Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 15.12.2012, 09:03   #1
BLACKMARKET
 
recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden - Standard

recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden



Hallo,

wenn ich meine externe Festplatte anschließe kommt jedesmal eine Fehlermeldung:

G:\RECYCLER\470a1245.exe" konnte nicht gefunden werden. Stellen Sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den Vorgang.

Habe den ESET Online Scan durchgeführt hier mein Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=163dcb1b50cf354780ad96f057cf2ae4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-14 09:21:27
# local_time=2012-12-14 10:21:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1799 16775165 100 96 11012 220943377 7565 0
# compatibility_mode=5893 16776574 100 94 13246 107149937 0 0
# scanned=211403
# found=8
# cleaned=0
# scan_time=3657
G:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm (unable to clean) B1707A4A33A56DCEFF1506B05667686313AD7A53 I
G:\Bilder.lnk Win32/Dorkbot.D worm (unable to clean) 163DFB9A7BC45E5B2DA345E6029E73517F3BC28E I
G:\Dokumente.lnk Win32/Dorkbot.D worm (unable to clean) F06B677559FD93DD4313A93ADA12F616740C464B I
G:\eBooks.lnk Win32/Dorkbot.D worm (unable to clean) 6B2F310E049378B074145B7245CA8CDC66081CCB I
G:\Musik.lnk Win32/Dorkbot.D worm (unable to clean) C70D960D5215D7B8A14E7521EC6695ED30BFAD5F I
G:\System Volume Information.lnk Win32/Dorkbot.D worm (unable to clean) 6986A3F8216736E2091E8BDBC689AB0EB6009052 I
G:\Videos.lnk Win32/Dorkbot.D worm (unable to clean) 99DA8775C1595F057B9FABC748E9751C8B44AF1B I
G:\Youtube etc.lnk Win32/Dorkbot.D worm (unable to clean) 6161C08A2DAF147DC42791423956EEA8322E8F91 I


Ich hoffe mir kann jemand helfen.

mit freundlichen Grüßen

Alt 17.12.2012, 19:14   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden - Standard

recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________

__________________

Alt 18.12.2012, 20:19   #3
BLACKMARKET
 
recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden - Standard

recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden



Hi

habe mein System mit Malwarebytes AntiMalware geprüft. Es kam leider zu keinem Fund.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.18.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Jan :: JAN-PC [Administrator]

18.12.2012 14:05:32
mbam-log-2012-12-18 (14-05-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 405144
Laufzeit: 1 Stunde(n), 20 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
__________________

Alt 18.12.2012, 23:16   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden - Standard

recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden



Zitat:
Es kam leider zu keinem Fund.
Wieso leider?! Freust du dich über Funde?!

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.12.2012, 20:03   #5
BLACKMARKET
 
recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden - Standard

recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden



Code:
ATTFilter
OTL logfile created on: 19.12.2012 19:46:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 56,66% Memory free
7,73 Gb Paging File | 6,13 Gb Available in Paging File | 79,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 92,77 Gb Total Space | 5,42 Gb Free Space | 5,85% Space Free | Partition Type: NTFS
Drive D: | 205,22 Gb Total Space | 11,30 Gb Free Space | 5,50% Space Free | Partition Type: NTFS
Drive E: | 85,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 698,63 Gb Total Space | 479,91 Gb Free Space | 68,69% Space Free | Partition Type: NTFS
 
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.19 19:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.11 04:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
PRC - [2012.10.10 19:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.05.30 16:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.2.0.18\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.13 17:59:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.09 17:40:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.11 04:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe -- (NCO)
SRV - [2012.10.10 19:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe -- (NAV)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.17 17:17:48 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.11.01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012.10.08 18:00:02 | 000,776,864 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.10.04 03:19:14 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2012.10.03 18:40:36 | 001,133,216 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012.10.03 18:40:20 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012.10.03 18:19:14 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccSetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2012.09.06 19:05:14 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.09.06 18:48:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.09.06 18:40:52 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.12.17 17:40:29 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121218.020\ex64.sys -- (NAVEX15)
DRV - [2012.12.17 17:40:29 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.12.17 17:40:29 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.12.17 17:40:29 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121218.020\eng64.sys -- (NAVENG)
DRV - [2012.12.14 17:12:24 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121218.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.11.30 00:13:05 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF D9 1E 6D CA D6 CD 01  [binary data]
IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFFPlgn\ [2012.12.17 17:18:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn\ [2012.12.19 14:05:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.09 17:40:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.09 17:40:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.10.19 14:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2012.12.13 17:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\mg2mqueh.default\extensions
[2012.11.14 02:05:05 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\mg2mqueh.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.12.13 17:49:54 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\mg2mqueh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.12.09 17:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.09 17:40:03 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEF7CDEB-CB02-480D-A876-E30352C5E897}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.10 18:08:45 | 000,000,065 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\Shell - "" = AutoRun
O33 - MountPoints2\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\Shell\AutoRun\command - "" = rundll32.exe url,FileProtocolHandler index.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.19 19:44:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
[2012.12.17 20:09:15 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes
[2012.12.17 20:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.17 20:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.17 20:08:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.17 20:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.17 18:31:26 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\NPE
[2012.12.17 17:49:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.12.17 17:17:57 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccSetx64.sys
[2012.12.17 17:17:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64
[2012.12.17 17:17:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012
[2012.12.17 17:17:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
[2012.12.17 17:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Identity Safe
[2012.12.17 17:17:48 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.12.17 17:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.12.17 17:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012.12.17 17:17:28 | 001,133,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymEFA64.sys
[2012.12.17 17:17:28 | 000,776,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.sys
[2012.12.17 17:17:28 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymDS64.sys
[2012.12.17 17:17:28 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symnets.sys
[2012.12.17 17:17:28 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Ironx64.sys
[2012.12.17 17:17:28 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccSetx64.sys
[2012.12.17 17:17:28 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.sys
[2012.12.17 17:17:28 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymELAM.sys
[2012.12.17 17:17:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2012.12.17 17:17:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013
[2012.12.17 17:17:02 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2012.12.17 17:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2012.12.17 17:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.12.17 17:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.12.17 17:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012.12.17 17:15:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.17 16:51:45 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.12.17 16:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012.12.17 16:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.12.16 17:44:18 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Three Six Mafia - Last 2 Walk
[2012.12.16 17:43:20 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\WinRAR
[2012.12.16 17:43:20 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.12.16 17:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.12.16 17:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012.12.14 19:19:07 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Avira
[2012.12.14 19:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.12.14 19:13:17 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.14 19:13:17 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.14 19:13:17 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.12.14 19:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.12.14 19:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.12.12 18:21:01 | 000,000,000 | ---D | C] -- C:\Neuer Ordner
[2012.12.09 17:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.27 19:30:46 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Neuer Ordner
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.19 19:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
[2012.12.19 19:36:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.19 19:36:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.19 14:15:26 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.19 14:15:26 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.19 14:12:48 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.19 14:12:48 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.19 14:12:48 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.19 14:12:48 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.19 14:12:48 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.19 14:05:23 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.18 14:04:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.17 18:22:00 | 000,013,946 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\VT20121114.016
[2012.12.17 17:18:22 | 002,029,447 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Cat.DB
[2012.12.17 17:17:48 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.12.17 17:17:48 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.12.17 17:17:48 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.12.17 17:17:41 | 000,002,473 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012.12.17 16:51:45 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.12.15 08:51:22 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.14 19:13:33 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.02 19:31:02 | 000,079,762 | ---- | M] () -- C:\Users\Jan\Documents\Mediathek.xml
[2012.11.20 18:42:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
 
