Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PUP.Adware.Agent gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.01.2013, 13:59   #1
Larifari
 
PUP.Adware.Agent gefunden - Standard

PUP.Adware.Agent gefunden



Hallo liebes Forum,

Malwarebytes hat einen Fund von PUP.Adware.Agent gemeldet.

Hier das Log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.19.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: NOTEBOOK [Administrator]

19.12.2012 22:09:57
mbam-log-2012-12-20 (00-44-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 376366
Laufzeit: 2 Stunde(n), 20 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\$Recycle.Bin\S-1-5-21-1035420632-523644624-95114637-1000\$RNTP02C.exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt.

(Ende)
         
Ich dachte eigentlich, ich hätte es in Quarantäne geschickt, aber hier steht nun keine Aktion durchgeführt... nun ja. Da die Datei anscheinend ohnehin schon gelöscht wurde, ist es ja vielleicht auch nicht so schlimm, aber da jemand ganz schlaues kurz zuvor zwei dubiose Downloader aus noch dubioseren Quellen runtergeladen hat, mache ich mir Sorgen, dass etwas ernsthaftes vorliegt. Der PC ist teilweise auch sehr langsam geworden.

Hier die OTL.txt:

Code:
ATTFilter
OTL logfile created on: 05.01.2013 13:15:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***.Notebook\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 71,13% Memory free
5,93 Gb Paging File | 5,07 Gb Available in Paging File | 85,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87,79 Gb Total Space | 37,80 Gb Free Space | 43,05% Space Free | Partition Type: NTFS
Drive D: | 210,20 Gb Total Space | 209,78 Gb Free Space | 99,80% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.05 13:14:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***.Notebook\Desktop\OTL.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe
PRC - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2011.11.21 15:12:58 | 000,745,280 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2011.11.21 15:11:58 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.03.08 23:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\pptd40nt.exe
PRC - [2010.03.08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010.03.05 19:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.07.20 10:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.13 16:06:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.05 20:51:41 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.08.03 11:37:11 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011.11.21 15:11:58 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.11.21 15:10:04 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.20 10:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.11.30 15:20:46 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130103.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.11.30 15:20:46 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130103.032\NAVENG.SYS -- (NAVENG)
DRV - [2012.10.24 00:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.09.01 01:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130103.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012.08.09 09:22:04 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.09 09:22:04 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.sys -- (SymEFA)
DRV - [2012.04.18 03:13:32 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symnets.sys -- (SymNetS)
DRV - [2012.04.18 02:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ironx86.sys -- (SymIRON)
DRV - [2012.03.26 21:08:31 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.07.25 19:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symds.sys -- (SymDS)
DRV - [2011.06.27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011.03.18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.02.24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.11.03 04:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2009.11.03 04:06:11 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009.08.23 04:06:38 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008.12.24 09:39:44 | 000,014,392 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchab.com/?aff=7&uid=330e31d1-4554-11e2-90f9-e0cb4e2f9eb4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{1BE4FFD2-9EE7-424E-BE06-0353009DE649}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchab.com/?aff=7&uid=330e31d1-4554-11e2-90f9-e0cb4e2f9eb4
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 1E 1E E2 B9 E2 CA 01  [binary data]
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://searchab.com/?aff=7&uid=330e31d1-4554-11e2-90f9-e0cb4e2f9eb4&q={searchTerms}
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\..\SearchScopes\{1BE4FFD2-9EE7-424E-BE06-0353009DE649}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\..\SearchScopes\{61ED4CE0-C37F-4980-BD51-F9FC25A394FC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1035420632-523644624-95114637-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://searchab.com/?aff=7&uid=330e31d1-4554-11e2-90f9-e0cb4e2f9eb4"
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: passhash%40mozilla.wijjo.com:1.1.7
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B8b86149f-01fb-4842-9dd8-4d7eb02fd055%7D:0.24
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: passhash@mozilla.wijjo.com:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "https://www.startpage.com/do/search?language=deutsch&cat=web&query="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.02.09 15:15:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013.01.05 13:09:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 20:51:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.05 20:51:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.09 19:29:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 20:51:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.05 20:51:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.09 19:29:14 | 000,000,000 | ---D | M]
 
[2010.05.09 06:43:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.12.13 19:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\28m9fi33.default\extensions
[2012.12.12 17:49:22 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\28m9fi33.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2012.09.21 12:27:03 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\28m9fi33.default\extensions\firefox@ghostery.com
[2012.01.03 21:32:26 | 000,000,000 | ---D | M] ("Password Hasher") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\28m9fi33.default\extensions\passhash@mozilla.wijjo.com
[2012.12.13 19:41:53 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\28m9fi33.default\extensions\plugin@yontoo.com
[2012.12.13 19:41:30 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\28m9fi33.default\extensions\torntv@torntv.com.xpi
[2012.11.24 08:51:04 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\28m9fi33.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.24 20:05:23 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\28m9fi33.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.01.02 16:35:17 | 000,005,492 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\28m9fi33.default\searchplugins\startpage-https---deutsch.xml
[2010.11.06 08:42:18 | 000,002,057 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\28m9fi33.default\searchplugins\youtube-videosuche.xml
[2012.12.05 20:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.05 20:51:41 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.10.23 14:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.07.20 14:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 19:17:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.20 14:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.20 14:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.20 14:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.20 14:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKU\S-1-5-21-1035420632-523644624-95114637-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{668BCE03-5360-45EA-9F4F-130635770D80}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0583150-AF4C-4A65-A56E-E06FB610DB09}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3d3a8093-ef15-11df-b258-e0cb4e2f9eb4}\Shell - "" = AutoRun
O33 - MountPoints2\{3d3a8093-ef15-11df-b258-e0cb4e2f9eb4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{a7109762-7028-11e0-a3c3-e0cb4e2f9eb4}\Shell - "" = AutoRun
O33 - MountPoints2\{a7109762-7028-11e0-a3c3-e0cb4e2f9eb4}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.13 19:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012.12.13 19:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.12.13 19:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.12.13 19:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012.12.09 19:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.05 13:15:57 | 000,015,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.05 13:15:57 | 000,015,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.05 13:14:25 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.05 13:08:37 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.05 13:08:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.05 13:08:21 | 2388,459,520 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.04 18:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.04 17:58:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.03 12:09:47 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.03 12:09:47 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.03 12:09:47 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.03 12:09:47 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.03 09:15:34 | 000,587,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.01.05 13:14:25 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.10.31 21:56:38 | 000,007,598 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.08.24 12:05:19 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2012.08.22 14:13:52 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.08.22 14:13:52 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.08.22 14:08:45 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012.08.22 14:08:40 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012.08.22 14:08:39 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2012.06.20 16:00:51 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.06 07:26:31 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.01.19 08:32:17 | 000,001,940 | ---- | C] () -- C:\Users\***\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.09.16 09:13:35 | 003,434,606 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.04.16 17:35:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Academic Software Zurich
[2012.09.02 14:22:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.04.16 17:24:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2012.11.30 20:09:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance
[2012.12.13 21:21:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.04.17 10:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.11.25 16:45:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012.11.30 20:09:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
[2012.11.06 22:32:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2012.11.07 11:00:03 | 000,000,000 | ---D | M] -- C:\Users\***.Notebook\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 05.01.2013 13:15:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***.Notebook\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 71,13% Memory free
5,93 Gb Paging File | 5,07 Gb Available in Paging File | 85,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87,79 Gb Total Space | 37,80 Gb Free Space | 43,05% Space Free | Partition Type: NTFS
Drive D: | 210,20 Gb Total Space | 209,78 Gb Free Space | 99,80% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-1035420632-523644624-95114637-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006674C1-DF11-4342-A758-FF6FFD18AF3C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{106DC723-8B41-4352-A5B8-2D362B9F6EF5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{14FDD1C6-368A-4E62-A5FA-E32ACA4E6678}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{21D7C4B2-1DF7-495F-BBF1-A255271B2421}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{24FDE669-0DBA-46E8-8690-4E1D2F521F45}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2C0B2E44-2F62-458F-8576-1157A4B8A3EA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{32A9637A-2972-4F23-B500-08FAFE8D4EB3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3346C36D-D3A1-4AB3-98F6-5463334FAD00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3AA3BC7A-6E5B-420E-BE41-9DC90008350B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3E8416B2-0B1A-4826-A543-E45950C2827F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6072A34E-FA68-4516-A994-D447A5B22F78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6BCFF28D-E3E8-41EC-8F02-E05C1B29BBCE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{71DFA0EB-0F1D-4DC2-9E26-77A5C2B9BC26}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{786995A9-FE6F-40B4-93EA-396820067B17}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7FD95EC8-CD60-40F3-9300-D78B55981DB7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{94135ED9-31D2-4834-B2D1-9C398A0E1B83}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B65DE6B8-B1D8-4AE4-BFFD-3DDBF97705B5}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B9E4B7CD-49F9-4C8F-8B3C-EB46D04C928F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D39E382F-9DF2-4097-9FE6-08A9925FE4D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D6CD4DE4-4B8A-4687-BB2D-3DEC7E1196E7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D853B818-4670-4EDD-836E-B9007668BE4D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E1982B16-0419-4DE2-BBEE-C76EA2F58A81}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{F0867DC8-0CC9-4A03-9125-B5D616A45A7A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FE339C4B-09E5-4078-959F-8188677A17CF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FF61CA79-1252-4244-A0DF-0142E83C932A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F54E3A-513B-4FFB-87B6-603427585C38}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{0A0E5893-A7A3-49C4-A0D3-A87D3F5C46F3}" = protocol=6 | dir=out | app=system | 
"{1298D642-3910-407D-AB52-6268EC0A32F3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{135EB972-3DC2-454F-BBB5-5C128CF3EF49}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1D4EFC39-17D9-4958-A436-3C6155ADC78C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3E45896F-4E81-41BE-85C1-64A932E3DCAE}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{482BC0FA-824A-41A6-BBED-4E6EB37966E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{52FA44A3-CCC6-4118-B0E5-7C645E58BD0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5662CDF9-4CC9-4BDF-A11D-F1C692F49FA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5D01F174-7650-4E1A-A281-3F18ABAF56A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{632715A6-AACB-49A0-9593-80DCABA8BBF7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6337C4E8-7354-4646-B613-347E1C890673}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{691F3E24-8548-451D-B131-849F97969D76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7435AFB5-28D7-415D-9C51-7841A58988CC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7D1B14DA-393B-4E36-AA38-7C393E9B6B21}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{7E7E03B7-D1BD-4E0B-8C94-D1114D07D583}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3E1DD9E-2566-4E64-9C22-E8E7662F9E5D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B75F2C55-1212-4F4A-9542-2348820D2780}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BD383B9F-CF03-4CE3-8B77-FA4FA44B0A90}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C0ADA4A5-41C2-4F7E-AB5F-208BC88C3984}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CE900748-E609-4BE4-A78E-3FE0C14DB13E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D5EEBAF6-CB59-47DE-9375-F83CC4120660}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EE5013D8-FB68-4CB7-8C13-3456922CA38E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FDE2A660-969C-4B40-9BE2-0163DD45BA84}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{FE296D27-753D-412E-A91E-A06931436797}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02680f40-02bf-4b66-8f01-0128f8a1b199}" = Nero 9 Essentials
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SpeedFan" = SpeedFan (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities" = TuneUp Utilities
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.09.2011 16:39:43 | Computer Name = Notebook | Source = System Restore | ID = 8193
Description = 
 
