939 0628  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:31:38.0971 0628  TDTCP - ok
12:31:39.0002 0628  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:31:39.0033 0628  tdx - ok
12:31:39.0236 0628  [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
12:31:39.0298 0628  TeamViewer7 - ok
12:31:39.0329 0628  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:31:39.0345 0628  TermDD - ok
12:31:39.0485 0628  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:31:39.0563 0628  TermService - ok
12:31:39.0579 0628  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:31:39.0595 0628  Themes - ok
12:31:39.0657 0628  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:31:39.0735 0628  THREADORDER - ok
12:31:39.0766 0628  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:31:39.0829 0628  TrkWks - ok
12:31:39.0875 0628  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:31:39.0922 0628  TrustedInstaller - ok
12:31:39.0953 0628  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:31:40.0000 0628  tssecsrv - ok
12:31:40.0047 0628  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:31:40.0063 0628  TsUsbFlt - ok
12:31:40.0078 0628  tsusbhub - ok
12:31:40.0109 0628  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:31:40.0156 0628  tunnel - ok
12:31:40.0203 0628  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:31:40.0219 0628  uagp35 - ok
12:31:40.0297 0628  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:31:40.0390 0628  udfs - ok
12:31:40.0421 0628  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:31:40.0453 0628  UI0Detect - ok
12:31:40.0499 0628  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:31:40.0515 0628  uliagpkx - ok
12:31:40.0531 0628  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
12:31:40.0562 0628  umbus - ok
12:31:40.0640 0628  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:31:40.0687 0628  UmPass - ok
12:31:40.0733 0628  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
12:31:40.0780 0628  UmRdpService - ok
12:31:40.0843 0628  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
12:31:40.0999 0628  UMVPFSrv - ok
12:31:41.0061 0628  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:31:41.0123 0628  upnphost - ok
12:31:41.0155 0628  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:31:41.0217 0628  usbaudio - ok
12:31:41.0248 0628  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:31:41.0311 0628  usbccgp - ok
12:31:41.0342 0628  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:31:41.0373 0628  usbcir - ok
12:31:41.0404 0628  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:31:41.0420 0628  usbehci - ok
12:31:41.0482 0628  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:31:41.0513 0628  usbhub - ok
12:31:41.0545 0628  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:31:41.0576 0628  usbohci - ok
12:31:41.0654 0628  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:31:41.0669 0628  usbprint - ok
12:31:41.0701 0628  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:31:41.0716 0628  usbscan - ok
12:31:41.0732 0628  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:31:41.0794 0628  USBSTOR - ok
12:31:41.0825 0628  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:31:41.0857 0628  usbuhci - ok
12:31:41.0903 0628  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:31:41.0966 0628  UxSms - ok
12:31:41.0997 0628  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
12:31:41.0997 0628  VaultSvc - ok
12:31:42.0028 0628  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:31:42.0044 0628  vdrvroot - ok
12:31:42.0075 0628  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:31:42.0122 0628  vds - ok
12:31:42.0153 0628  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:31:42.0169 0628  vga - ok
12:31:42.0184 0628  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:31:42.0231 0628  VgaSave - ok
12:31:42.0262 0628  VGPU - ok
12:31:42.0325 0628  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:31:42.0356 0628  vhdmp - ok
12:31:42.0387 0628  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:31:42.0403 0628  viaide - ok
12:31:42.0449 0628  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:31:42.0496 0628  vmbus - ok
12:31:42.0512 0628  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:31:42.0543 0628  VMBusHID - ok
12:31:42.0559 0628  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:31:42.0574 0628  volmgr - ok
12:31:42.0637 0628  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:31:42.0652 0628  volmgrx - ok
12:31:42.0668 0628  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:31:42.0683 0628  volsnap - ok
12:31:42.0730 0628  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:31:42.0746 0628  vsmraid - ok
12:31:42.0824 0628  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:31:42.0886 0628  VSS - ok
12:31:42.0902 0628  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:31:42.0949 0628  vwifibus - ok
12:31:42.0980 0628  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:31:43.0011 0628  W32Time - ok
12:31:43.0058 0628  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:31:43.0089 0628  WacomPen - ok
12:31:43.0120 0628  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:31:43.0167 0628  WANARP - ok