========== Files Created - No Company Name ==========
 
[2012.12.17 20:09:02 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.17 18:22:12 | 000,013,946 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\VT20121114.016
[2012.12.17 17:18:12 | 002,029,447 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Cat.DB
[2012.12.17 17:17:53 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccSetx64.cat
[2012.12.17 17:17:53 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccSetx64.inf
[2012.12.17 17:17:53 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\isolate.ini
[2012.12.17 17:17:48 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.12.17 17:17:48 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.12.17 17:17:41 | 000,002,473 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012.12.17 17:17:17 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymEFA.inf
[2012.12.17 17:17:17 | 000,002,851 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymDS.inf
[2012.12.17 17:17:17 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymNet.inf
[2012.12.17 17:17:17 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.inf
[2012.12.17 17:17:17 | 000,001,418 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.inf
[2012.12.17 17:17:17 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symELAM.inf
[2012.12.17 17:17:17 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccSetx64.inf
[2012.12.17 17:17:17 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Iron.inf
[2012.12.17 17:17:05 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymELAM64.cat
[2012.12.17 17:17:05 | 000,009,103 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymVTcer.dat
[2012.12.17 17:17:05 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccSetx64.cat
[2012.12.17 17:17:05 | 000,007,605 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.cat
[2012.12.17 17:17:05 | 000,007,603 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymEFA64.cat
[2012.12.17 17:17:05 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symnet64.cat
[2012.12.17 17:17:05 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.cat
[2012.12.17 17:17:05 | 000,007,597 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymDS64.cat
[2012.12.17 17:17:05 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\iron.cat
[2012.12.17 17:17:05 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\isolate.ini
[2012.12.16 17:43:54 | 000,011,672 | -HS- | C] () -- C:\Users\Jan\Desktop\AlbumArt_{EDA72DF6-1500-4258-8740-3E7AFE0DE3C7}_Large.jpg
[2012.12.16 17:43:48 | 000,002,731 | -HS- | C] () -- C:\Users\Jan\Desktop\AlbumArt_{EDA72DF6-1500-4258-8740-3E7AFE0DE3C7}_Small.jpg
[2012.12.16 17:43:47 | 000,011,672 | -HS- | C] () -- C:\Users\Jan\Desktop\Folder.jpg
[2012.12.16 17:43:47 | 000,002,731 | -HS- | C] () -- C:\Users\Jan\Desktop\AlbumArtSmall.jpg
[2012.12.14 19:13:33 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.12 20:57:04 | 1448,495,104 | ---- | C] () -- C:\Users\Jan\Desktop\Planet der Affen Prevolution.avi
[2012.12.12 20:56:26 | 735,027,200 | ---- | C] () -- C:\Users\Jan\Desktop\Paul - Ein Alien auf der Flucht.avi
[2012.12.02 19:31:02 | 000,079,762 | ---- | C] () -- C:\Users\Jan\Documents\Mediathek.xml
[2012.11.24 01:45:02 | 005,778,848 | ---- | C] () -- C:\Users\Jan\Desktop\Waka Flocka- _Vest On_ (Feat. Wooh Da Kid & Nino Cahootz) YScRoll.mp3
[2012.11.24 01:45:02 | 002,829,278 | ---- | C] () -- C:\Users\Jan\Desktop\WC - This is Los Angeles.mp3
[2012.11.24 01:45:01 | 008,279,438 | ---- | C] () -- C:\Users\Jan\Desktop\Sigma & Logistics - Dreams To Reality.mp3
[2012.11.24 01:45:01 | 005,639,388 | ---- | C] () -- C:\Users\Jan\Desktop\Not Meant For Me - Queen Of The Damned [Wayne Static].mp3
[2012.11.24 01:45:01 | 005,424,317 | ---- | C] () -- C:\Users\Jan\Desktop\MOK - Undercover [MW].mp3
[2012.11.24 01:45:00 | 007,045,705 | ---- | C] () -- C:\Users\Jan\Desktop\Jessie J - Nobody's Perfect (Netsky Remix).mp3
[2012.11.24 01:45:00 | 004,559,246 | ---- | C] () -- C:\Users\Jan\Desktop\11 Titelnummer 11.wma
[2012.11.24 01:45:00 | 001,660,886 | ---- | C] () -- C:\Users\Jan\Desktop\03 Titelnummer 3.wma
[2012.11.20 18:42:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012.10.17 17:45:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.19 16:02:39 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoft
[2012.10.19 16:02:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.19 16:02:21 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\OpenCandy
[2012.10.19 16:03:01 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.10.17 18:02:04 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.12.17 18:33:22 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.10.17 18:01:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.12.12 18:49:38 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.17 17:17:48 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.17 20:08:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.17 20:09:00 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.10.17 18:01:46 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.10.17 18:01:46 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.19 19:48:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.10.17 18:01:55 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.17 18:37:06 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.11.06 15:02:16 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Adobe
[2012.10.19 14:21:39 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Apple Computer
[2012.12.14 19:19:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Avira
[2012.10.19 16:02:39 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoft
[2012.10.19 16:02:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.17 18:02:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Identities
[2012.10.17 18:17:38 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Macromedia
[2012.12.17 20:09:15 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Malwarebytes
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Media Center Programs
[2012.10.19 16:02:59 | 000,000,000 | --SD | M] -- C:\Users\Jan\AppData\Roaming\Microsoft
[2012.10.19 14:11:52 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Mozilla
[2012.10.19 16:02:21 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\OpenCandy
[2012.10.19 16:03:01 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TuneUp Software
[2012.12.16 17:43:26 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.09.24 20:17:24 | 027,448,224 | ---- | M] (TuneUp Software) -- C:\Users\Jan\AppData\Roaming\OpenCandy\711F7903E4AF407CB54BA5DEE11073FB\TuneUpUtilities2013_2200218_de-DE.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 20 bytes -> C:\Users\Jan\Desktop\Planet der Affen Prevolution.avi:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Users\Jan\Desktop\Paul - Ein Alien auf der Flucht.avi:Mac_Metadata

< End of report >
         
Ich hoffe das mit dem Code hat so funktioniert. Danke fuer die Hilfe.


Alt 19.12.2012, 23:25   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden - Standard

recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
--> recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden

Alt 20.12.2012, 19:28   #7
BLACKMARKET
 
recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden - Standard

recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden



Hier ist das logfile von aswMBR.

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-20 18:20:00
-----------------------------
18:20:00.060    OS Version: Windows x64 6.1.7600 
18:20:00.060    Number of processors: 4 586 0x2502
18:20:00.060    ComputerName: JAN-PC  UserName: Jan
18:20:02.780    Initialize success
18:21:11.075    AVAST engine defs: 12122000
18:30:29.715    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:30:29.715    Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 11
18:30:29.735    Disk 0 MBR read successfully
18:30:29.735    Disk 0 MBR scan
18:30:29.795    Disk 0 Windows 7 default MBR code
18:30:29.815    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:30:29.835    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        95000 MB offset 206848
18:30:29.855    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       210143 MB offset 194766848
18:30:29.875    Disk 0 scanning C:\Windows\system32\drivers
18:30:39.999    Service scanning
18:31:03.273    Modules scanning
18:31:03.283    Disk 0 trace - called modules:
18:31:03.313    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
18:31:03.313    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bdf060]
18:31:03.323    3 CLASSPNP.SYS[fffff88001b0943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800491a3b0]
18:31:03.993    AVAST engine scan C:\Windows
18:31:05.583    AVAST engine scan C:\Windows\system32
18:33:58.240    AVAST engine scan C:\Windows\system32\drivers
18:34:10.232    AVAST engine scan C:\Users\Jan
18:36:55.665    AVAST engine scan C:\ProgramData
18:37:30.333    Scan finished successfully
18:43:51.060    Disk 0 MBR has been saved successfully to "C:\Users\Jan\Desktop\MBR.dat"
18:43:51.070    The log file has been saved successfully to "C:\Users\Jan\Desktop\aswMBR.txt"
         

Hier ist das Logfile von tdsskiller:

Code:
ATTFilter
19:02:13.0282 4000  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:02:13.0392 4000  ============================================================
19:02:13.0392 4000  Current date / time: 2012/12/20 19:02:13.0392
19:02:13.0392 4000  SystemInfo:
19:02:13.0392 4000  
19:02:13.0392 4000  OS Version: 6.1.7600 ServicePack: 0.0
19:02:13.0392 4000  Product type: Workstation
19:02:13.0392 4000  ComputerName: JAN-PC
19:02:13.0392 4000  UserName: Jan
19:02:13.0392 4000  Windows directory: C:\Windows
19:02:13.0392 4000  System windows directory: C:\Windows
19:02:13.0392 4000  Running under WOW64
19:02:13.0407 4000  Processor architecture: Intel x64
19:02:13.0407 4000  Number of processors: 4
19:02:13.0407 4000  Page size: 0x1000
19:02:13.0407 4000  Boot type: Normal boot
19:02:13.0407 4000  ============================================================
19:02:15.0607 4000  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:02:15.0638 4000  Drive \Device\Harddisk2\DR2 - Size: 0xAEA8A00000 (698.63 Gb), SectorSize: 0x200, Cylinders: 0x16440, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:02:21.0332 4000  ============================================================
19:02:21.0332 4000  \Device\Harddisk0\DR0:
19:02:21.0348 4000  MBR partitions:
19:02:21.0348 4000  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:02:21.0348 4000  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xB98C000
19:02:21.0348 4000  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xB9BE800, BlocksNum 0x19A6F800
19:02:21.0348 4000  \Device\Harddisk2\DR2:
19:02:21.0348 4000  MBR partitions:
19:02:21.0348 4000  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57544800
19:02:21.0348 4000  ============================================================
19:02:21.0410 4000  C: <-> \Device\Harddisk0\DR0\Partition2
19:02:21.0441 4000  D: <-> \Device\Harddisk0\DR0\Partition3
19:02:21.0472 4000  G: <-> \Device\Harddisk2\DR2\Partition1
19:02:21.0472 4000  ============================================================
19:02:21.0472 4000  Initialize success
19:02:21.0472 4000  ============================================================
19:03:12.0578 1212  ============================================================
19:03:12.0578 1212  Scan started
19:03:12.0578 1212  Mode: Manual; SigCheck; TDLFS; 
19:03:12.0578 1212  ============================================================
19:03:19.0146 1212  ================ Scan system memory ========================
19:03:19.0146 1212  System memory - ok
19:03:19.0146 1212  ================ Scan services =============================
19:03:19.0333 1212  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:03:19.0536 1212  1394ohci - ok
19:03:19.0676 1212  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
19:03:19.0739 1212  ACPI - ok
19:03:19.0770 1212  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
19:03:19.0879 1212  AcpiPmi - ok
19:03:20.0082 1212  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:03:20.0098 1212  AdobeARMservice - ok
19:03:20.0347 1212  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:03:20.0378 1212  AdobeFlashPlayerUpdateSvc - ok
19:03:20.0534 1212  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:03:20.0597 1212  adp94xx - ok
19:03:20.0690 1212  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:03:20.0753 1212  adpahci - ok
19:03:20.0831 1212  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:03:20.0862 1212  adpu320 - ok
19:03:20.0956 1212  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:03:21.0096 1212  AeLookupSvc - ok
19:03:21.0283 1212  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
19:03:21.0330 1212  AFD - ok
19:03:21.0377 1212  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
19:03:21.0408 1212  agp440 - ok
19:03:21.0455 1212  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:03:21.0626 1212  ALG - ok
19:03:21.0673 1212  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
19:03:21.0689 1212  aliide - ok
19:03:21.0845 1212  [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:03:21.0938 1212  AMD External Events Utility - ok
19:03:21.0970 1212  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
19:03:21.0985 1212  amdide - ok
19:03:22.0079 1212  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:03:22.0141 1212  AmdK8 - ok
19:03:22.0157 1212  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:03:22.0282 1212  AmdPPM - ok
19:03:22.0406 1212  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:03:22.0438 1212  amdsata - ok
19:03:22.0609 1212  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:03:22.0672 1212  amdsbs - ok
19:03:22.0687 1212  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:03:22.0703 1212  amdxata - ok
19:03:22.0968 1212  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:03:22.0999 1212  AntiVirSchedulerService - ok
19:03:23.0171 1212  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:03:23.0202 1212  AntiVirService - ok
19:03:23.0327 1212  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
19:03:23.0420 1212  AppID - ok
19:03:23.0498 1212  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:03:23.0654 1212  AppIDSvc - ok
19:03:23.0748 1212  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
19:03:23.0795 1212  Appinfo - ok
19:03:23.0982 1212  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:03:24.0013 1212  Apple Mobile Device - ok
19:03:24.0044 1212  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:03:24.0060 1212  arc - ok
19:03:24.0076 1212  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:03:24.0091 1212  arcsas - ok
19:03:24.0122 1212  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:03:24.0169 1212  AsyncMac - ok
19:03:24.0185 1212  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
19:03:24.0200 1212  atapi - ok
19:03:24.0372 1212  [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:03:24.0590 1212  atikmdag - ok
19:03:24.0637 1212  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:03:24.0731 1212  AudioEndpointBuilder - ok
19:03:24.0762 1212  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:03:24.0809 1212  AudioSrv - ok
19:03:24.0840 1212  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:03:24.0871 1212  avgntflt - ok
19:03:24.0902 1212  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:03:24.0918 1212  avipbb - ok
19:03:24.0918 1212  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:03:24.0934 1212  avkmgr - ok
19:03:24.0965 1212  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:03:25.0012 1212  AxInstSV - ok
19:03:25.0058 1212  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:03:25.0090 1212  b06bdrv - ok
19:03:25.0152 1212  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:03:25.0199 1212  b57nd60a - ok
19:03:25.0277 1212  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
19:03:25.0355 1212  BCM43XX - ok
19:03:25.0417 1212  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:03:25.0464 1212  BDESVC - ok
19:03:25.0511 1212  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:03:25.0604 1212  Beep - ok
19:03:25.0667 1212  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
19:03:25.0745 1212  BFE - ok
19:03:25.0948 1212  [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys
19:03:26.0026 1212  BHDrvx64 - ok
19:03:26.0088 1212  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
19:03:26.0197 1212  BITS - ok
19:03:26.0244 1212  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:03:26.0291 1212  blbdrive - ok
19:03:26.0369 1212  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:03:26.0400 1212  Bonjour Service - ok
19:03:26.0447 1212  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:03:26.0478 1212  bowser - ok
19:03:26.0540 1212  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:03:26.0587 1212  BrFiltLo - ok
19:03:26.0603 1212  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:03:26.0618 1212  BrFiltUp - ok
19:03:26.0665 1212  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
19:03:26.0728 1212  Browser - ok
19:03:26.0743 1212  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:03:26.0806 1212  Brserid - ok
19:03:26.0821 1212  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:03:26.0868 1212  BrSerWdm - ok
19:03:26.0899 1212  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:03:26.0962 1212  BrUsbMdm - ok
19:03:26.0977 1212  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:03:27.0024 1212  BrUsbSer - ok
19:03:27.0024 1212  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:03:27.0055 1212  BTHMODEM - ok
19:03:27.0118 1212  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:03:27.0196 1212  bthserv - ok
19:03:27.0274 1212  [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NAV       C:\Windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys
19:03:27.0305 1212  ccSet_NAV - ok
19:03:27.0336 1212  [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NST       C:\Windows\system32\drivers\NSTx64\7DD02000.012\ccSetx64.sys
19:03:27.0352 1212  ccSet_NST - ok
19:03:27.0398 1212  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:03:27.0570 1212  cdfs - ok
19:03:27.0617 1212  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:03:27.0664 1212  cdrom - ok
19:03:27.0710 1212  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:03:27.0788 1212  CertPropSvc - ok
19:03:27.0835 1212  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:03:27.0898 1212  circlass - ok
19:03:27.0944 1212  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:03:27.0976 1212  CLFS - ok
19:03:28.0054 1212  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:03:28.0085 1212  clr_optimization_v2.0.50727_32 - ok
19:03:28.0163 1212  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:03:28.0178 1212  clr_optimization_v2.0.50727_64 - ok
19:03:28.0256 1212  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:03:28.0288 1212  clr_optimization_v4.0.30319_32 - ok
19:03:28.0350 1212  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:03:28.0381 1212  clr_optimization_v4.0.30319_64 - ok
19:03:28.0412 1212  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:03:28.0459 1212  CmBatt - ok
19:03:28.0522 1212  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
19:03:28.0553 1212  cmdide - ok
19:03:28.0600 1212  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:03:28.0662 1212  CNG - ok
19:03:28.0678 1212  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:03:28.0693 1212  Compbatt - ok
19:03:28.0709 1212  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:03:28.0740 1212  CompositeBus - ok
19:03:28.0740 1212  COMSysApp - ok
19:03:28.0771 1212  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:03:28.0771 1212  crcdisk - ok
19:03:28.0818 1212  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:03:28.0896 1212  CryptSvc - ok
19:03:28.0943 1212  [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
19:03:28.0974 1212  dc3d - ok
19:03:29.0021 1212  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:03:29.0099 1212  DcomLaunch - ok
19:03:29.0130 1212  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:03:29.0192 1212  defragsvc - ok
19:03:29.0224 1212  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:03:29.0270 1212  DfsC - ok
19:03:29.0302 1212  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:03:29.0348 1212  Dhcp - ok
19:03:29.0395 1212  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:03:29.0473 1212  discache - ok
19:03:29.0520 1212  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:03:29.0551 1212  Disk - ok
19:03:29.0582 1212  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:03:29.0614 1212  Dnscache - ok
19:03:29.0645 1212  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
19:03:29.0738 1212  dot3svc - ok
19:03:29.0754 1212  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
19:03:29.0816 1212  DPS - ok
19:03:29.0848 1212  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:03:29.0863 1212  drmkaud - ok
19:03:29.0926 1212  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:03:29.0988 1212  DXGKrnl - ok
19:03:30.0004 1212  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:03:30.0066 1212  EapHost - ok
19:03:30.0175 1212  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:03:30.0284 1212  ebdrv - ok
19:03:30.0362 1212  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:03:30.0409 1212  eeCtrl - ok
19:03:30.0425 1212  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
19:03:30.0487 1212  EFS - ok
19:03:30.0581 1212  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:03:30.0659 1212  ehRecvr - ok
19:03:30.0690 1212  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:03:30.0721 1212  ehSched - ok
19:03:30.0784 1212  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:03:30.0830 1212  elxstor - ok
19:03:30.0877 1212  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:03:30.0893 1212  EraserUtilRebootDrv - ok
19:03:30.0908 1212  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
19:03:30.0940 1212  ErrDev - ok
19:03:30.0986 1212  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:03:31.0064 1212  EventSystem - ok
19:03:31.0080 1212  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:03:31.0142 1212  exfat - ok
19:03:31.0174 1212  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:03:31.0236 1212  fastfat - ok
19:03:31.0283 1212  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
19:03:31.0361 1212  Fax - ok
19:03:31.0361 1212  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:03:31.0392 1212  fdc - ok
19:03:31.0439 1212  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:03:31.0501 1212  fdPHost - ok
19:03:31.0517 1212  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:03:31.0564 1212  FDResPub - ok
19:03:31.0610 1212  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:03:31.0642 1212  FileInfo - ok
19:03:31.0657 1212  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:03:31.0704 1212  Filetrace - ok
19:03:31.0704 1212  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:03:31.0735 1212  flpydisk - ok
19:03:31.0766 1212  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:03:31.0782 1212  FltMgr - ok
19:03:31.0876 1212  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
19:03:32.0000 1212  FontCache - ok
19:03:32.0047 1212  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:03:32.0063 1212  FontCache3.0.0.0 - ok
19:03:32.0094 1212  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:03:32.0094 1212  FsDepends - ok
19:03:32.0297 1212  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:03:32.0359 1212  Fs_Rec - ok
19:03:32.0515 1212  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:03:32.0546 1212  fvevol - ok
19:03:32.0593 1212  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:03:32.0609 1212  gagp30kx - ok
19:03:32.0749 1212  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:03:32.0765 1212  GEARAspiWDM - ok
19:03:33.0139 1212  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
19:03:33.0202 1212  gpsvc - ok
19:03:33.0217 1212  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:03:33.0264 1212  hcw85cir - ok
19:03:33.0295 1212  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:03:33.0358 1212  HdAudAddService - ok
19:03:33.0404 1212  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:03:33.0451 1212  HDAudBus - ok
19:03:33.0451 1212  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:03:33.0482 1212  HidBatt - ok
19:03:33.0514 1212  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:03:33.0545 1212  HidBth - ok
19:03:33.0560 1212  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:03:33.0576 1212  HidIr - ok
19:03:33.0607 1212  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:03:33.0701 1212  hidserv - ok
19:03:33.0732 1212  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:03:33.0779 1212  HidUsb - ok
19:03:33.0794 1212  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:03:33.0888 1212  hkmsvc - ok