Error - 15.09.2011 16:49:56 | Computer Name = Notebook | Source = VSS | ID = 12289
Description = 
 
Error - 15.09.2011 16:49:56 | Computer Name = Notebook | Source = System Restore | ID = 8193
Description = 
 
Error - 15.09.2011 17:00:33 | Computer Name = Notebook | Source = System Restore | ID = 8193
Description = 
 
Error - 15.09.2011 17:06:38 | Computer Name = Notebook | Source = System Restore | ID = 8193
Description = 
 
Error - 15.09.2011 17:06:38 | Computer Name = Notebook | Source = System Restore | ID = 8211
Description = 
 
Error - 24.02.2012 06:03:41 | Computer Name = Notebook | Source = Application Hang | ID = 1002
Description = Programm Picasa3.exe, Version 3.8.117.43 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 5b8c    Startzeit:
 01ccf2db3ea3a559    Endzeit: 6    Anwendungspfad: C:\Program Files\Google\Picasa3\Picasa3.exe

Berichts-ID:
 cf8eefa3-5ece-11e1-9008-00f1d000f1d0  
 
Error - 11.04.2012 03:33:53 | Computer Name = Notebook | Source = System Restore | ID = 8193
Description = 
 
Error - 11.04.2012 03:33:53 | Computer Name = Notebook | Source = System Restore | ID = 8211
Description = 
 
Error - 12.04.2012 00:02:22 | Computer Name = Notebook | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
[ System Events ]
Error - 30.11.2012 10:14:19 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 30.11.2012 10:14:19 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 30.11.2012 10:14:20 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 30.11.2012 10:14:20 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 13.12.2012 12:20:04 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 13.12.2012 12:20:04 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 13.12.2012 12:20:05 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 13.12.2012 12:20:05 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 13.12.2012 12:20:06 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 19.12.2012 17:28:04 | Computer Name = Notebook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst NIS erreicht.
 
 
< End of report >
         
Und die gmer.txt:

Code:
ATTFilter
GMER 2.0.18327 - hxxp://www.gmer.net
Rootkit scan 2013-01-05 13:59:48
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545032B9A300 rev.PB3OC60N 298,09GB
Running: zkg7embo.exe; Driver: C:\Users\***\AppData\Local\Temp\kwldqpow.sys


---- System - GMER 2.0 ----

SSDT   86D949A0                                  ZwAlertResumeThread
SSDT   86D94A80                                  ZwAlertThread
SSDT   86D93CD8                                  ZwAllocateVirtualMemory
SSDT   865FD290                                  ZwAlpcConnectPort
SSDT   86D96D68                                  ZwAssignProcessToJobObject
SSDT   86D946F0                                  ZwCreateMutant
SSDT   86D96A88                                  ZwCreateSymbolicLinkObject
SSDT   86D8E4A8                                  ZwCreateThread
SSDT   86D96B78                                  ZwCreateThreadEx
SSDT   86D96E48                                  ZwDebugActiveProcess
SSDT   86D93EA8                                  ZwDuplicateObject
SSDT   86D93A90                                  ZwFreeVirtualMemory
SSDT   86D947E0                                  ZwImpersonateAnonymousToken
SSDT   86D948C0                                  ZwImpersonateThread
SSDT   865EDC00                                  ZwLoadDriver
SSDT   86D93990                                  ZwMapViewOfSection
SSDT   86D94610                                  ZwOpenEvent
SSDT   86D8E390                                  ZwOpenProcess
SSDT   86D93DC8                                  ZwOpenProcessToken
SSDT   86D94450                                  ZwOpenSection
SSDT   86D8E2C0                                  ZwOpenThread
SSDT   86D96C78                                  ZwProtectVirtualMemory
SSDT   86D94B60                                  ZwResumeThread
SSDT   86D94E00                                  ZwSetContextThread
SSDT   86D94EE0                                  ZwSetInformationProcess
SSDT   86D96F28                                  ZwSetSystemInformation
SSDT   86D94530                                  ZwSuspendProcess
SSDT   86D94C40                                  ZwSuspendThread
SSDT   86D8E588                                  ZwTerminateProcess
SSDT   86D94D20                                  ZwTerminateThread
SSDT   86D94FD0                                  ZwUnmapViewOfSection
SSDT   86D93B80                                  ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D  82C4FA49 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2    82C894D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10DB       82C90510 8 Bytes  [A0, 49, D9, 86, 80, 4A, D9, ...]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10F3       82C90528 4 Bytes  [D8, 3C, D9, 86]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10FF       82C90534 4 Bytes  [90, D2, 5F, 86] {NOP ; RCR BYTE [EDI-0x7a], CL}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1153       82C90588 4 Bytes  [68, 6D, D9, 86]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11CF       82C90604 4 Bytes  [F0, 46, D9, 86]
.text  ...                                       

---- EOF - GMER 2.0 ----
         
Vielen Dank schon mal im Voraus!

Alt 05.01.2013, 14:05   #2
markusg
/// Malware-holic
 
PUP.Adware.Agent gefunden - Standard

PUP.Adware.Agent gefunden



Hi
gab oder gibt es Probleme mit dem Gerät?
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________

__________________

Alt 05.01.2013, 14:13   #3
Larifari
 
PUP.Adware.Agent gefunden - Standard

PUP.Adware.Agent gefunden



Manchmal fährt er sehr langsam hoch, sonst ist mir nichts aufgefallen.