12:31:43.0167 0628  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:31:43.0214 0628  Wanarpv6 - ok
12:31:43.0463 0628  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:31:43.0541 0628  WatAdminSvc - ok
12:31:43.0651 0628  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:31:43.0729 0628  wbengine - ok
12:31:43.0760 0628  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:31:43.0775 0628  WbioSrvc - ok
12:31:43.0807 0628  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:31:43.0838 0628  wcncsvc - ok
12:31:43.0853 0628  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:31:43.0869 0628  WcsPlugInService - ok
12:31:43.0885 0628  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:31:43.0900 0628  Wd - ok
12:31:43.0947 0628  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:31:43.0978 0628  Wdf01000 - ok
12:31:44.0009 0628  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:31:44.0119 0628  WdiServiceHost - ok
12:31:44.0134 0628  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:31:44.0165 0628  WdiSystemHost - ok
12:31:44.0197 0628  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
12:31:44.0259 0628  WebClient - ok
12:31:44.0275 0628  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:31:44.0337 0628  Wecsvc - ok
12:31:44.0368 0628  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:31:44.0431 0628  wercplsupport - ok
12:31:44.0477 0628  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:31:44.0524 0628  WerSvc - ok
12:31:44.0571 0628  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:31:44.0665 0628  WfpLwf - ok
12:31:44.0665 0628  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:31:44.0680 0628  WIMMount - ok
12:31:44.0696 0628  WinDefend - ok
12:31:44.0711 0628  WinHttpAutoProxySvc - ok
12:31:44.0758 0628  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:31:44.0821 0628  Winmgmt - ok
12:31:45.0101 0628  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:31:45.0179 0628  WinRM - ok
12:31:45.0226 0628  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:31:45.0242 0628  WinUsb - ok
12:31:45.0289 0628  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:31:45.0335 0628  Wlansvc - ok
12:31:45.0382 0628  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:31:45.0413 0628  WmiAcpi - ok
12:31:45.0445 0628  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:31:45.0491 0628  wmiApSrv - ok
12:31:45.0523 0628  WMPNetworkSvc - ok
12:31:45.0538 0628  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:31:45.0554 0628  WPCSvc - ok
12:31:45.0585 0628  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:31:45.0601 0628  WPDBusEnum - ok
12:31:45.0647 0628  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:31:45.0757 0628  ws2ifsl - ok
12:31:45.0772 0628  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
12:31:45.0803 0628  wscsvc - ok
12:31:45.0819 0628  WSearch - ok
12:31:46.0006 0628  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:31:46.0147 0628  wuauserv - ok
12:31:46.0178 0628  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:31:46.0225 0628  WudfPf - ok
12:31:46.0256 0628  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:31:46.0287 0628  WUDFRd - ok
12:31:46.0318 0628  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:31:46.0349 0628  wudfsvc - ok
12:31:46.0396 0628  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:31:46.0412 0628  WwanSvc - ok
12:31:46.0427 0628  ================ Scan global ===============================
12:31:46.0459 0628  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:31:46.0490 0628  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:31:46.0490 0628  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:31:46.0521 0628  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:31:46.0583 0628  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:31:46.0599 0628  [Global] - ok
12:31:46.0599 0628  ================ Scan MBR ==================================
12:31:46.0646 0628  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:31:48.0689 0628  \Device\Harddisk1\DR1 - ok
12:31:48.0705 0628  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:31:49.0126 0628  \Device\Harddisk0\DR0 - ok
12:31:49.0126 0628  ================ Scan VBR ==================================
12:31:49.0157 0628  [ B69060D15AA4AADDD41DEAAF12FEE055 ] \Device\Harddisk1\DR1\Partition1
12:31:49.0189 0628  \Device\Harddisk1\DR1\Partition1 - ok
12:31:49.0204 0628  [ CEB8EBB0E48A174917F5640B4E559C12 ] \Device\Harddisk1\DR1\Partition2
12:31:49.0220 0628  \Device\Harddisk1\DR1\Partition2 - ok
12:31:49.0235 0628  [ 7DA863222D88920C404B2402AD10E187 ] \Device\Harddisk0\DR0\Partition1
12:31:49.0235 0628  \Device\Harddisk0\DR0\Partition1 - ok
12:31:49.0251 0628  [ 2C557F18991D9FCEB3D5A194ADD6DF68 ] \Device\Harddisk0\DR0\Partition2
12:31:49.0251 0628  \Device\Harddisk0\DR0\Partition2 - ok
12:31:49.0251 0628  ============================================================
12:31:49.0251 0628  Scan finished
12:31:49.0251 0628  ============================================================
12:31:49.0267 4684  Detected object count: 0
12:31:49.0267 4684  Actual detected object count: 0
         