19:03:33.0904 1212  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:03:33.0966 1212  HomeGroupListener - ok
19:03:33.0997 1212  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:03:34.0028 1212  HomeGroupProvider - ok
19:03:34.0075 1212  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
19:03:34.0106 1212  HpSAMD - ok
19:03:34.0138 1212  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:03:34.0216 1212  HTTP - ok
19:03:34.0247 1212  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:03:34.0262 1212  hwpolicy - ok
19:03:34.0278 1212  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:03:34.0294 1212  i8042prt - ok
19:03:34.0340 1212  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:03:34.0372 1212  iaStorV - ok
19:03:34.0450 1212  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:03:34.0512 1212  idsvc - ok
19:03:34.0606 1212  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121219.001\IDSvia64.sys
19:03:34.0652 1212  IDSVia64 - ok
19:03:34.0684 1212  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:03:34.0699 1212  iirsp - ok
19:03:34.0746 1212  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
19:03:34.0840 1212  IKEEXT - ok
19:03:34.0840 1212  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
19:03:34.0855 1212  intelide - ok
19:03:34.0871 1212  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:03:34.0902 1212  intelppm - ok
19:03:34.0933 1212  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:03:34.0996 1212  IPBusEnum - ok
19:03:35.0011 1212  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:03:35.0074 1212  IpFilterDriver - ok
19:03:35.0120 1212  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:03:35.0230 1212  iphlpsvc - ok
19:03:35.0230 1212  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:03:35.0261 1212  IPMIDRV - ok
19:03:35.0276 1212  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:03:35.0339 1212  IPNAT - ok
19:03:35.0370 1212  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:03:35.0401 1212  iPod Service - ok
19:03:35.0432 1212  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:03:35.0448 1212  IRENUM - ok
19:03:35.0448 1212  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
19:03:35.0464 1212  isapnp - ok
19:03:35.0495 1212  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:03:35.0510 1212  iScsiPrt - ok
19:03:35.0526 1212  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:03:35.0542 1212  kbdclass - ok
19:03:35.0573 1212  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:03:35.0588 1212  kbdhid - ok
19:03:35.0604 1212  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
19:03:35.0620 1212  KeyIso - ok
19:03:35.0635 1212  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:03:35.0651 1212  KSecDD - ok
19:03:35.0666 1212  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:03:35.0682 1212  KSecPkg - ok
19:03:35.0698 1212  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:03:35.0744 1212  ksthunk - ok
19:03:35.0776 1212  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:03:35.0854 1212  KtmRm - ok
19:03:35.0885 1212  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:03:35.0963 1212  LanmanServer - ok
19:03:35.0994 1212  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:03:36.0072 1212  LanmanWorkstation - ok
19:03:36.0119 1212  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:03:36.0197 1212  lltdio - ok
19:03:36.0228 1212  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:03:36.0322 1212  lltdsvc - ok
19:03:36.0353 1212  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:03:36.0400 1212  lmhosts - ok
19:03:36.0446 1212  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:03:36.0462 1212  LSI_FC - ok
19:03:36.0478 1212  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:03:36.0493 1212  LSI_SAS - ok
19:03:36.0493 1212  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:03:36.0509 1212  LSI_SAS2 - ok
19:03:36.0509 1212  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:03:36.0524 1212  LSI_SCSI - ok
19:03:36.0540 1212  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:03:36.0618 1212  luafv - ok
19:03:36.0649 1212  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:03:36.0696 1212  Mcx2Svc - ok
19:03:36.0712 1212  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:03:36.0727 1212  megasas - ok
19:03:36.0743 1212  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:03:36.0758 1212  MegaSR - ok
19:03:36.0774 1212  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:03:36.0836 1212  MMCSS - ok
19:03:36.0868 1212  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:03:36.0946 1212  Modem - ok
19:03:37.0024 1212  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:03:37.0070 1212  monitor - ok
19:03:37.0164 1212  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:03:37.0211 1212  mouclass - ok
19:03:37.0289 1212  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:03:37.0398 1212  mouhid - ok
19:03:37.0429 1212  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:03:37.0445 1212  mountmgr - ok
19:03:37.0476 1212  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:03:37.0507 1212  MozillaMaintenance - ok
19:03:37.0538 1212  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
19:03:37.0554 1212  mpio - ok
19:03:37.0570 1212  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:03:37.0632 1212  mpsdrv - ok
19:03:37.0679 1212  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:03:37.0772 1212  MpsSvc - ok
19:03:37.0804 1212  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:03:37.0835 1212  MRxDAV - ok
19:03:37.0850 1212  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:03:37.0882 1212  mrxsmb - ok
19:03:37.0913 1212  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:03:37.0944 1212  mrxsmb10 - ok
19:03:37.0960 1212  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:03:37.0991 1212  mrxsmb20 - ok
19:03:38.0006 1212  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
19:03:38.0038 1212  msahci - ok
19:03:38.0053 1212  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
19:03:38.0069 1212  msdsm - ok
19:03:38.0116 1212  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:03:38.0147 1212  MSDTC - ok
19:03:38.0162 1212  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:03:38.0209 1212  Msfs - ok
19:03:38.0225 1212  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:03:38.0287 1212  mshidkmdf - ok
19:03:38.0303 1212  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
19:03:38.0318 1212  msisadrv - ok
19:03:38.0381 1212  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:03:38.0443 1212  MSiSCSI - ok
19:03:38.0459 1212  msiserver - ok
19:03:38.0474 1212  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:03:38.0537 1212  MSKSSRV - ok
19:03:38.0537 1212  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:03:38.0584 1212  MSPCLOCK - ok
19:03:38.0599 1212  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:03:38.0662 1212  MSPQM - ok
19:03:38.0693 1212  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:03:38.0708 1212  MsRPC - ok
19:03:38.0724 1212  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:03:38.0740 1212  mssmbios - ok
19:03:38.0755 1212  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:03:38.0818 1212  MSTEE - ok
19:03:38.0818 1212  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:03:38.0849 1212  MTConfig - ok
19:03:38.0849 1212  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:03:38.0864 1212  Mup - ok
19:03:38.0911 1212  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
19:03:39.0005 1212  napagent - ok
19:03:39.0052 1212  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:03:39.0130 1212  NativeWifiP - ok
19:03:39.0301 1212  [ 4A9258B9597A31DB68EC9740F3A8A70B ] NAV             C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
19:03:39.0317 1212  NAV - ok
19:03:39.0395 1212  [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121220.004\ENG64.SYS
19:03:39.0426 1212  NAVENG - ok
19:03:39.0504 1212  [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121220.004\EX64.SYS
19:03:39.0598 1212  NAVEX15 - ok
19:03:39.0691 1212  [ 4A9258B9597A31DB68EC9740F3A8A70B ] NCO             C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
19:03:39.0722 1212  NCO - ok
19:03:39.0754 1212  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:03:39.0800 1212  NDIS - ok
19:03:39.0832 1212  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:03:39.0878 1212  NdisCap - ok
19:03:39.0941 1212  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:03:40.0003 1212  NdisTapi - ok
19:03:40.0019 1212  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:03:40.0081 1212  Ndisuio - ok
19:03:40.0112 1212  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:03:40.0175 1212  NdisWan - ok
19:03:40.0190 1212  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:03:40.0268 1212  NDProxy - ok
19:03:40.0284 1212  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:03:40.0346 1212  NetBIOS - ok
19:03:40.0362 1212  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:03:40.0424 1212  NetBT - ok
19:03:40.0456 1212  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
19:03:40.0456 1212  Netlogon - ok
19:03:40.0487 1212  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:03:40.0549 1212  Netman - ok
19:03:40.0565 1212  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:03:40.0612 1212  netprofm - ok
19:03:40.0643 1212  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:03:40.0658 1212  NetTcpPortSharing - ok
19:03:40.0690 1212  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:03:40.0705 1212  nfrd960 - ok
19:03:40.0752 1212  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:03:40.0814 1212  NlaSvc - ok
19:03:40.0830 1212  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:03:40.0908 1212  Npfs - ok
19:03:40.0939 1212  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:03:41.0017 1212  nsi - ok
19:03:41.0033 1212  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:03:41.0111 1212  nsiproxy - ok
19:03:41.0173 1212  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:03:41.0267 1212  Ntfs - ok
19:03:41.0282 1212  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:03:41.0345 1212  Null - ok
19:03:41.0360 1212  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:03:41.0376 1212  nvraid - ok
19:03:41.0407 1212  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:03:41.0423 1212  nvstor - ok
19:03:41.0438 1212  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
19:03:41.0454 1212  nv_agp - ok
19:03:41.0470 1212  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:03:41.0501 1212  ohci1394 - ok
19:03:41.0516 1212  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:03:41.0563 1212  p2pimsvc - ok
19:03:41.0579 1212  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:03:41.0610 1212  p2psvc - ok
19:03:41.0626 1212  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:03:41.0641 1212  Parport - ok
19:03:41.0672 1212  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:03:41.0688 1212  partmgr - ok
19:03:41.0688 1212  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:03:41.0719 1212  PcaSvc - ok
19:03:41.0750 1212  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
19:03:41.0766 1212  pci - ok
19:03:41.0782 1212  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
19:03:41.0797 1212  pciide - ok
19:03:41.0813 1212  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:03:41.0844 1212  pcmcia - ok
19:03:41.0844 1212  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:03:41.0860 1212  pcw - ok
19:03:41.0891 1212  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:03:41.0969 1212  PEAUTH - ok
19:03:42.0218 1212  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:03:42.0250 1212  PerfHost - ok
19:03:42.0312 1212  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
19:03:42.0421 1212  pla - ok
19:03:42.0484 1212  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:03:42.0546 1212  PlugPlay - ok
19:03:42.0577 1212  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:03:42.0608 1212  PNRPAutoReg - ok
19:03:42.0624 1212  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:03:42.0655 1212  PNRPsvc - ok
19:03:42.0686 1212  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:03:42.0780 1212  PolicyAgent - ok
19:03:42.0811 1212  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:03:42.0874 1212  Power - ok
19:03:42.0920 1212  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:03:42.0998 1212  PptpMiniport - ok
19:03:43.0014 1212  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:03:43.0045 1212  Processor - ok
19:03:43.0076 1212  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
19:03:43.0108 1212  ProfSvc - ok
19:03:43.0123 1212  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:03:43.0139 1212  ProtectedStorage - ok
19:03:43.0170 1212  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:03:43.0248 1212  Psched - ok
19:03:43.0295 1212  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:03:43.0357 1212  ql2300 - ok
19:03:43.0357 1212  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:03:43.0373 1212  ql40xx - ok
19:03:43.0404 1212  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:03:43.0435 1212  QWAVE - ok
19:03:43.0451 1212  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:03:43.0482 1212  QWAVEdrv - ok
19:03:43.0498 1212  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:03:43.0560 1212  RasAcd - ok
19:03:43.0591 1212  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:03:43.0638 1212  RasAgileVpn - ok
19:03:43.0654 1212  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:03:43.0716 1212  RasAuto - ok
19:03:43.0732 1212  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:03:43.0810 1212  Rasl2tp - ok
19:03:43.0841 1212  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
19:03:43.0934 1212  RasMan - ok
19:03:43.0966 1212  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:03:44.0012 1212  RasPppoe - ok
19:03:44.0044 1212  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:03:44.0106 1212  RasSstp - ok
19:03:44.0137 1212  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:03:44.0200 1212  rdbss - ok
19:03:44.0215 1212  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:03:44.0246 1212  rdpbus - ok
19:03:44.0262 1212  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:03:44.0309 1212  RDPCDD - ok
19:03:44.0340 1212  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:03:44.0402 1212  RDPENCDD - ok
19:03:44.0418 1212  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:03:44.0465 1212  RDPREFMP - ok
19:03:44.0496 1212  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:03:44.0527 1212  RDPWD - ok
19:03:44.0558 1212  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:03:44.0574 1212  rdyboost - ok
19:03:44.0621 1212  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:03:44.0683 1212  RemoteAccess - ok
19:03:44.0714 1212  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:03:44.0777 1212  RemoteRegistry - ok
19:03:44.0792 1212  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:03:44.0855 1212  RpcEptMapper - ok
19:03:44.0886 1212  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:03:44.0933 1212  RpcLocator - ok
19:03:44.0964 1212  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
19:03:45.0026 1212  RpcSs - ok
19:03:45.0058 1212  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:03:45.0136 1212  rspndr - ok
19:03:45.0182 1212  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:03:45.0214 1212  RTL8167 - ok
19:03:45.0229 1212  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
19:03:45.0245 1212  SamSs - ok
19:03:45.0260 1212  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
19:03:45.0276 1212  sbp2port - ok
19:03:45.0307 1212  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:03:45.0385 1212  SCardSvr - ok
19:03:45.0385 1212  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:03:45.0448 1212  scfilter - ok