Code:
ATTFilter
15:10:46.0933 3240  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:10:47.0413 3240  ============================================================
15:10:47.0413 3240  Current date / time: 2013/01/05 15:10:47.0413
15:10:47.0413 3240  SystemInfo:
15:10:47.0413 3240  
15:10:47.0413 3240  OS Version: 6.1.7601 ServicePack: 1.0
15:10:47.0413 3240  Product type: Workstation
15:10:47.0413 3240  ComputerName: NOTEBOOK
15:10:47.0413 3240  UserName: ***
15:10:47.0413 3240  Windows directory: C:\Windows
15:10:47.0413 3240  System windows directory: C:\Windows
15:10:47.0413 3240  Processor architecture: Intel x86
15:10:47.0413 3240  Number of processors: 2
15:10:47.0413 3240  Page size: 0x1000
15:10:47.0413 3240  Boot type: Normal boot
15:10:47.0413 3240  ============================================================
15:10:48.0923 3240  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:10:48.0933 3240  ============================================================
15:10:48.0933 3240  \Device\Harddisk0\DR0:
15:10:48.0933 3240  MBR partitions:
15:10:48.0933 3240  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:10:48.0933 3240  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAF96000
15:10:48.0933 3240  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAFC8800, BlocksNum 0x1A465000
15:10:48.0933 3240  ============================================================
15:10:49.0073 3240  C: <-> \Device\Harddisk0\DR0\Partition2
15:10:49.0103 3240  D: <-> \Device\Harddisk0\DR0\Partition3
15:10:49.0103 3240  ============================================================
15:10:49.0103 3240  Initialize success
15:10:49.0103 3240  ============================================================
15:11:16.0731 0948  ============================================================
15:11:16.0731 0948  Scan started
15:11:16.0731 0948  Mode: Manual; SigCheck; TDLFS; 
15:11:16.0731 0948  ============================================================
15:11:17.0339 0948  ================ Scan system memory ========================
15:11:17.0339 0948  System memory - ok
15:11:17.0339 0948  ================ Scan services =============================
15:11:17.0495 0948  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:11:17.0620 0948  1394ohci - ok
15:11:17.0667 0948  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:11:17.0682 0948  ACPI - ok
15:11:17.0729 0948  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:11:17.0760 0948  AcpiPmi - ok
15:11:17.0885 0948  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:11:17.0916 0948  AdobeARMservice - ok
15:11:17.0994 0948  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:11:18.0026 0948  AdobeFlashPlayerUpdateSvc - ok
15:11:18.0088 0948  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:11:18.0104 0948  adp94xx - ok
15:11:18.0119 0948  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:11:18.0150 0948  adpahci - ok
15:11:18.0166 0948  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:11:18.0182 0948  adpu320 - ok
15:11:18.0213 0948  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:11:18.0260 0948  AeLookupSvc - ok
15:11:18.0338 0948  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
15:11:18.0369 0948  AFD - ok
15:11:18.0416 0948  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
15:11:18.0431 0948  agp440 - ok
15:11:18.0462 0948  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
15:11:18.0478 0948  aic78xx - ok
15:11:18.0494 0948  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
15:11:18.0525 0948  ALG - ok
15:11:18.0540 0948  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:11:18.0556 0948  aliide - ok
15:11:18.0572 0948  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:11:18.0587 0948  amdagp - ok
15:11:18.0618 0948  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:11:18.0634 0948  amdide - ok
15:11:18.0665 0948  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:11:18.0696 0948  AmdK8 - ok
15:11:18.0696 0948  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:11:18.0743 0948  AmdPPM - ok
15:11:18.0790 0948  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:11:18.0806 0948  amdsata - ok
15:11:18.0821 0948  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:11:18.0837 0948  amdsbs - ok
15:11:18.0868 0948  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:11:18.0884 0948  amdxata - ok
15:11:18.0930 0948  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
15:11:18.0977 0948  AppID - ok
15:11:19.0024 0948  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:11:19.0086 0948  AppIDSvc - ok
15:11:19.0149 0948  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
15:11:19.0196 0948  Appinfo - ok
15:11:19.0242 0948  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:11:19.0289 0948  AppMgmt - ok
15:11:19.0320 0948  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:11:19.0336 0948  arc - ok
15:11:19.0352 0948  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:11:19.0367 0948  arcsas - ok
15:11:19.0398 0948  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:11:19.0445 0948  AsyncMac - ok
15:11:19.0476 0948  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
15:11:19.0508 0948  atapi - ok
15:11:19.0601 0948  [ 31CB2740BFDBAC1E48E2B7EAD38F0D27 ] athr            C:\Windows\system32\DRIVERS\athr.sys
15:11:19.0674 0948  athr - ok
15:11:19.0774 0948  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:11:19.0844 0948  AudioEndpointBuilder - ok
15:11:19.0884 0948  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:11:19.0933 0948  Audiosrv - ok
15:11:20.0000 0948  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:11:20.0042 0948  AxInstSV - ok
15:11:20.0125 0948  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
15:11:20.0166 0948  b06bdrv - ok
15:11:20.0215 0948  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:11:20.0238 0948  b57nd60x - ok
15:11:20.0360 0948  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
15:11:20.0384 0948  BBSvc - ok
15:11:20.0430 0948  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
15:11:20.0450 0948  BBUpdate - ok
15:11:20.0470 0948  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:11:20.0510 0948  BDESVC - ok
15:11:20.0540 0948  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:11:20.0600 0948  Beep - ok
15:11:20.0670 0948  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
15:11:20.0720 0948  BFE - ok
15:11:20.0950 0948  [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx86.sys
15:11:21.0000 0948  BHDrvx86 - ok
15:11:21.0060 0948  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
15:11:21.0100 0948  BITS - ok
15:11:21.0120 0948  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:11:21.0150 0948  blbdrive - ok
15:11:21.0190 0948  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:11:21.0220 0948  bowser - ok
15:11:21.0240 0948  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:11:21.0280 0948  BrFiltLo - ok
15:11:21.0290 0948  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:11:21.0350 0948  BrFiltUp - ok
15:11:21.0410 0948  [ D3FACB34FFF5DB91ADB70987838F8BA7 ] Brother XP spl Service C:\Windows\system32\brsvc01a.exe
15:11:21.0430 0948  Brother XP spl Service ( UnsignedFile.Multi.Generic ) - warning
15:11:21.0430 0948  Brother XP spl Service - detected UnsignedFile.Multi.Generic (1)
15:11:21.0470 0948  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
15:11:21.0500 0948  Browser - ok
15:11:21.0570 0948  [ 9F80879913DC2712FD0C4D734E3F519B ] BrSerIb         C:\Windows\system32\DRIVERS\BrSerIb.sys
15:11:21.0600 0948  BrSerIb ( UnsignedFile.Multi.Generic ) - warning
15:11:21.0600 0948  BrSerIb - detected UnsignedFile.Multi.Generic (1)
15:11:21.0630 0948  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:11:21.0670 0948  Brserid - ok
15:11:21.0690 0948  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:11:21.0710 0948  BrSerWdm - ok
15:11:21.0725 0948  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:11:21.0741 0948  BrUsbMdm - ok
15:11:21.0756 0948  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:11:21.0788 0948  BrUsbSer - ok
15:11:21.0819 0948  [ B67512DA42C0C90BF236D5485226C1C7 ] BrUsbSIb        C:\Windows\system32\DRIVERS\BrUsbSIb.sys
15:11:21.0834 0948  BrUsbSIb ( UnsignedFile.Multi.Generic ) - warning
15:11:21.0834 0948  BrUsbSIb - detected UnsignedFile.Multi.Generic (1)
15:11:21.0850 0948  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:11:21.0897 0948  BTHMODEM - ok
15:11:21.0928 0948  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
15:11:21.0975 0948  bthserv - ok
15:11:22.0115 0948  [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS       C:\Windows\system32\drivers\NIS\1309000.009\ccSetx86.sys
15:11:22.0131 0948  ccSet_NIS - ok
15:11:22.0162 0948  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:11:22.0209 0948  cdfs - ok
15:11:22.0271 0948  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
15:11:22.0287 0948  cdrom - ok
15:11:22.0334 0948  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:11:22.0380 0948  CertPropSvc - ok
15:11:22.0396 0948  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:11:22.0427 0948  circlass - ok
15:11:22.0458 0948  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
15:11:22.0474 0948  CLFS - ok
15:11:22.0552 0948  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:11:22.0583 0948  clr_optimization_v2.0.50727_32 - ok
15:11:22.0661 0948  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:11:22.0692 0948  clr_optimization_v4.0.30319_32 - ok
15:11:22.0708 0948  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:11:22.0724 0948  CmBatt - ok
15:11:22.0739 0948  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:11:22.0755 0948  cmdide - ok
15:11:22.0802 0948  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:11:22.0833 0948  CNG - ok
15:11:22.0864 0948  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:11:22.0880 0948  Compbatt - ok
15:11:22.0926 0948  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:11:22.0973 0948  CompositeBus - ok
15:11:22.0989 0948  COMSysApp - ok
15:11:23.0020 0948  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:11:23.0036 0948  crcdisk - ok
15:11:23.0082 0948  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:11:23.0129 0948  CryptSvc - ok