Ich hab eben entdeckt, das Spybot wohl doch auf meinem Rechner (wieder)läuft. Als ich damit Mittwoch mal scannen wollte, hat sich das nicht berappelt bekommen. Als ich eben mal bei getrenntem Netzwerk alles an Programmen und Virenscannern deaktiviert hab, damit Kaspersky sich nicht gestört fühlen könnte, fiel mir auf, das es jetzt wohl doch beim Systemstart mit geöffnet wurde. Ich bin mir jetzt nicht sicher, ob das gestern bei Combofix mitlief. Ist bekannt, dass Spybot search and Destroy da was blockiert für Combofix? Dann mach ich den Scan nochmal mit diesmal alles, alles aus.

Danke dir, dass du bei mir dran bleibst Ich geb mein Bestes, aber manchmal bin ich leider ne konfuse Nudel.

Alt 16.12.2012, 16:25   #10
markusg
/// Malware-holic
 
Trojaner Generic28.BVLH und Crypt.AXUH an Board :( - Standard

Trojaner Generic28.BVLH und Crypt.AXUH an Board :(



Hi, wir hauen Spybot auf jeden fall runter, kann man ruhig drauf verzichten.

lade den CCleaner standard:
CCleaner Download - CCleaner 3.25.1872
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.12.2012, 17:28   #11
Ilithrien
 
Trojaner Generic28.BVLH und Crypt.AXUH an Board :( - Standard

Trojaner Generic28.BVLH und Crypt.AXUH an Board :(



Hey

hier das File:

Code:
ATTFilter
Ad-Aware Antivirus	Lavasoft Limited	30.04.2012	42,5MB	10.0.185.3207 unnötig
Ad-Aware Browsing Protection	Lavasoft	30.04.2012		0.9.0.2 unnötig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	12.12.2012	6,00MB	11.5.502.135 notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	12.12.2012	6,00MB	11.5.502.135 notwendig
Audacity 2.0	Audacity Team	07.05.2012	42,1MB unnötig
AVG 2013	AVG Technologies	12.12.2012		2013.0.2805 notwendig
Avira Free Antivirus	Avira	13.12.2012	129MB	13.0.0.2890 unnötig
Avira SearchFree Toolbar plus Web Protection	Ask.com	13.12.2012	10,2MB	1.15.11.0 unnötig
Avira SearchFree Toolbar plus Web Protection Updater	Ask.com	13.12.2012		1.2.3.30498 unnötig
Canon MP Navigator EX 2.0		14.05.2012 notwendig		
Canon My Printer		14.05.2012	notwendig	
Canon Utilities Easy-PhotoPrint EX		14.05.2012 notwendig		
Canon Utilities Solution Menu		14.05.2012 notwendig	 	
CCleaner	Piriform	25.11.2012		3.25 notwendig
CDBurnerXP	CDBurnerXP	12.12.2012	16,9MB	4.5.0.3661 unnötig
Citrix XenApp Web Plugin	Citrix Systems, Inc.	28.08.2012	25,4MB	11.0.150.5357 unnötig
Dropbox	Dropbox, Inc.	25.05.2012		1.4.7 notwendig
Foxit Reader	Foxit Corporation	03.05.2012	36,0MB	5.3.0.423 notwendig
ImgBurn	LIGHTNING UK!	11.12.2012		2.5.7.0 unnötig
IrfanView (remove only)	Irfan Skiljan	04.07.2012	1,50MB	4.32 unnötig
IsoBuster 3.0	Smart Projects	11.12.2012	10,4MB	3.0 unnötig
Java(TM) 6 Update 32	Oracle	05.05.2012	95,7MB	6.0.320
Java(TM) 7 Update 4 (64-bit)	Oracle	05.05.2012	95,0MB	7.0.40
Juniper Citrix Services Client	Juniper Networks	16.10.2012		7.2.0.22071 unnötig
Juniper Networks Setup Client Activex Control	Juniper Networks	28.08.2012		2.1.1.1 unnötig
Juniper Networks, Inc. Setup Client	Juniper Networks, Inc.	16.10.2012	800KB	7.2.5.26817 unnötig
Juniper Networks, Inc. Setup Client 64-bit Activex Control	Juniper Networks, Inc.	16.10.2012		2.1.1.1 unnötig
LAME v3.99.3 (for Windows)		07.05.2012	1,52MB	unnötig
Magical Jelly Bean KeyFinder	Magical Jelly Bean	21.08.2012	1,87MB	2.0.8.4 unnötig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	02.05.2012	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	02.05.2012	2,93MB	4.0.30319
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	12.12.2012	348KB	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	30.04.2012	788KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	01.05.2012	240KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	30.04.2012	596KB	9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	12.12.2012	11,1MB	10.0.40219
Mozilla Firefox 17.0.1 (x86 de)	Mozilla	15.12.2012	49,9MB	17.0.1 notwendig
Mozilla Maintenance Service	Mozilla	15.12.2012	329KB	17.0.1 notwendig
Mozilla Thunderbird 17.0 (x86 de)	Mozilla	14.12.2012	41,9MB	17.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	01.05.2012	1,27MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	01.05.2012	1,33MB	4.20.9876.0
Nero Kwik Media	Nero AG	12.12.2012	437MB	12.0.02100 unnötig
No23 Recorder	No23	22.05.2012	3,18MB	2.1.0.3 unnötig
NVIDIA 3D Vision Controller-Treiber 296.10	NVIDIA Corporation	30.04.2012		296.10 notwendig
NVIDIA 3D Vision Treiber 306.97	NVIDIA Corporation	18.11.2012		306.97 notwendig
NVIDIA Drivers		30.04.2012 notwendig		
NVIDIA Grafiktreiber 306.97	NVIDIA Corporation	18.11.2012		306.97 notwendig
NVIDIA PhysX-Systemsoftware 9.12.0213	NVIDIA Corporation	30.04.2012		9.12.0213 notwendig
NVIDIA Update 1.10.8	NVIDIA Corporation	18.11.2012		1.10.8 notwendig
OpenOffice.org 3.3	OpenOffice.org	30.04.2012	414MB	3.3.9567 notwendig
Puzzle Pirates		30.04.2012 unnötig		
ReaConverter 6.7 Standard	ReaSoft	05.07.2012 unnötig		
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	30.04.2012		6.0.1.6554 notwendig
Roadkil's Unstoppable Copier Version 5.2	Roadkil.Net	11.12.2012	812KB	unnötig
Security Task Manager 1.8d	Neuber Software	13.12.2012		1.8d unnötig
Skype Click to Call	Skype Technologies S.A.	07.11.2012	65,1MB	6.3.11079 notwendig, wenn skype ohne nicht geht. sonst unnötig
Skype™ 5.10	Skype Technologies S.A.	09.08.2012	19,3MB	5.10.116 notwendig
Smart File Advisor 1.1.1	Filefacts.net	11.12.2012	1,50MB	1.1.1 unbekannt
Spotify	Spotify AB	27.10.2012		0.8.5.1333.g822e0de8 unnötig
Spybot - Search & Destroy	Safer Networking Limited	02.07.2012		1.6.2 unnötig
TeamSpeak 3 Client	TeamSpeak Systems GmbH	01.05.2012		3.0.6 unnötig
TeamViewer 7	TeamViewer	29.11.2012		7.0.15723 unnötig
Tinypic 3.18	E. Fiedler	08.10.2012		Tinypic 3.18 notwendig
Trojan Remover 6.8.5	Simply Super Software	13.12.2012	18,7MB	6.8.5 unnötig
Visual Studio 2010 x64 Redistributables	AVG Technologies	12.12.2012	12,4MB	13.0.0.1 unbekannt wenns zu AVG gehört notwendig
VLC media player 2.0.1	VideoLAN	06.05.2012		2.0.1 notwendig
waterMark V2		08.10.2012	unnötig	
WinRAR 4.20 (64-Bit)	win.rar GmbH	24.06.2012		4.20.0 notwendig
         
nichts geschrieben hab ich beim
Java Update
Microsoft .NET Framework 4
Microsoft Visual C++
MSXML 4.0 SP2

weil ich mir da nicht sicher war, was davon für was notwendig ist.
Sonst war ich sehr rigoros. Wenn ich es vermissen sollte, kann man es ja wieder installieren. Aber aktuell ist es nicht wichtig.