19:03:45.0494 1212  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
19:03:45.0572 1212  Schedule - ok
19:03:45.0619 1212  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:03:45.0666 1212  SCPolicySvc - ok
19:03:45.0682 1212  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:03:45.0728 1212  SDRSVC - ok
19:03:45.0775 1212  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:03:45.0853 1212  secdrv - ok
19:03:45.0853 1212  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
19:03:45.0916 1212  seclogon - ok
19:03:45.0947 1212  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:03:46.0009 1212  SENS - ok
19:03:46.0025 1212  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:03:46.0072 1212  SensrSvc - ok
19:03:46.0072 1212  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:03:46.0103 1212  Serenum - ok
19:03:46.0118 1212  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:03:46.0134 1212  Serial - ok
19:03:46.0150 1212  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:03:46.0181 1212  sermouse - ok
19:03:46.0212 1212  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
19:03:46.0274 1212  SessionEnv - ok
19:03:46.0274 1212  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
19:03:46.0306 1212  sffdisk - ok
19:03:46.0306 1212  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:03:46.0337 1212  sffp_mmc - ok
19:03:46.0337 1212  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
19:03:46.0399 1212  sffp_sd - ok
19:03:46.0399 1212  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:03:46.0415 1212  sfloppy - ok
19:03:46.0462 1212  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:03:46.0540 1212  SharedAccess - ok
19:03:46.0571 1212  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:03:46.0602 1212  ShellHWDetection - ok
19:03:46.0633 1212  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:03:46.0649 1212  SiSRaid2 - ok
19:03:46.0649 1212  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:03:46.0664 1212  SiSRaid4 - ok
19:03:46.0696 1212  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:03:46.0758 1212  Smb - ok
19:03:46.0789 1212  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:03:46.0820 1212  SNMPTRAP - ok
19:03:46.0836 1212  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:03:46.0852 1212  spldr - ok
19:03:46.0883 1212  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\Windows\System32\spoolsv.exe
19:03:46.0945 1212  Spooler - ok
19:03:47.0054 1212  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:03:47.0210 1212  sppsvc - ok
19:03:47.0226 1212  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:03:47.0288 1212  sppuinotify - ok
19:03:47.0382 1212  [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP           C:\Windows\system32\drivers\NAVx64\1402000.013\SRTSP64.SYS
19:03:47.0429 1212  SRTSP - ok
19:03:47.0429 1212  [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX          C:\Windows\system32\drivers\NAVx64\1402000.013\SRTSPX64.SYS
19:03:47.0444 1212  SRTSPX - ok
19:03:47.0507 1212  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:03:47.0554 1212  srv - ok
19:03:47.0585 1212  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:03:47.0616 1212  srv2 - ok
19:03:47.0647 1212  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:03:47.0694 1212  srvnet - ok
19:03:47.0741 1212  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:03:47.0834 1212  SSDPSRV - ok
19:03:47.0850 1212  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:03:47.0928 1212  SstpSvc - ok
19:03:47.0944 1212  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:03:47.0959 1212  stexstor - ok
19:03:48.0022 1212  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
19:03:48.0084 1212  stisvc - ok
19:03:48.0115 1212  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:03:48.0131 1212  swenum - ok
19:03:48.0146 1212  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:03:48.0224 1212  swprv - ok
19:03:48.0287 1212  [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS           C:\Windows\system32\drivers\NAVx64\1402000.013\SYMDS64.SYS
19:03:48.0318 1212  SymDS - ok
19:03:48.0349 1212  [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA          C:\Windows\system32\drivers\NAVx64\1402000.013\SYMEFA64.SYS
19:03:48.0412 1212  SymEFA - ok
19:03:48.0443 1212  [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:03:48.0458 1212  SymEvent - ok
19:03:48.0505 1212  [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON         C:\Windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS
19:03:48.0536 1212  SymIRON - ok
19:03:48.0552 1212  [ 1605EBD8CB86AFC4430116065995279A ] SymNetS         C:\Windows\system32\drivers\NAVx64\1402000.013\SYMNETS.SYS
19:03:48.0568 1212  SymNetS - ok
19:03:48.0614 1212  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
19:03:48.0677 1212  SysMain - ok
19:03:48.0708 1212  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:03:48.0739 1212  TabletInputService - ok
19:03:48.0755 1212  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:03:48.0833 1212  TapiSrv - ok
19:03:48.0864 1212  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:03:48.0911 1212  TBS - ok
19:03:48.0989 1212  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:03:49.0067 1212  Tcpip - ok
19:03:49.0114 1212  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:03:49.0176 1212  TCPIP6 - ok
19:03:49.0192 1212  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:03:49.0238 1212  tcpipreg - ok
19:03:49.0270 1212  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:03:49.0301 1212  TDPIPE - ok
19:03:49.0332 1212  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:03:49.0394 1212  TDTCP - ok
19:03:49.0410 1212  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:03:49.0472 1212  tdx - ok
19:03:49.0504 1212  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:03:49.0519 1212  TermDD - ok
19:03:49.0566 1212  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
19:03:49.0628 1212  TermService - ok
19:03:49.0660 1212  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:03:49.0722 1212  Themes - ok
19:03:49.0738 1212  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:03:49.0784 1212  THREADORDER - ok
19:03:49.0800 1212  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:03:49.0862 1212  TrkWks - ok
19:03:49.0925 1212  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:03:49.0987 1212  TrustedInstaller - ok
19:03:50.0003 1212  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:03:50.0065 1212  tssecsrv - ok
19:03:50.0096 1212  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:03:50.0143 1212  tunnel - ok
19:03:50.0159 1212  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:03:50.0174 1212  uagp35 - ok
19:03:50.0190 1212  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:03:50.0237 1212  udfs - ok
19:03:50.0268 1212  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:03:50.0284 1212  UI0Detect - ok
19:03:50.0299 1212  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
19:03:50.0315 1212  uliagpkx - ok
19:03:50.0330 1212  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:03:50.0377 1212  umbus - ok
19:03:50.0377 1212  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:03:50.0408 1212  UmPass - ok
19:03:50.0440 1212  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:03:50.0486 1212  upnphost - ok
19:03:50.0518 1212  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
19:03:50.0533 1212  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
19:03:50.0533 1212  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
19:03:50.0564 1212  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:03:50.0611 1212  usbccgp - ok
19:03:50.0611 1212  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
19:03:50.0658 1212  usbcir - ok
19:03:50.0674 1212  [ 92969BA5AC44E229C55A332864F79677 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:03:50.0689 1212  usbehci - ok
19:03:50.0705 1212  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:03:50.0736 1212  usbhub - ok
19:03:50.0752 1212  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:03:50.0783 1212  usbohci - ok
19:03:50.0814 1212  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:03:50.0830 1212  usbprint - ok
19:03:50.0861 1212  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:03:50.0892 1212  USBSTOR - ok
19:03:50.0908 1212  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:03:50.0923 1212  usbuhci - ok
19:03:50.0954 1212  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:03:51.0001 1212  usbvideo - ok
19:03:51.0048 1212  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:03:51.0126 1212  UxSms - ok
19:03:51.0142 1212  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
19:03:51.0157 1212  VaultSvc - ok
19:03:51.0204 1212  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
19:03:51.0235 1212  vdrvroot - ok
19:03:51.0266 1212  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
19:03:51.0313 1212  vds - ok
19:03:51.0329 1212  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:03:51.0344 1212  vga - ok
19:03:51.0360 1212  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:03:51.0422 1212  VgaSave - ok
19:03:51.0422 1212  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
19:03:51.0438 1212  vhdmp - ok
19:03:51.0454 1212  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
19:03:51.0469 1212  viaide - ok
19:03:51.0485 1212  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
19:03:51.0500 1212  volmgr - ok
19:03:51.0516 1212  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:03:51.0547 1212  volmgrx - ok
19:03:51.0563 1212  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
19:03:51.0578 1212  volsnap - ok
19:03:51.0594 1212  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:03:51.0610 1212  vsmraid - ok
19:03:51.0672 1212  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
19:03:51.0750 1212  VSS - ok
19:03:51.0766 1212  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:03:51.0812 1212  vwifibus - ok
19:03:51.0828 1212  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:03:51.0890 1212  vwififlt - ok
19:03:51.0922 1212  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:03:52.0000 1212  W32Time - ok
19:03:52.0015 1212  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:03:52.0046 1212  WacomPen - ok
19:03:52.0078 1212  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:03:52.0124 1212  WANARP - ok
19:03:52.0140 1212  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:03:52.0187 1212  Wanarpv6 - ok
19:03:52.0234 1212  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
19:03:52.0327 1212  wbengine - ok
19:03:52.0358 1212  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:03:52.0374 1212  WbioSrvc - ok
19:03:52.0421 1212  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:03:52.0483 1212  wcncsvc - ok
19:03:52.0499 1212  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:03:52.0530 1212  WcsPlugInService - ok
19:03:52.0561 1212  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:03:52.0577 1212  Wd - ok
19:03:52.0608 1212  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:03:52.0670 1212  Wdf01000 - ok
19:03:52.0686 1212  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:03:52.0702 1212  WdiServiceHost - ok
19:03:52.0717 1212  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:03:52.0733 1212  WdiSystemHost - ok
19:03:52.0764 1212  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
19:03:52.0811 1212  WebClient - ok
19:03:52.0842 1212  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:03:52.0904 1212  Wecsvc - ok
19:03:52.0920 1212  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:03:52.0998 1212  wercplsupport - ok
19:03:53.0029 1212  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:03:53.0076 1212  WerSvc - ok
19:03:53.0123 1212  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:03:53.0185 1212  WfpLwf - ok
19:03:53.0201 1212  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:03:53.0216 1212  WIMMount - ok
19:03:53.0248 1212  WinDefend - ok
19:03:53.0248 1212  WinHttpAutoProxySvc - ok
19:03:53.0310 1212  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:03:53.0388 1212  Winmgmt - ok
19:03:53.0482 1212  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:03:53.0606 1212  WinRM - ok
19:03:53.0653 1212  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:03:53.0700 1212  WinUsb - ok
19:03:53.0747 1212  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:03:53.0809 1212  Wlansvc - ok
19:03:53.0840 1212  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:03:53.0856 1212  WmiAcpi - ok
19:03:53.0887 1212  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:03:53.0934 1212  wmiApSrv - ok
19:03:53.0981 1212  WMPNetworkSvc - ok
19:03:54.0012 1212  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:03:54.0059 1212  WPCSvc - ok
19:03:54.0074 1212  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:03:54.0106 1212  WPDBusEnum - ok
19:03:54.0137 1212  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:03:54.0215 1212  ws2ifsl - ok
19:03:54.0246 1212  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:03:54.0308 1212  wscsvc - ok
19:03:54.0324 1212  WSearch - ok
19:03:54.0402 1212  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:03:54.0527 1212  wuauserv - ok
19:03:54.0558 1212  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:03:54.0589 1212  WudfPf - ok
19:03:54.0620 1212  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:03:54.0652 1212  WUDFRd - ok
19:03:54.0698 1212  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:03:54.0730 1212  wudfsvc - ok
19:03:54.0761 1212  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:03:54.0792 1212  WwanSvc - ok
19:03:54.0823 1212  ================ Scan global ===============================
19:03:54.0839 1212  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:03:54.0870 1212  [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
19:03:54.0901 1212  [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
19:03:54.0932 1212  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:03:54.0964 1212  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:03:54.0964 1212  [Global] - ok
19:03:54.0964 1212  ================ Scan MBR ==================================
19:03:54.0979 1212  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:03:55.0479 1212  \Device\Harddisk0\DR0 - ok
19:04:00.0721 1212  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
19:04:00.0924 1212  \Device\Harddisk2\DR2 - ok
19:04:00.0924 1212  ================ Scan VBR ==================================
19:04:00.0924 1212  [ 749118F126242396FDF59BA6B491338F ] \Device\Harddisk0\DR0\Partition1
19:04:00.0924 1212  \Device\Harddisk0\DR0\Partition1 - ok
19:04:00.0971 1212  [ 4DBEC9BCD5021CB1F4EC1806486C0179 ] \Device\Harddisk0\DR0\Partition2
19:04:00.0971 1212  \Device\Harddisk0\DR0\Partition2 - ok
19:04:01.0002 1212  [ 5315844ADB8322A9D66E2ADD5108EDD6 ] \Device\Harddisk0\DR0\Partition3
19:04:01.0002 1212  \Device\Harddisk0\DR0\Partition3 - ok
19:04:01.0002 1212  [ 9019E3F1BB5A212EB8B92956DFDAD366 ] \Device\Harddisk2\DR2\Partition1
19:04:01.0017 1212  \Device\Harddisk2\DR2\Partition1 - ok
19:04:01.0017 1212  ============================================================
19:04:01.0017 1212  Scan finished
19:04:01.0017 1212  ============================================================
19:04:01.0033 4628  Detected object count: 1
19:04:01.0033 4628  Actual detected object count: 1
19:04:35.0915 4628  C:\Windows\system32\Drivers\usbaapl64.sys - copied to quarantine
19:04:35.0930 4628  HKLM\SYSTEM\ControlSet001\services\USBAAPL64 - will be deleted on reboot
19:04:35.0962 4628  HKLM\SYSTEM\ControlSet002\services\USBAAPL64 - will be deleted on reboot
19:04:36.0118 4628  C:\Windows\system32\Drivers\usbaapl64.sys - will be deleted on reboot
19:04:36.0118 4628  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Delete
         