15:11:23.0160 0948  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
15:11:23.0192 0948  CSC - ok
15:11:23.0223 0948  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
15:11:23.0254 0948  CscService - ok
15:11:23.0301 0948  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:11:23.0348 0948  DcomLaunch - ok
15:11:23.0379 0948  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:11:23.0426 0948  defragsvc - ok
15:11:23.0457 0948  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:11:23.0535 0948  DfsC - ok
15:11:23.0613 0948  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:11:23.0675 0948  Dhcp - ok
15:11:23.0691 0948  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
15:11:23.0738 0948  discache - ok
15:11:23.0769 0948  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:11:23.0784 0948  Disk - ok
15:11:23.0831 0948  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:11:23.0878 0948  Dnscache - ok
15:11:23.0925 0948  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:11:23.0972 0948  dot3svc - ok
15:11:24.0018 0948  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
15:11:24.0096 0948  DPS - ok
15:11:24.0143 0948  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:11:24.0174 0948  drmkaud - ok
15:11:24.0237 0948  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:11:24.0268 0948  DXGKrnl - ok
15:11:24.0299 0948  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
15:11:24.0346 0948  EapHost - ok
15:11:24.0455 0948  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
15:11:24.0533 0948  ebdrv - ok
15:11:24.0611 0948  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:11:24.0658 0948  eeCtrl - ok
15:11:24.0689 0948  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
15:11:24.0720 0948  EFS - ok
15:11:24.0798 0948  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:11:24.0830 0948  ehRecvr - ok
15:11:24.0861 0948  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
15:11:24.0892 0948  ehSched - ok
15:11:24.0954 0948  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:11:24.0986 0948  elxstor - ok
15:11:25.0048 0948  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:11:25.0064 0948  EraserUtilRebootDrv - ok
15:11:25.0095 0948  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:11:25.0126 0948  ErrDev - ok
15:11:25.0157 0948  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
15:11:25.0204 0948  EventSystem - ok
15:11:25.0235 0948  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
15:11:25.0344 0948  exfat - ok
15:11:25.0407 0948  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:11:25.0516 0948  fastfat - ok
15:11:25.0578 0948  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
15:11:25.0641 0948  Fax - ok
15:11:25.0672 0948  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:11:25.0688 0948  fdc - ok
15:11:25.0719 0948  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
15:11:25.0766 0948  fdPHost - ok
15:11:25.0781 0948  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
15:11:25.0812 0948  FDResPub - ok
15:11:25.0844 0948  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:11:25.0859 0948  FileInfo - ok
15:11:25.0890 0948  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:11:25.0937 0948  Filetrace - ok
15:11:25.0953 0948  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:11:25.0984 0948  flpydisk - ok
15:11:26.0015 0948  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:11:26.0031 0948  FltMgr - ok
15:11:26.0078 0948  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
15:11:26.0124 0948  FontCache - ok
15:11:26.0202 0948  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:11:26.0218 0948  FontCache3.0.0.0 - ok
15:11:26.0234 0948  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:11:26.0249 0948  FsDepends - ok
15:11:26.0312 0948  [ D909075FA72C090F27AA926C32CB4612 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
15:11:26.0343 0948  fssfltr - ok
15:11:26.0452 0948  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:11:26.0499 0948  fsssvc - ok
15:11:26.0546 0948  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:11:26.0561 0948  Fs_Rec - ok
15:11:26.0608 0948  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:11:26.0655 0948  fvevol - ok
15:11:26.0686 0948  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:11:26.0702 0948  gagp30kx - ok
15:11:26.0811 0948  [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio          C:\Windows\system32\giveio.sys
15:11:26.0826 0948  giveio ( UnsignedFile.Multi.Generic ) - warning
15:11:26.0826 0948  giveio - detected UnsignedFile.Multi.Generic (1)
15:11:26.0889 0948  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:11:26.0951 0948  gpsvc - ok
15:11:27.0092 0948  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:11:27.0123 0948  gupdate - ok
15:11:27.0138 0948  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:11:27.0170 0948  gupdatem - ok
15:11:27.0201 0948  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:11:27.0232 0948  gusvc - ok
15:11:27.0248 0948  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:11:27.0279 0948  hcw85cir - ok
15:11:27.0326 0948  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:11:27.0388 0948  HdAudAddService - ok
15:11:27.0435 0948  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:11:27.0482 0948  HDAudBus - ok
15:11:27.0513 0948  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:11:27.0544 0948  HidBatt - ok
15:11:27.0575 0948  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:11:27.0591 0948  HidBth - ok
15:11:27.0622 0948  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:11:27.0653 0948  HidIr - ok
15:11:27.0684 0948  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
15:11:27.0762 0948  hidserv - ok
15:11:27.0872 0948  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:11:27.0903 0948  HidUsb - ok
15:11:27.0965 0948  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:11:28.0028 0948  hkmsvc - ok
15:11:28.0043 0948  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:11:28.0074 0948  HomeGroupListener - ok
15:11:28.0121 0948  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:11:28.0184 0948  HomeGroupProvider - ok
15:11:28.0230 0948  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:11:28.0262 0948  HpSAMD - ok
15:11:28.0324 0948  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:11:28.0355 0948  HTTP - ok
15:11:28.0371 0948  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:11:28.0386 0948  hwpolicy - ok
15:11:28.0433 0948  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:11:28.0480 0948  i8042prt - ok
15:11:28.0542 0948  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:11:28.0558 0948  iaStorV - ok
15:11:28.0652 0948  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:11:28.0698 0948  idsvc - ok
15:11:28.0808 0948  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130104.001\IDSvix86.sys
15:11:28.0839 0948  IDSVix86 - ok
15:11:29.0135 0948  [ DCE0B53570703CCE580D066F89EF58CD ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
15:11:29.0338 0948  igfx - ok
15:11:29.0385 0948  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:11:29.0400 0948  iirsp - ok
15:11:29.0447 0948  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:11:29.0513 0948  IKEEXT - ok
15:11:29.0563 0948  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:11:29.0583 0948  intelide - ok
15:11:29.0613 0948  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:11:29.0653 0948  intelppm - ok
15:11:29.0673 0948  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:11:29.0703 0948  IPBusEnum - ok
15:11:29.0723 0948  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:11:29.0763 0948  IpFilterDriver - ok
15:11:29.0803 0948  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:11:29.0863 0948  iphlpsvc - ok
15:11:29.0913 0948  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:11:29.0943 0948  IPMIDRV - ok
15:11:29.0963 0948  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:11:30.0013 0948  IPNAT - ok
15:11:30.0043 0948  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:11:30.0063 0948  IRENUM - ok
15:11:30.0083 0948  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:11:30.0093 0948  isapnp - ok
15:11:30.0133 0948  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:11:30.0153 0948  iScsiPrt - ok
15:11:30.0183 0948  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:11:30.0203 0948  kbdclass - ok
15:11:30.0223 0948  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:11:30.0253 0948  kbdhid - ok
15:11:30.0273 0948  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
15:11:30.0293 0948  KeyIso - ok
15:11:30.0333 0948  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:11:30.0353 0948  KSecDD - ok
15:11:30.0373 0948  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:11:30.0393 0948  KSecPkg - ok
15:11:30.0413 0948  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:11:30.0463 0948  KtmRm - ok
15:11:30.0503 0948  [ F7CDABA15C7E853F0A11AF6D77FCA990 ] L1E             C:\Windows\system32\DRIVERS\L1E62x86.sys
15:11:30.0543 0948  L1E - ok
15:11:30.0613 0948  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:11:30.0653 0948  LanmanServer - ok
15:11:30.0703 0948  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:11:30.0763 0948  LanmanWorkstation - ok
15:11:30.0813 0948  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:11:30.0853 0948  lltdio - ok
15:11:30.0913 0948  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:11:30.0983 0948  lltdsvc - ok
15:11:30.0993 0948  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:11:31.0033 0948  lmhosts - ok
15:11:31.0073 0948  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:11:31.0093 0948  LSI_FC - ok
15:11:31.0113 0948  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:11:31.0123 0948  LSI_SAS - ok
15:11:31.0163 0948  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:11:31.0183 0948  LSI_SAS2 - ok
15:11:31.0203 0948  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:11:31.0213 0948  LSI_SCSI - ok
15:11:31.0233 0948  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
15:11:31.0263 0948  luafv - ok
15:11:31.0343 0948  [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
15:11:31.0363 0948  McComponentHostService - ok