Alt 16.12.2012, 18:36   #12
markusg
/// Malware-holic
 
Trojaner Generic28.BVLH und Crypt.AXUH an Board :( - Standard

Trojaner Generic28.BVLH und Crypt.AXUH an Board :(



Deinstaliere:
Ad-Aware : alle
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.

Deinstaliere:
Avira : alle
CDBurnerXP
Citrix
ImgBurn
IrfanView
IsoBuster
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Juniper : alle
LAME
Magical
Nero
No23
Puzzle
ReaConverter
Roadkil's
Security Task
Skype Click
Smart File
Spotify
Spybot
TeamSpeak
TeamViewer
Trojan Remover
waterMark

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.12.2012, 21:56   #13
Ilithrien
 
Trojaner Generic28.BVLH und Crypt.AXUH an Board :( - Standard

Trojaner Generic28.BVLH und Crypt.AXUH an Board :(



hey

Beim Deinstallieren habe eine Warnungen bekommen:

Für IsoBuster:
Zitat:
Runtime Error (at78:216): Could not call proc.
Dann hats scheinbar fertig deinstalliert. Ingorierbar?



Code:
ATTFilter
# AdwCleaner v2.101 - Datei am 16/12/2012 um 22:34:33 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Michi - MICHI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Michi\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\searchplugins\Askcom.xml
Ordner Gefunden : C:\ProgramData\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Softonic

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=de_NL

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default-1355223939464 [Profil par défaut]
Datei : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\prefs.js

Gefunden : user_pref("browser.search.order.1", "Ask.com");

*************************

AdwCleaner[R1].txt - [1136 octets] - [16/12/2012 22:34:33]

########## EOF - C:\AdwCleaner[R1].txt - [1196 octets] ##########
         
Mal so für mich als Zwischenstand: Wie gehts meinem PC denn? Konnten die ganzen Logs dir schon etwas sagen? Oder sind wir bisher nur weiterhin auf (erfolgreicher?)Spurensuche

Alt 17.12.2012, 10:13   #14
markusg
/// Malware-holic
 
Trojaner Generic28.BVLH und Crypt.AXUH an Board :( - Standard

Trojaner Generic28.BVLH und Crypt.AXUH an Board :(



Sieht eig recht gut aus, möchte dann noch etwas prüfen.
1.

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige
    jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die
    Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

IsoBuster:
ists noch in der Programmliste?
wie läuft das System, nach einem Neustart?
Auch Browser und Programme testen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.12.2012, 15:02   #15
Ilithrien
 
Trojaner Generic28.BVLH und Crypt.AXUH an Board :( - Standard

Trojaner Generic28.BVLH und Crypt.AXUH an Board :(



Hey

Tut mir leid, dass ich mich erst heute melde. Konnte gestern zwar noch deine Anweisung ausführen, aber dann ist mir irgendwie die Zeit weggerannt.

Code:
ATTFilter
# AdwCleaner v2.101 - Datei am 17/12/2012 um 12:41:46 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Michi - MICHI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Michi\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\searchplugins\Askcom.xml
Ordner Gelöscht : C:\ProgramData\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=de_NL --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default-1355223939464 [Profil par défaut]
Datei : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\prefs.js

Gelöscht : user_pref("browser.search.order.1", "Ask.com");

*************************

AdwCleaner[R1].txt - [1265 octets] - [16/12/2012 22:34:33]
AdwCleaner[S1].txt - [1234 octets] - [17/12/2012 12:41:46]

########## EOF - C:\AdwCleaner[S1].txt - [1294 octets] ##########
         
Der PC fährt jetzt auf jedenfall wieder geschmeidig hoch und rödelt keine Ewigkeiten an weiß der Henker was rum.
Auch meine Tastatur ist im BIOS wieder funktionstüchtig

Den wirklichen Auslastungstest konnte ich so jetzt noch nicht machen. Schaff ich heute auch leider nicht. Ich hoffe, das ich es morgen schaffe, da ich dann erstmal einen Monat außerhalb der Rechnerreichweite bin.