Habe aus versehen delete angeklickt. Hoffe das war jetzt kein fehler.

mit freundlichen Grueßen
Horras jan

Alt 20.12.2012, 20:35   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden - Standard

recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden



Na es stand doch extra da, dass du sichergehen sollst auf auf SKIP stehen zu haben

Zitat:
Habe aus versehen delete angeklickt. Hoffe das war jetzt kein fehler.
Doch leider ja
Du hast dir offensichtlich den Apple Mobile Device USB Driver gelöscht
AFAIK hat der TDSS-Killer noch keine vernünftige Recovery-Funktion
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.12.2012, 21:10   #9
BLACKMARKET
 
recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden - Standard

recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden



Soll ich den Scan erneut durchfuehren!

Alt 20.12.2012, 21:14   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden - Standard

recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden



Was soll das jetzt bringen?! Die Datei wurde gelöscht!
Wunder dich also nicht, wenn irgendeine Apple-Hardware über USB nicht mehr richtig funktioniert oder so

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.12.2012, 21:49   #11
BLACKMARKET
 
recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden - Standard

recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden



Code:
ATTFilter
# AdwCleaner v2.101 - Datei am 20/12/2012 um 21:47:44 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Jan - JAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jan\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\Jan\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default 
Datei : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\mg2mqueh.default\prefs.js

Gefunden : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7B972ce4c6-7e08-4474-a285[...]

*************************

AdwCleaner[R1].txt - [872 octets] - [20/12/2012 21:47:44]

########## EOF - C:\AdwCleaner[R1].txt - [931 octets] ##########
         

Alt 20.12.2012, 22:32   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden - Standard

recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.12.2012, 13:07   #13
BLACKMARKET
 
recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden - Standard

recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden



Hier ist der Log von AdwCleaner:

Code:
ATTFilter
# AdwCleaner v2.101 - Datei am 21/12/2012 um 12:46:45 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Jan - JAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jan\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Jan\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default 
Datei : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\mg2mqueh.default\prefs.js

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\mg2mqueh.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7B972ce4c6-7e08-4474-a285[...]

*************************

AdwCleaner[R1].txt - [999 octets] - [20/12/2012 21:47:44]
AdwCleaner[R2].txt - [1058 octets] - [20/12/2012 21:48:01]
AdwCleaner[S1].txt - [1754 octets] - [21/12/2012 12:46:45]