15:11:31.0393 0948  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:11:31.0413 0948  Mcx2Svc - ok
15:11:31.0443 0948  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:11:31.0453 0948  megasas - ok
15:11:31.0483 0948  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:11:31.0503 0948  MegaSR - ok
15:11:31.0523 0948  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
15:11:31.0558 0948  MMCSS - ok
15:11:31.0590 0948  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
15:11:31.0621 0948  Modem - ok
15:11:31.0668 0948  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:11:31.0683 0948  monitor - ok
15:11:31.0730 0948  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:11:31.0746 0948  mouclass - ok
15:11:31.0777 0948  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:11:31.0808 0948  mouhid - ok
15:11:31.0839 0948  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:11:31.0855 0948  mountmgr - ok
15:11:31.0948 0948  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:11:31.0980 0948  MozillaMaintenance - ok
15:11:32.0011 0948  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:11:32.0026 0948  mpio - ok
15:11:32.0058 0948  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:11:32.0104 0948  mpsdrv - ok
15:11:32.0151 0948  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:11:32.0198 0948  MpsSvc - ok
15:11:32.0234 0948  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:11:32.0264 0948  MRxDAV - ok
15:11:32.0284 0948  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:11:32.0304 0948  mrxsmb - ok
15:11:32.0364 0948  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:11:32.0404 0948  mrxsmb10 - ok
15:11:32.0444 0948  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:11:32.0474 0948  mrxsmb20 - ok
15:11:32.0504 0948  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
15:11:32.0524 0948  msahci - ok
15:11:32.0544 0948  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:11:32.0564 0948  msdsm - ok
15:11:32.0584 0948  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
15:11:32.0614 0948  MSDTC - ok
15:11:32.0654 0948  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:11:32.0684 0948  Msfs - ok
15:11:32.0694 0948  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:11:32.0734 0948  mshidkmdf - ok
15:11:32.0764 0948  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:11:32.0794 0948  msisadrv - ok
15:11:32.0834 0948  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:11:32.0924 0948  MSiSCSI - ok
15:11:32.0934 0948  msiserver - ok
15:11:32.0964 0948  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:11:33.0004 0948  MSKSSRV - ok
15:11:33.0024 0948  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:11:33.0064 0948  MSPCLOCK - ok
15:11:33.0084 0948  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:11:33.0134 0948  MSPQM - ok
15:11:33.0154 0948  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:11:33.0174 0948  MsRPC - ok
15:11:33.0214 0948  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:11:33.0224 0948  mssmbios - ok
15:11:33.0264 0948  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:11:33.0294 0948  MSTEE - ok
15:11:33.0314 0948  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:11:33.0344 0948  MTConfig - ok
15:11:33.0374 0948  [ BB16693616427EAC1A436E106EA8D318 ] MTsensor        C:\Windows\system32\DRIVERS\ATKACPI.sys
15:11:33.0394 0948  MTsensor - ok
15:11:33.0404 0948  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:11:33.0414 0948  Mup - ok
15:11:33.0464 0948  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
15:11:33.0534 0948  napagent - ok
15:11:33.0594 0948  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:11:33.0614 0948  NativeWifiP - ok
15:11:33.0704 0948  [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130104.032\NAVENG.SYS
15:11:33.0724 0948  NAVENG - ok
15:11:33.0794 0948  [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130104.032\NAVEX15.SYS
15:11:33.0834 0948  NAVEX15 - ok
15:11:33.0934 0948  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:11:33.0974 0948  NDIS - ok
15:11:34.0004 0948  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:11:34.0064 0948  NdisCap - ok
15:11:34.0094 0948  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:11:34.0134 0948  NdisTapi - ok
15:11:34.0164 0948  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:11:34.0194 0948  Ndisuio - ok
15:11:34.0224 0948  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:11:34.0264 0948  NdisWan - ok
15:11:34.0294 0948  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:11:34.0344 0948  NDProxy - ok
15:11:34.0444 0948  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:11:34.0494 0948  Nero BackItUp Scheduler 4.0 - ok
15:11:34.0524 0948  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:11:34.0564 0948  NetBIOS - ok
15:11:34.0614 0948  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:11:34.0655 0948  NetBT - ok
15:11:34.0670 0948  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
15:11:34.0686 0948  Netlogon - ok
15:11:34.0733 0948  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
15:11:34.0764 0948  Netman - ok
15:11:34.0795 0948  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
15:11:34.0842 0948  netprofm - ok
15:11:34.0889 0948  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:11:34.0904 0948  NetTcpPortSharing - ok
15:11:34.0936 0948  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:11:34.0951 0948  nfrd960 - ok
15:11:35.0060 0948  [ F2840DBFE9322F35557219AE82CC4597 ] NIS             C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
15:11:35.0092 0948  NIS - ok
15:11:35.0138 0948  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:11:35.0201 0948  NlaSvc - ok
15:11:35.0232 0948  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:11:35.0279 0948  Npfs - ok
15:11:35.0310 0948  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
15:11:35.0341 0948  nsi - ok
15:11:35.0357 0948  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:11:35.0388 0948  nsiproxy - ok
15:11:35.0450 0948  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:11:35.0497 0948  Ntfs - ok
15:11:35.0513 0948  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
15:11:35.0575 0948  Null - ok
15:11:35.0638 0948  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:11:35.0653 0948  nvraid - ok
15:11:35.0684 0948  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:11:35.0700 0948  nvstor - ok
15:11:35.0731 0948  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:11:35.0747 0948  nv_agp - ok
15:11:35.0840 0948  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:11:35.0872 0948  odserv - ok
15:11:35.0918 0948  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:11:35.0934 0948  ohci1394 - ok
15:11:35.0965 0948  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:11:35.0981 0948  ose - ok
15:11:36.0012 0948  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:11:36.0043 0948  p2pimsvc - ok
15:11:36.0074 0948  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:11:36.0121 0948  p2psvc - ok
15:11:36.0137 0948  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:11:36.0168 0948  Parport - ok
15:11:36.0199 0948  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:11:36.0215 0948  partmgr - ok
15:11:36.0230 0948  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
15:11:36.0262 0948  Parvdm - ok
15:11:36.0293 0948  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:11:36.0308 0948  PcaSvc - ok
15:11:36.0340 0948  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
15:11:36.0371 0948  pci - ok
15:11:36.0386 0948  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
15:11:36.0402 0948  pciide - ok
15:11:36.0433 0948  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:11:36.0449 0948  pcmcia - ok
15:11:36.0464 0948  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
15:11:36.0480 0948  pcw - ok
15:11:36.0574 0948  [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
15:11:36.0589 0948  PDFProFiltSrvPP - ok
15:11:36.0620 0948  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:11:36.0667 0948  PEAUTH - ok
15:11:36.0714 0948  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:11:36.0776 0948  PeerDistSvc - ok
15:11:36.0854 0948  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
15:11:36.0932 0948  pla - ok
15:11:37.0026 0948  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:11:37.0057 0948  PlugPlay - ok
15:11:37.0088 0948  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:11:37.0135 0948  PNRPAutoReg - ok
15:11:37.0151 0948  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:11:37.0166 0948  PNRPsvc - ok
15:11:37.0213 0948  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:11:37.0276 0948  PolicyAgent - ok
15:11:37.0307 0948  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
15:11:37.0338 0948  Power - ok
15:11:37.0369 0948  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:11:37.0416 0948  PptpMiniport - ok
15:11:37.0432 0948  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:11:37.0463 0948  Processor - ok
15:11:37.0510 0948  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
15:11:37.0541 0948  ProfSvc - ok
15:11:37.0556 0948  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:11:37.0572 0948  ProtectedStorage - ok
15:11:37.0603 0948  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:11:37.0634 0948  Psched - ok
15:11:37.0697 0948  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
15:11:37.0728 0948  PSI - ok
15:11:37.0775 0948  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:11:37.0822 0948  ql2300 - ok
15:11:37.0837 0948  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:11:37.0853 0948  ql40xx - ok
15:11:37.0900 0948  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
15:11:37.0931 0948  QWAVE - ok
15:11:37.0962 0948  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:11:37.0993 0948  QWAVEdrv - ok
15:11:38.0009 0948  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:11:38.0056 0948  RasAcd - ok
15:11:38.0087 0948  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:11:38.0118 0948  RasAgileVpn - ok
15:11:38.0149 0948  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
15:11:38.0180 0948  RasAuto - ok
15:11:38.0196 0948  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:11:38.0243 0948  Rasl2tp - ok