Aber es sieht so vom normalen Arbeiten her recht gut aus. Teilweise konnte ich ja noch nichtmal im Explorer was suchen, ohne das der sich mir "keine Rückmeldung" verabschiedet hat, und auf nichts mehr reagierte. Das ist deutlich besser! Danke dafür!

Wie sieht es aus, ich habe noch eine externe Datenplatte von mir und eine meiner Familie, die diese gerne bei Gelegenheit wieder hätten. Ich hatte sie beide vor nicht allzulanger Zeit noch angeschlossen, aber jetzt die ganze Zeit nicht, um sie zu schützen.
Ich werde sie auf jedenfall noch durchscannen. War meine Infizierung eher systemorientiert, oder kann es passieren, dass ich zwischen Fotos, Musik, Dokumenten und ähnlichem noch was fürchten muss?

Antwort

Themen zu Trojaner Generic28.BVLH und Crypt.AXUH an Board :(
ad-aware, antivir, antivirus, application/pdf:, avira, avira searchfree toolbar, bho, bootmenü, error, firefox, flash player, google, iexplore.exe, immer wieder da, install.exe, kis, langsam, msiinstaller, nicht öffnen, nvidia update, pirates, problem, programm, realtek, registry, richtlinie, safer networking, security, sehr langsam, software, spotify web helper, super, svchost.exe, system, system error, taskmanager, teamspeak, trojaner, visual studio, warum, windows



Ähnliche Themen: Trojaner Generic28.BVLH und Crypt.AXUH an Board :(


  1. Lob an Trojaner Board!
    Lob, Kritik und Wünsche - 19.11.2013 (0)
  2. Erfolgreich vom Trojaner befreit - Vielen Dank Cosinus & Trojaner Board
    Lob, Kritik und Wünsche - 14.09.2013 (1)
  3. Erfolgreich vom Trojaner befreit - Vielen Dank Cosinus & Trojaner Board
    Lob, Kritik und Wünsche - 10.09.2013 (0)
  4. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  5. Probleme mit .NET Framework, windows update und Systemwiederherstellung, Trojaner TR/Crypt.XPACK.Gen8, TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (11)
  6. c:/windows/assembly/GAC_64 Trojaner: Dropper.Generic28.ANIC
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (5)
  7. Trojaner: Generic28.CDNO
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (1)
  8. generic28 HGR / Mediyes
    Log-Analyse und Auswertung - 08.05.2012 (1)
  9. Trojaner TR/Vundo.Gen TR/Crypt.XPACK.Gen TR/Crypt.Morphine.Gen
    Log-Analyse und Auswertung - 09.04.2010 (4)
  10. Trojaner TR/Crypt.XPACK.Gen on board
    Log-Analyse und Auswertung - 31.03.2010 (45)
  11. Massives Trojaner Problem TR/Crypt.XPACK.Gen TR/dropper.Gen TR/Crypt.ASPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 21.03.2010 (1)
  12. 3 Trojaner: TR/FraudPack.240128 TR/Crypt.XPACK.Gen TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.01.2010 (1)
  13. Heftiger Trojaner Befall Crypt.XPACK.Gen/Click.YABECTOR.B.1/ Crypt.PEPM.Gen
    Log-Analyse und Auswertung - 28.12.2009 (1)
  14. Trojaner TR/Crypt.ASPM.Gen und TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 25.10.2009 (4)
  15. habe glaub ich üblen Trojaner, kann nicht auf Trojaner board, malbytes Seiten
    Plagegeister aller Art und deren Bekämpfung - 29.06.2009 (2)
  16. Zurück Trojaner-Board > Sicherheit - Trojaner-Info.de Forum > Plagegeister aller
    Mülltonne - 11.09.2008 (1)
  17. Trojaner TR/Vundo.Gen TR/Crypt.XPACK.Gen TR/Crypt.Morphine.Gen
    Mülltonne - 25.08.2008 (0)

Zum Thema Trojaner Generic28.BVLH und Crypt.AXUH an Board :( - Hallo zusammen! Schonmal Danke voraus, dass ihr euch Zeit für mein Problem nehmt! Montag ist mir aufgefallen, dass das System einfach absolut unrund läuft, als ich Oblivion mal wieder installieren - Trojaner Generic28.BVLH und Crypt.AXUH an Board :(...
Archiv
Du betrachtest: Trojaner Generic28.BVLH und Crypt.AXUH an Board :( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.