########## EOF - C:\AdwCleaner[S1].txt - [1814 octets] ##########
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.12.2012 12:54:56 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 65,86% Memory free
7,73 Gb Paging File | 6,36 Gb Available in Paging File | 82,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 92,77 Gb Total Space | 6,33 Gb Free Space | 6,83% Space Free | Partition Type: NTFS
Drive D: | 205,22 Gb Total Space | 11,30 Gb Free Space | 5,50% Space Free | Partition Type: NTFS
Drive E: | 85,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.2.0.18\wincfi39.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (NCO) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe (Symantec Corporation)
SRV - (NAV) -- C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NAV) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121220.004\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121220.004\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121219.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF D9 1E 6D CA D6 CD 01  [binary data]
IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFFPlgn\ [2012.12.17 17:18:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn\ [2012.12.21 12:48:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.09 17:40:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.09 17:40:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.10.19 14:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2012.12.21 00:52:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\mg2mqueh.default\extensions
[2012.11.14 02:05:05 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\mg2mqueh.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\mg2mqueh.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2012.12.13 17:49:54 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\mg2mqueh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.12.09 17:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.09 17:40:03 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEF7CDEB-CB02-480D-A876-E30352C5E897}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.10 18:08:45 | 000,000,065 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\Shell - "" = AutoRun
O33 - MountPoints2\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\Shell\AutoRun\command - "" = rundll32.exe url,FileProtocolHandler index.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.21 00:52:16 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\PutLockerDownloader
[2012.12.21 00:52:01 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
[2012.12.21 00:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie2KDownloader.com
[2012.12.20 19:04:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.12.20 18:46:17 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jan\Desktop\tdsskiller.exe
[2012.12.20 18:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.20 18:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.20 18:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.20 18:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.20 18:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.20 18:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.12.20 18:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.12.19 19:44:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
[2012.12.17 20:09:15 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes
[2012.12.17 20:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.17 20:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.17 20:08:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.17 20:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.17 18:31:26 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\NPE
[2012.12.17 17:49:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.12.17 17:17:57 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccSetx64.sys
[2012.12.17 17:17:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64
[2012.12.17 17:17:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012
[2012.12.17 17:17:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
[2012.12.17 17:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Identity Safe
[2012.12.17 17:17:48 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.12.17 17:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.12.17 17:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012.12.17 17:17:28 | 001,133,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymEFA64.sys
[2012.12.17 17:17:28 | 000,776,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.sys
[2012.12.17 17:17:28 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymDS64.sys
[2012.12.17 17:17:28 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symnets.sys
[2012.12.17 17:17:28 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Ironx64.sys
[2012.12.17 17:17:28 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccSetx64.sys
[2012.12.17 17:17:28 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.sys
[2012.12.17 17:17:28 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymELAM.sys
[2012.12.17 17:17:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2012.12.17 17:17:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013
[2012.12.17 17:17:02 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2012.12.17 17:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2012.12.17 17:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.12.17 17:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.12.17 17:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012.12.17 17:15:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.17 16:51:45 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.12.17 16:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012.12.17 16:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.12.16 17:44:18 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Three Six Mafia - Last 2 Walk
[2012.12.16 17:43:20 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\WinRAR
[2012.12.16 17:43:20 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.12.16 17:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.12.16 17:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012.12.14 19:19:07 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Avira
[2012.12.14 19:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.12.14 19:13:17 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.14 19:13:17 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.14 19:13:17 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.12.14 19:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.12.14 19:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.12.13 17:48:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 17:48:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.13 17:48:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 17:48:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.13 17:48:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 17:48:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 17:48:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 17:48:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.13 17:48:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.13 17:48:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.13 17:48:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.13 17:48:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 17:48:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.13 17:48:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.13 17:48:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.12 18:21:01 | 000,000,000 | ---D | C] -- C:\Neuer Ordner
[2012.12.12 16:33:11 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.12 16:33:10 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.12 16:33:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.12 16:33:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.12 16:33:06 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.12 16:33:06 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.12 16:33:06 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.12 16:33:05 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.12 16:33:04 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.12 16:33:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.12 16:33:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.12 16:33:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.12 16:33:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.12 16:33:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.12 16:33:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.12 16:33:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 16:33:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 16:33:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 16:33:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 16:33:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.12 16:33:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 16:33:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 16:33:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 16:33:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 16:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 16:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 16:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 16:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 16:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 16:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 16:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 16:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 16:33:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 16:33:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 16:33:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 16:33:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.12 16:32:52 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.12 16:32:52 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.09 17:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.27 19:30:46 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Neuer Ordner
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.21 12:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.21 12:55:56 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.21 12:55:56 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.21 12:48:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.21 12:48:01 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.21 00:52:01 | 000,000,928 | ---- | M] () -- C:\Users\Jan\Desktop\Movie2KDownloader.lnk
[2012.12.20 21:45:34 | 000,547,175 | ---- | M] () -- C:\Users\Jan\Desktop\adwcleaner.exe
[2012.12.20 18:59:21 | 000,014,308 | ---- | M] () -- C:\Users\Jan\Desktop\Die-ultimative-Bourne-Collection.jpg
[2012.12.20 18:45:56 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jan\Desktop\tdsskiller.exe
[2012.12.20 18:43:51 | 000,000,512 | ---- | M] () -- C:\Users\Jan\Desktop\MBR.dat
[2012.12.20 18:33:05 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.20 18:33:05 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.20 18:33:05 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.20 18:33:05 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.20 18:33:05 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.20 18:17:51 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.20 18:16:00 | 002,029,707 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Cat.DB
[2012.12.19 19:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
[2012.12.18 14:04:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.17 18:22:00 | 000,013,946 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\VT20121114.016
[2012.12.17 17:17:48 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.12.17 17:17:48 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.12.17 17:17:48 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.12.17 17:17:41 | 000,002,473 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012.12.17 16:51:45 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.12.15 08:51:22 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.14 19:13:33 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.13 17:59:24 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.13 17:59:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.02 19:31:02 | 000,079,762 | ---- | M] () -- C:\Users\Jan\Documents\Mediathek.xml
 
========== Files Created - No Company Name ==========
 
[2012.12.21 00:52:01 | 000,000,928 | ---- | C] () -- C:\Users\Jan\Desktop\Movie2KDownloader.lnk
[2012.12.20 21:46:31 | 000,547,175 | ---- | C] () -- C:\Users\Jan\Desktop\adwcleaner.exe
[2012.12.20 18:59:20 | 000,014,308 | ---- | C] () -- C:\Users\Jan\Desktop\Die-ultimative-Bourne-Collection.jpg
[2012.12.20 18:43:51 | 000,000,512 | ---- | C] () -- C:\Users\Jan\Desktop\MBR.dat
[2012.12.20 18:17:51 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.17 20:09:02 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.17 18:22:12 | 000,013,946 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\VT20121114.016
[2012.12.17 17:18:12 | 002,029,707 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Cat.DB
[2012.12.17 17:17:53 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccSetx64.cat
[2012.12.17 17:17:53 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccSetx64.inf
[2012.12.17 17:17:53 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\isolate.ini
[2012.12.17 17:17:48 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.12.17 17:17:48 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.12.17 17:17:41 | 000,002,473 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012.12.17 17:17:17 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymEFA.inf
[2012.12.17 17:17:17 | 000,002,851 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymDS.inf
[2012.12.17 17:17:17 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymNet.inf
[2012.12.17 17:17:17 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.inf
[2012.12.17 17:17:17 | 000,001,418 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.inf
[2012.12.17 17:17:17 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symELAM.inf
[2012.12.17 17:17:17 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccSetx64.inf
[2012.12.17 17:17:17 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Iron.inf
[2012.12.17 17:17:05 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymELAM64.cat
[2012.12.17 17:17:05 | 000,009,103 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymVTcer.dat
[2012.12.17 17:17:05 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccSetx64.cat
[2012.12.17 17:17:05 | 000,007,605 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.cat
[2012.12.17 17:17:05 | 000,007,603 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymEFA64.cat
[2012.12.17 17:17:05 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symnet64.cat
[2012.12.17 17:17:05 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.cat
[2012.12.17 17:17:05 | 000,007,597 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymDS64.cat
[2012.12.17 17:17:05 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\iron.cat
[2012.12.17 17:17:05 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\isolate.ini
[2012.12.16 17:43:54 | 000,011,672 | -HS- | C] () -- C:\Users\Jan\Desktop\AlbumArt_{EDA72DF6-1500-4258-8740-3E7AFE0DE3C7}_Large.jpg
[2012.12.16 17:43:48 | 000,002,731 | -HS- | C] () -- C:\Users\Jan\Desktop\AlbumArt_{EDA72DF6-1500-4258-8740-3E7AFE0DE3C7}_Small.jpg
[2012.12.16 17:43:47 | 000,011,672 | -HS- | C] () -- C:\Users\Jan\Desktop\Folder.jpg
[2012.12.16 17:43:47 | 000,002,731 | -HS- | C] () -- C:\Users\Jan\Desktop\AlbumArtSmall.jpg
[2012.12.14 19:13:33 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.12 20:57:04 | 1448,495,104 | ---- | C] () -- C:\Users\Jan\Desktop\Planet der Affen Prevolution.avi
[2012.12.12 20:56:26 | 735,027,200 | ---- | C] () -- C:\Users\Jan\Desktop\Paul - Ein Alien auf der Flucht.avi
[2012.12.02 19:31:02 | 000,079,762 | ---- | C] () -- C:\Users\Jan\Documents\Mediathek.xml
[2012.11.24 01:45:02 | 005,778,848 | ---- | C] () -- C:\Users\Jan\Desktop\Waka Flocka- _Vest On_ (Feat. Wooh Da Kid & Nino Cahootz) YScRoll.mp3
[2012.11.24 01:45:02 | 002,829,278 | ---- | C] () -- C:\Users\Jan\Desktop\WC - This is Los Angeles.mp3
[2012.11.24 01:45:01 | 008,279,438 | ---- | C] () -- C:\Users\Jan\Desktop\Sigma & Logistics - Dreams To Reality.mp3
[2012.11.24 01:45:01 | 005,639,388 | ---- | C] () -- C:\Users\Jan\Desktop\Not Meant For Me - Queen Of The Damned [Wayne Static].mp3
[2012.11.24 01:45:01 | 005,424,317 | ---- | C] () -- C:\Users\Jan\Desktop\MOK - Undercover [MW].mp3
[2012.11.24 01:45:00 | 007,045,705 | ---- | C] () -- C:\Users\Jan\Desktop\Jessie J - Nobody's Perfect (Netsky Remix).mp3
[2012.11.24 01:45:00 | 004,559,246 | ---- | C] () -- C:\Users\Jan\Desktop\11 Titelnummer 11.wma
[2012.11.24 01:45:00 | 001,660,886 | ---- | C] () -- C:\Users\Jan\Desktop\03 Titelnummer 3.wma
[2012.10.17 17:45:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 20 bytes -> C:\Users\Jan\Desktop\Planet der Affen Prevolution.avi:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Users\Jan\Desktop\Paul - Ein Alien auf der Flucht.avi:Mac_Metadata

< End of report >
         
--- --- ---

[/code]