15:11:38.0290 0948  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
15:11:38.0336 0948  RasMan - ok
15:11:38.0368 0948  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:11:38.0414 0948  RasPppoe - ok
15:11:38.0430 0948  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:11:38.0461 0948  RasSstp - ok
15:11:38.0508 0948  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:11:38.0555 0948  rdbss - ok
15:11:38.0586 0948  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:11:38.0602 0948  rdpbus - ok
15:11:38.0648 0948  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:11:38.0695 0948  RDPCDD - ok
15:11:38.0726 0948  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:11:38.0742 0948  RDPDR - ok
15:11:38.0773 0948  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:11:38.0836 0948  RDPENCDD - ok
15:11:38.0882 0948  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:11:38.0929 0948  RDPREFMP - ok
15:11:38.0960 0948  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:11:38.0992 0948  RDPWD - ok
15:11:39.0038 0948  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:11:39.0054 0948  rdyboost - ok
15:11:39.0070 0948  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:11:39.0116 0948  RemoteAccess - ok
15:11:39.0163 0948  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:11:39.0194 0948  RemoteRegistry - ok
15:11:39.0226 0948  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:11:39.0272 0948  RpcEptMapper - ok
15:11:39.0288 0948  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
15:11:39.0304 0948  RpcLocator - ok
15:11:39.0335 0948  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
15:11:39.0366 0948  RpcSs - ok
15:11:39.0412 0948  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:11:39.0442 0948  rspndr - ok
15:11:39.0472 0948  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:11:39.0522 0948  s3cap - ok
15:11:39.0542 0948  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
15:11:39.0562 0948  SamSs - ok
15:11:39.0592 0948  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:11:39.0612 0948  sbp2port - ok
15:11:39.0642 0948  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:11:39.0682 0948  SCardSvr - ok
15:11:39.0712 0948  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:11:39.0752 0948  scfilter - ok
15:11:39.0802 0948  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
15:11:39.0852 0948  Schedule - ok
15:11:39.0902 0948  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:11:39.0932 0948  SCPolicySvc - ok
15:11:39.0982 0948  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:11:40.0012 0948  SDRSVC - ok
15:11:40.0062 0948  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:11:40.0092 0948  secdrv - ok
15:11:40.0112 0948  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
15:11:40.0152 0948  seclogon - ok
15:11:40.0252 0948  [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
15:11:40.0282 0948  Secunia PSI Agent - ok
15:11:40.0322 0948  [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
15:11:40.0342 0948  Secunia Update Agent - ok
15:11:40.0362 0948  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
15:11:40.0412 0948  SENS - ok
15:11:40.0442 0948  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:11:40.0462 0948  SensrSvc - ok
15:11:40.0482 0948  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:11:40.0512 0948  Serenum - ok
15:11:40.0532 0948  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:11:40.0562 0948  Serial - ok
15:11:40.0582 0948  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:11:40.0602 0948  sermouse - ok
15:11:40.0652 0948  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:11:40.0682 0948  SessionEnv - ok
15:11:40.0722 0948  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:11:40.0752 0948  sffdisk - ok
15:11:40.0772 0948  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:11:40.0792 0948  sffp_mmc - ok
15:11:40.0802 0948  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:11:40.0822 0948  sffp_sd - ok
15:11:40.0842 0948  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:11:40.0862 0948  sfloppy - ok
15:11:40.0942 0948  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:11:41.0002 0948  SharedAccess - ok
15:11:41.0032 0948  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:11:41.0082 0948  ShellHWDetection - ok
15:11:41.0112 0948  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:11:41.0132 0948  sisagp - ok
15:11:41.0172 0948  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:11:41.0182 0948  SiSRaid2 - ok
15:11:41.0202 0948  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:11:41.0222 0948  SiSRaid4 - ok
15:11:41.0232 0948  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:11:41.0262 0948  Smb - ok
15:11:41.0302 0948  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:11:41.0322 0948  SNMPTRAP - ok
15:11:41.0392 0948  [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan        C:\Windows\system32\speedfan.sys
15:11:41.0422 0948  speedfan - ok
15:11:41.0442 0948  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:11:41.0452 0948  spldr - ok
15:11:41.0493 0948  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
15:11:41.0555 0948  Spooler - ok
15:11:41.0680 0948  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
15:11:41.0805 0948  sppsvc - ok
15:11:41.0836 0948  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:11:41.0898 0948  sppuinotify - ok
15:11:42.0039 0948  [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP           C:\Windows\System32\Drivers\NIS\1309000.009\SRTSP.SYS
15:11:42.0086 0948  SRTSP - ok
15:11:42.0132 0948  [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX          C:\Windows\system32\drivers\NIS\1309000.009\SRTSPX.SYS
15:11:42.0148 0948  SRTSPX - ok
15:11:42.0164 0948  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:11:42.0195 0948  srv - ok
15:11:42.0226 0948  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:11:42.0273 0948  srv2 - ok
15:11:42.0304 0948  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:11:42.0320 0948  srvnet - ok
15:11:42.0351 0948  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:11:42.0413 0948  SSDPSRV - ok
15:11:42.0429 0948  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:11:42.0476 0948  SstpSvc - ok
15:11:42.0507 0948  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:11:42.0522 0948  stexstor - ok
15:11:42.0569 0948  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
15:11:42.0616 0948  StiSvc - ok
15:11:42.0663 0948  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:11:42.0678 0948  storflt - ok
15:11:42.0710 0948  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
15:11:42.0741 0948  StorSvc - ok
15:11:42.0772 0948  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:11:42.0788 0948  storvsc - ok
15:11:42.0819 0948  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:11:42.0850 0948  swenum - ok
15:11:42.0912 0948  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
15:11:42.0959 0948  swprv - ok
15:11:43.0037 0948  [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS           C:\Windows\system32\drivers\NIS\1309000.009\SYMDS.SYS
15:11:43.0068 0948  SymDS - ok
15:11:43.0146 0948  [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA          C:\Windows\system32\drivers\NIS\1309000.009\SYMEFA.SYS
15:11:43.0162 0948  SymEFA - ok
15:11:43.0224 0948  [ 555FB450FE6908600310E990738B41D6 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
15:11:43.0240 0948  SymEvent - ok
15:11:43.0271 0948  [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON         C:\Windows\system32\drivers\NIS\1309000.009\Ironx86.SYS
15:11:43.0287 0948  SymIRON - ok
15:11:43.0318 0948  [ 3EE215D6FE821E3EDF0F7134D9AE905A ] SymNetS         C:\Windows\System32\Drivers\NIS\1309000.009\SYMNETS.SYS
15:11:43.0349 0948  SymNetS - ok
15:11:43.0412 0948  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
15:11:43.0443 0948  SysMain - ok
15:11:43.0474 0948  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:11:43.0505 0948  TabletInputService - ok
15:11:43.0552 0948  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:11:43.0599 0948  TapiSrv - ok
15:11:43.0630 0948  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
15:11:43.0677 0948  TBS - ok
15:11:43.0739 0948  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:11:43.0770 0948  Tcpip - ok
15:11:43.0833 0948  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:11:43.0864 0948  TCPIP6 - ok
15:11:43.0958 0948  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:11:44.0051 0948  tcpipreg - ok
15:11:44.0159 0948  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:11:44.0259 0948  TDPIPE - ok
15:11:44.0329 0948  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:11:44.0359 0948  TDTCP - ok
15:11:44.0389 0948  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:11:44.0429 0948  tdx - ok
15:11:44.0449 0948  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:11:44.0479 0948  TermDD - ok
15:11:44.0529 0948  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
15:11:44.0589 0948  TermService - ok
15:11:44.0609 0948  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
15:11:44.0649 0948  Themes - ok
15:11:44.0679 0948  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
15:11:44.0719 0948  THREADORDER - ok
15:11:44.0739 0948  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
15:11:44.0789 0948  TrkWks - ok
15:11:44.0859 0948  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:11:44.0959 0948  TrustedInstaller - ok
15:11:44.0989 0948  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:11:45.0029 0948  tssecsrv - ok
15:11:45.0079 0948  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:11:45.0099 0948  TsUsbFlt - ok
15:11:45.0179 0948  [ C1A64414DB4E49D41D9DF9359ED9369B ] TuneUp.Defrag   C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
15:11:45.0209 0948  TuneUp.Defrag - ok
15:11:45.0249 0948  [ DC653CF2D70827C4EBC2B157DA25CF57 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
15:11:45.0289 0948  TuneUp.UtilitiesSvc - ok
15:11:45.0329 0948  [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
15:11:45.0349 0948  TuneUpUtilitiesDrv - ok
15:11:45.0399 0948  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:11:45.0439 0948  tunnel - ok
15:11:45.0469 0948  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:11:45.0479 0948  uagp35 - ok
15:11:45.0509 0948  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:11:45.0549 0948  udfs - ok
15:11:45.0579 0948  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:11:45.0609 0948  UI0Detect - ok
15:11:45.0659 0948  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:11:45.0679 0948  uliagpkx - ok
15:11:45.0689 0948  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
15:11:45.0709 0948  umbus - ok
15:11:45.0739 0948  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:11:45.0759 0948  UmPass - ok
15:11:45.0799 0948  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:11:45.0829 0948  UmRdpService - ok
15:11:45.0899 0948  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
15:11:45.0959 0948  upnphost - ok
15:11:46.0029 0948  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:11:46.0069 0948  usbaudio - ok
15:11:46.0109 0948  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:11:46.0139 0948  usbccgp - ok
15:11:46.0159 0948  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:11:46.0189 0948  usbcir - ok
15:11:46.0229 0948  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:11:46.0249 0948  usbehci - ok
15:11:46.0279 0948  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:11:46.0319 0948  usbhub - ok
15:11:46.0359 0948  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:11:46.0389 0948  usbohci - ok
15:11:46.0429 0948  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:11:46.0449 0948  usbprint - ok
15:11:46.0489 0948  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:11:46.0519 0948  usbscan - ok
15:11:46.0539 0948  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:11:46.0569 0948  USBSTOR - ok
15:11:46.0599 0948  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:11:46.0629 0948  usbuhci - ok
15:11:46.0689 0948  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:11:46.0709 0948  usbvideo - ok
15:11:46.0739 0948  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
15:11:46.0789 0948  UxSms - ok
15:11:46.0849 0948  [ DC2172ACCB384C6A3D59342050422102 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
15:11:46.0859 0948  UxTuneUp - ok
15:11:46.0909 0948  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
15:11:46.0929 0948  VaultSvc - ok
15:11:46.0949 0948  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:11:46.0969 0948  vdrvroot - ok
15:11:47.0009 0948  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
15:11:47.0059 0948  vds - ok
15:11:47.0079 0948  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:11:47.0119 0948  vga - ok
15:11:47.0149 0948  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:11:47.0199 0948  VgaSave - ok
15:11:47.0239 0948  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:11:47.0259 0948  vhdmp - ok
15:11:47.0289 0948  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:11:47.0309 0948  viaagp - ok
15:11:47.0339 0948  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
15:11:47.0369 0948  ViaC7 - ok
15:11:47.0389 0948  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
15:11:47.0399 0948  viaide - ok
15:11:47.0429 0948  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:11:47.0449 0948  vmbus - ok
15:11:47.0485 0948  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:11:47.0532 0948  VMBusHID - ok
15:11:47.0547 0948  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:11:47.0563 0948  volmgr - ok
15:11:47.0610 0948  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:11:47.0625 0948  volmgrx - ok
15:11:47.0641 0948  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:11:47.0672 0948  volsnap - ok
15:11:47.0688 0948  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:11:47.0703 0948  vsmraid - ok
15:11:47.0781 0948  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
15:11:47.0847 0948  VSS - ok
15:11:47.0867 0948  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:11:47.0897 0948  vwifibus - ok
15:11:47.0917 0948  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:11:47.0937 0948  vwififlt - ok
15:11:47.0967 0948  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:11:47.0997 0948  vwifimp - ok
15:11:48.0027 0948  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
15:11:48.0077 0948  W32Time - ok
15:11:48.0097 0948  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:11:48.0127 0948  WacomPen - ok
15:11:48.0157 0948  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:11:48.0207 0948  WANARP - ok
15:11:48.0207 0948  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:11:48.0237 0948  Wanarpv6 - ok
15:11:48.0297 0948  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
15:11:48.0357 0948  wbengine - ok
15:11:48.0387 0948  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:11:48.0427 0948  WbioSrvc - ok
15:11:48.0477 0948  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:11:48.0517 0948  wcncsvc - ok
15:11:48.0527 0948  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:11:48.0557 0948  WcsPlugInService - ok
15:11:48.0577 0948  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:11:48.0607 0948  Wd - ok
15:11:48.0637 0948  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:11:48.0657 0948  Wdf01000 - ok
15:11:48.0687 0948  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:11:48.0717 0948  WdiServiceHost - ok
15:11:48.0727 0948  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:11:48.0747 0948  WdiSystemHost - ok
15:11:48.0787 0948  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
15:11:48.0827 0948  WebClient - ok
15:11:48.0857 0948  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:11:48.0887 0948  Wecsvc - ok
15:11:48.0897 0948  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:11:48.0947 0948  wercplsupport - ok
15:11:48.0987 0948  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:11:49.0027 0948  WerSvc - ok
15:11:49.0047 0948  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:11:49.0077 0948  WfpLwf - ok
15:11:49.0097 0948  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:11:49.0117 0948  WIMMount - ok
15:11:49.0187 0948  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:11:49.0237 0948  WinDefend - ok
15:11:49.0247 0948  WinHttpAutoProxySvc - ok
15:11:49.0317 0948  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:11:49.0377 0948  Winmgmt - ok
15:11:49.0427 0948  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
15:11:49.0497 0948  WinRM - ok
15:11:49.0557 0948  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:11:49.0607 0948  WinUsb - ok
15:11:49.0657 0948  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:11:49.0707 0948  Wlansvc - ok
15:11:49.0807 0948  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:11:49.0827 0948  wlcrasvc - ok
15:11:49.0897 0948  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:11:49.0947 0948  wlidsvc - ok
15:11:49.0997 0948  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:11:50.0077 0948  WmiAcpi - ok
15:11:50.0207 0948  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:11:50.0317 0948  wmiApSrv - ok
15:11:50.0437 0948  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:11:50.0507 0948  WMPNetworkSvc - ok
15:11:50.0547 0948  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:11:50.0577 0948  WPCSvc - ok
15:11:50.0617 0948  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:11:50.0657 0948  WPDBusEnum - ok
15:11:50.0677 0948  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:11:50.0727 0948  ws2ifsl - ok
15:11:50.0747 0948  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:11:50.0777 0948  wscsvc - ok
15:11:50.0787 0948  WSearch - ok
15:11:50.0877 0948  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:11:50.0947 0948  wuauserv - ok
15:11:50.0967 0948  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:11:50.0997 0948  WudfPf - ok
15:11:51.0057 0948  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:11:51.0107 0948  WUDFRd - ok
15:11:51.0157 0948  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:11:51.0187 0948  wudfsvc - ok
15:11:51.0217 0948  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:11:51.0267 0948  WwanSvc - ok
15:11:51.0287 0948  ================ Scan global ===============================
15:11:51.0297 0948  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:11:51.0337 0948  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
15:11:51.0347 0948  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
15:11:51.0377 0948  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:11:51.0417 0948  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:11:51.0417 0948  [Global] - ok
15:11:51.0417 0948  ================ Scan MBR ==================================
15:11:51.0427 0948  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:11:51.0767 0948  \Device\Harddisk0\DR0 - ok
15:11:51.0767 0948  ================ Scan VBR ==================================
15:11:51.0767 0948  [ 9E48FF4070EE57A6C780D28443A33FE8 ] \Device\Harddisk0\DR0\Partition1
15:11:51.0777 0948  \Device\Harddisk0\DR0\Partition1 - ok
15:11:51.0812 0948  [ 4A180547082BED1300CBE705C3912090 ] \Device\Harddisk0\DR0\Partition2
15:11:51.0812 0948  \Device\Harddisk0\DR0\Partition2 - ok
15:11:51.0828 0948  [ 69270325DA39E7F072E686D804F6885C ] \Device\Harddisk0\DR0\Partition3
15:11:51.0828 0948  \Device\Harddisk0\DR0\Partition3 - ok
15:11:51.0828 0948  ============================================================
15:11:51.0828 0948  Scan finished
15:11:51.0828 0948  ============================================================
15:11:51.0859 1328  Detected object count: 4
15:11:51.0859 1328  Actual detected object count: 4
15:12:02.0639 1328  Brother XP spl Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:02.0639 1328  Brother XP spl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:12:02.0639 1328  BrSerIb ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:02.0639 1328  BrSerIb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:12:02.0654 1328  BrUsbSIb ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:02.0654 1328  BrUsbSIb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:12:02.0654 1328  giveio ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:02.0654 1328  giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________