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.12.2012 12:54:56 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 65,86% Memory free
7,73 Gb Paging File | 6,36 Gb Available in Paging File | 82,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 92,77 Gb Total Space | 6,33 Gb Free Space | 6,83% Space Free | Partition Type: NTFS
Drive D: | 205,22 Gb Total Space | 11,30 Gb Free Space | 5,50% Space Free | Partition Type: NTFS
Drive E: | 85,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1152932176-3179621756-3359021054-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{090D390F-7383-4361-BC8C-7D750A54563A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1519FACC-CDDE-4968-ACBE-E7C5CD2289B9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{163BDE6E-6513-4A65-93FD-7F23AABE1168}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1AD17639-BA51-4D27-A279-E37508EE65B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2522A9E4-D5E4-4AA5-BD30-8F5082F3995D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3CF23A67-EC67-46A2-8D04-1102693F3057}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{43037F74-54EE-4DF4-9145-3B9086C6E445}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4F5091BA-61CF-40A9-A2D1-16E45516666B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{55E19928-50D9-4EC7-982D-02C225DFE7C8}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5804A873-0D06-4AB7-AD63-894A31EA07EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{583F5D8C-29E3-48D3-BACD-CFBF86904EDF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6A0990C4-8BC5-4494-88D7-A9827867DDA8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6FCAEA55-2813-48F7-9136-58D2155A7DA6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{725F54EC-BEC3-4741-B547-4FF6557FD752}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7577B339-3831-4DEE-AFBB-742996802F22}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{75AD9964-1B48-4A8A-BFBB-89FDADCDE727}" = lport=445 | protocol=6 | dir=in | app=system | 
"{78EA6B2F-C983-4081-9265-BBCDEB236E81}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{935615CB-24EE-42AC-8225-AFBC612A3B11}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{94F1D51D-A72F-4C5B-A768-8C085C4D4638}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9EC62D18-48FD-414E-B7ED-29D60666EEA1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A05A23C2-CFDD-41AC-BB38-410C2AEA2DCD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AD8BE20A-66AD-4089-8A24-86DE9EA1EDCD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AE3D6F83-471E-49EF-A134-D3F99CA51E84}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BA2BB74E-2519-4A42-9E82-ED656BF2642F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BD9FFC8D-CBC8-4A89-AEF8-AF59C3555B72}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BECC9570-0C93-474E-8855-F7FD0DDDF61D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C43F72EB-6347-4BDC-B64C-EFAA881003E5}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DD32FEA1-AAB2-4B17-B220-E81516186154}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{FAD69325-DED4-44AB-8390-34403EEFD74C}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AF86CC-599B-4B9A-B690-5F3196940458}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{022B6BD1-1CA9-484E-AB2C-D42A6AD7B8DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{095092C4-68C8-479C-B3F7-84EC9284AA47}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0B7B3A41-7E69-4908-9D0D-47FD9DFA0B34}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2761702F-F1B2-4A46-A200-D744AEA43C7F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3A9C4EA2-3278-4444-A7C0-5A367540A806}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3EFA0FC5-A466-4454-905C-FFDD4B58B1E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{477EFF3C-04EE-49E7-A415-B10148772D98}" = protocol=6 | dir=out | app=system | 
"{4B798E4F-E119-42AC-8441-D71EBF584E49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{56C602E2-5379-4174-870E-3C08C249D74F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5D6EE5DC-BA29-40FB-A659-4DE4EC59CFF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6ABB24FF-451B-489A-B0F0-6CBB8611130A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7C12368A-4104-4623-BB78-13B7A953475F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D720D8B-1C00-4741-92AF-D91AA5A7F1A8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{85BC6C11-1EB8-466C-ACC2-CD71F865304D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{880F9D04-5AC0-4E97-87FD-6EB9AD6CF225}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9AD12504-C3A4-49EA-88B1-71777957ED89}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9D8F5229-4A2A-4C28-A3FE-3CB3E0C3EC64}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9DE91E1B-66AF-480E-9052-C0DCCEF8D0B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AA6D711C-CE55-41BF-A06E-8F6C97BC708E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AD07F79C-8C08-419E-AB0A-0BE365B4A607}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C199F8B4-71A9-4DCF-82D4-F1C97D341286}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C72EB03E-0D6B-4302-B534-44C3CE74CE58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CDABF81D-9C22-4E53-97A5-5FC709D47E7D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D05412D1-57DB-4D72-8667-6E7E5B63C836}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DB864C12-5C75-4C18-A073-2C52AEBC0137}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E35FD4C5-2E6A-493F-B843-83FB4908E449}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E79F9584-6690-4247-8736-A0CAFBF3D545}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{EC04A782-B97A-4B73-9984-4A23A6AA8A99}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{ED22A261-4902-477B-A505-43DE347B12CB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{F290FBD1-58F9-4839-9348-BB2F5323D1C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F61E0BAB-B50D-4F34-8771-A0D394C1FB2D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"1ClickDownload" = Movie2KDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAV" = Norton AntiVirus
"NST" = Norton Identity Safe
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.12.2012 04:58:44 | Computer Name = Jan-PC | Source = VSS | ID = 12305
Description = 
 
Error - 15.12.2012 04:58:45 | Computer Name = Jan-PC | Source = VSS | ID = 12305
Description = 
 
Error - 15.12.2012 05:32:50 | Computer Name = Jan-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\Jan\downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 16.12.2012 11:45:21 | Computer Name = Jan-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Jan\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 16.12.2012 18:51:45 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.12.2012 18:51:45 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11591
 
Error - 16.12.2012 18:51:45 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11591
 
Error - 18.12.2012 14:24:13 | Computer Name = Jan-PC | Source = ATIeRecord | ID = 16388
Description = ATI EEU Client event error
 
Error - 19.12.2012 09:54:56 | Computer Name = Jan-PC | Source = ATIeRecord | ID = 16388
Description = ATI EEU Client event error
 
Error - 21.12.2012 07:35:34 | Computer Name = Jan-PC | Source = ATIeRecord | ID = 16388
Description = ATI EEU Client event error
 
[ System Events ]
Error - 20.12.2012 20:11:41 | Computer Name = Jan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 21.12.2012 07:25:17 | Computer Name = Jan-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 21.12.2012 07:25:17 | Computer Name = Jan-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 21.12.2012 07:25:17 | Computer Name = Jan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 21.12.2012 07:29:33 | Computer Name = Jan-PC | Source = ipnathlp | ID = 34001
Description = 
 
Error - 21.12.2012 07:44:21 | Computer Name = Jan-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 21.12.2012 07:48:08 | Computer Name = Jan-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 21.12.2012 07:48:08 | Computer Name = Jan-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 21.12.2012 07:48:08 | Computer Name = Jan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 21.12.2012 07:52:30 | Computer Name = Jan-PC | Source = ipnathlp | ID = 34001
Description = 
 
 
< End of report >
         
--- --- ---

[/code]

Alt 22.12.2012, 19:54   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden - Standard

recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O33 - MountPoints2\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\Shell - "" = AutoRun
O33 - MountPoints2\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\Shell\AutoRun\command - "" = rundll32.exe url,FileProtocolHandler index.html
:Files
C:\Users\Jan\Desktop\Movie2*
C:\Users\Jan\Desktop\MBR.dat
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.12.2012, 22:55   #15
BLACKMARKET
 
recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden - Standard

recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\ not found.
File G:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\ not found.
File rundll32.exe url,FileProtocolHandler index.html not found.
========== FILES ==========
File\Folder C:\Users\Jan\Desktop\Movie2* not found.
File\Folder C:\Users\Jan\Desktop\MBR.dat not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jan\Desktop\cmd.bat deleted successfully.
C:\Users\Jan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 466069 bytes
->FireFox cache emptied: 398401217 bytes
->Flash cache emptied: 18962 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 158083581 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46424169 bytes
RecycleBin emptied: 40078 bytes
 
Total Files Cleaned = 575,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 12222012_224305

Files\Folders moved on Reboot...
File\Folder C:\Users\Jan\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
C:\Users\Jan\AppData\Local\Mozilla\Firefox\Profiles\mg2mqueh.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Jan\AppData\Local\Mozilla\Firefox\Profiles\mg2mqueh.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Jan\AppData\Local\Mozilla\Firefox\Profiles\mg2mqueh.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Jan\AppData\Local\Mozilla\Firefox\Profiles\mg2mqueh.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Jan\AppData\Local\Mozilla\Firefox\Profiles\mg2mqueh.default\_CACHE_CLEAN_ moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Antwort

Themen zu recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden
downloader, durchgeführt, escan, eset, externe festplatte, fehlermeldung, festplatte, found, installer, log, namen, nicht mehr, online, onlinescan, ordner, platte, recycler, recycler\, richtig, scan, system, version, volume, worm, youtube



Ähnliche Themen: recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden


  1. Internetverbindung weg, LAN-Netzwerkzugriff weg, Norton kann nicht mehr geöffnet werden
    Plagegeister aller Art und deren Bekämpfung - 15.07.2015 (1)
  2. Reboot and select proper Boot device - Von der Festplatte kann nicht mehr gebootet werden
    Netzwerk und Hardware - 23.10.2013 (5)
  3. Auf zweite Festplatte kann nicht mehr zugegriffen werden
    Plagegeister aller Art und deren Bekämpfung - 31.08.2013 (15)
  4. Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (40)
  5. ,,Recycler/e621ca05.exe könnte nicht gefunden werden" auf externe Festplatte
    Alles rund um Windows - 19.10.2012 (1)
  6. recycler\470a1245.exe - externe Festplatte
    Log-Analyse und Auswertung - 12.10.2012 (5)
  7. recycler 470a1245.exe nicht gefunden / Externe Festplatte
    Log-Analyse und Auswertung - 06.05.2012 (3)
  8. recycler 470a1245.exe Kann auf Ordner auf der externen Platte nicht mehr zugreifen.
    Log-Analyse und Auswertung - 06.01.2012 (1)
  9. ordner in externer festplatte nur verknüpfungen?! Windows cannot find `K: RECYCLER/ 470a1245. hilfe!
    Log-Analyse und Auswertung - 19.12.2011 (13)
  10. Keinen Zugriff auf externe Festplatte mehr [Recycle... kann nicht gefunden werden]
    Plagegeister aller Art und deren Bekämpfung - 24.05.2011 (21)
  11. Kein Bootscreen,Ordner können nicht mehr geöffnet werden und Unbekanntes Konto
    Plagegeister aller Art und deren Bekämpfung - 20.04.2011 (1)
  12. keine taskleiste mehr, ordner können nicht geöffnet werden, papierkorb bleibt nach dem löschen leer
    Alles rund um Windows - 01.03.2011 (13)
  13. Recycler konnte nicht gefunden werden, wenn man auf die Festplatte klickt?!?
    Plagegeister aller Art und deren Bekämpfung - 10.07.2009 (18)
  14. Windows kann nicht mehr geöffnet werden
    Plagegeister aller Art und deren Bekämpfung - 26.06.2009 (4)
  15. finde recycler Datei nicht/kann Ordner nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 09.06.2009 (1)
  16. Auf Festplatte kann über Arbeitsplatz nicht mehr zugegriffen werden...
    Plagegeister aller Art und deren Bekämpfung - 05.04.2009 (1)
  17. Recycler\s- ............ kann nicht geöffnet werden
    Log-Analyse und Auswertung - 21.03.2009 (16)

Zum Thema recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden - Hallo, wenn ich meine externe Festplatte anschließe kommt jedesmal eine Fehlermeldung: G:\RECYCLER\470a1245.exe" konnte nicht gefunden werden. Stellen Sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den - recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden...
Archiv
Du betrachtest: recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.