Alt 05.01.2013, 14:15   #4
markusg
/// Malware-holic
 
PUP.Adware.Agent gefunden - Standard

PUP.Adware.Agent gefunden



Hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.01.2013, 14:36   #5
Larifari
 
PUP.Adware.Agent gefunden - Standard

PUP.Adware.Agent gefunden



Hier die Combofix-Datei:

Code:
ATTFilter
ComboFix 13-01-05.01 - *** 05.01.2013  15:21:43.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3037.1668 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-05 bis 2013-01-05  ))))))))))))))))))))))))))))))
.
.
2013-01-05 14:28 . 2013-01-05 14:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-05 14:28 . 2013-01-05 14:28	--------	d-----w-	c:\users\***.Notebook\AppData\Local\temp
2013-01-05 13:11 . 2013-01-05 13:11	--------	d-----w-	c:\users\***\AppData\Local\Programs
2013-01-03 07:58 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2013-01-03 07:58 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-13 18:41 . 2012-12-13 18:41	--------	d-----w-	c:\program files\Yontoo
2012-12-13 18:41 . 2012-12-13 18:41	--------	d-----w-	c:\programdata\Tarma Installer
2012-12-13 18:38 . 2012-12-13 18:38	--------	d-----w-	c:\programdata\Premium
2012-12-13 18:38 . 2012-12-13 18:38	--------	d-----w-	c:\programdata\InstallMate
2012-12-13 15:03 . 2012-11-02 05:11	376832	----a-w-	c:\windows\system32\dpnet.dll
2012-12-09 18:29 . 2012-12-09 18:56	--------	d-----w-	c:\program files\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2011-12-11 15:40	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-13 15:06 . 2012-04-17 17:41	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-13 15:06 . 2011-05-22 07:53	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-05 08:21 . 2012-11-05 08:20	8281168	----a-w-	c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-12-05 19:51 . 2012-12-05 19:51	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1246544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1309000.009\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1309000.009\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1309000.009\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130104.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1309000.009\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1309000.009\SYMNETS.SYS [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 74142562
*NewlyCreated* - KWLDQPOW
*Deregistered* - 74142562
*Deregistered* - kwldqpow
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 15:06]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-12 13:20]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-12 13:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://searchab.com/?aff=7&uid=330e31d1-4554-11e2-90f9-e0cb4e2f9eb4
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://searchab.com/?aff=7&uid=330e31d1-4554-11e2-90f9-e0cb4e2f9eb4
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\28m9fi33.default\
FF - prefs.js: browser.startup.homepage - hxxp://searchab.com/?aff=7&uid=330e31d1-4554-11e2-90f9-e0cb4e2f9eb4
FF - prefs.js: keyword.URL - hxxps://www.startpage.com/do/search?language=deutsch&cat=web&query=
FF - ExtSQL: 2012-12-13 19:41; torntv@torntv.com; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\28m9fi33.default\extensions\torntv@torntv.com.xpi
FF - ExtSQL: 2012-12-13 19:41; plugin@yontoo.com; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\28m9fi33.default\extensions\plugin@yontoo.com
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extentions.y2layers.installId - d10f58e9-b146-436e-b3ec-c77ba0b61fb3
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1035420632-523644624-95114637-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1035420632-523644624-95114637-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-1035420632-523644624-95114637-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-05  15:30:15
ComboFix-quarantined-files.txt  2013-01-05 14:30
.
Vor Suchlauf: 7 Verzeichnis(se), 47.351.705.600 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 49.143.787.520 Bytes frei
.
- - End Of File - - 2D7C63C72AC6E0E985D6AC28607BE995
         


Alt 05.01.2013, 14:42   #6
markusg
/// Malware-holic
 
PUP.Adware.Agent gefunden - Standard

PUP.Adware.Agent gefunden



Sieht soweit ok aus.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.


öffne CCleaner, extras, liste der Autostart programme und poste sie bitte.
__________________
--> PUP.Adware.Agent gefunden

Alt 05.01.2013, 14:53   #7
Larifari
 
PUP.Adware.Agent gefunden - Standard

PUP.Adware.Agent gefunden



Uninstall list:

Code:
ATTFilter
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	12.12.2012	6,00MB	11.5.502.135  benötigt
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	13.12.2012	6,00MB	11.5.502.135  benötigt
Adobe Reader XI - Deutsch	Adobe Systems Incorporated	05.11.2012	128MB	11.0.00       benötigt
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	01.11.2012		11.6.8.638   benötigt
Bing Bar	Microsoft Corporation	05.11.2012	464KB	7.1.391.0 nicht benötigt
CCleaner	Piriform	19.12.2012		3.26  benötigt
Google Earth	Google	18.05.2012	107MB	6.2.2.6613 benötigt
Google Earth Plug-in	Google	18.05.2012	48,7MB	6.2.2.6613 benötigt
Intel(R) TV Wizard	Intel Corporation	15.04.2010		unbekannt
Java 7 Update 9	Oracle	02.09.2012	128MB	7.0.90  benötigt
JavaFX 2.1.1	Oracle Corporation	01.08.2012	20,8MB	2.1.1 benötigt
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	05.01.2013	18,4MB	1.70.0.1100 benötigt
McAfee Security Scan Plus	McAfee, Inc.	26.05.2010	8,30MB	2.0.181.2   nicht benötigt
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	25.06.2010	38,8MB	4.0.30319  unbekannt
Microsoft Office File Validation Add-In	Microsoft Corporation	15.09.2011	7,95MB	14.0.5130.5003  unbekannt
Microsoft Office Home and Student 2007	Microsoft Corporation	12.12.2011		12.0.6612.1000   benötigt
Microsoft Office Live Add-in 1.5	Microsoft Corporation	18.05.2012	508KB	2.0.4024.1       nicht benötigt
Microsoft Silverlight	Microsoft Corporation	18.05.2012	218MB	5.1.10411.0     benötigt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	20.10.2010	1,69MB	3.1.0000 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	20.04.2010	252KB	8.0.50727.4053  unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	17.06.2011	300KB	8.0.59193 unbekannt
Mozilla Firefox 17.0.1 (x86 de)	Mozilla	05.12.2012	42,4MB	17.0.1  benötigt
Mozilla Maintenance Service	Mozilla	09.12.2012	329KB	17.0      benötigt
Mozilla Thunderbird 17.0 (x86 de)	Mozilla	09.12.2012	41,9MB	17.0 benötigt
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	20.04.2010	35,0KB	4.20.9870.0  unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	20.04.2010	1,33MB	4.20.9876.0  unbekannt
MSXML 4.0 SP3 Parser	Microsoft Corporation	22.08.2012	1,47MB	4.30.2100.0 unbekannt
MSXML 4.0 SP3 Parser (KB2721691)	Microsoft Corporation	24.08.2012	1,53MB	4.30.2114.0  unbekannt
Nero 9 Essentials	Nero AG	17.04.2010	nicht benötigt	
Norton Internet Security	Symantec Corporation	28.01.2012		19.9.0.9  benötigt
Nuance PaperPort 12	Nuance Communications, Inc.	22.08.2012	202MB	12.1.0000   benötigt
Nuance PDF Viewer Plus	Nuance Communications, Inc	22.08.2012	38,0MB	5.30.3290   benötigt
PaperPort Image Printer	Nuance Communications, Inc.	22.08.2012	521KB	1.00.0001  benötigt
Picasa 3	Google, Inc.	21.01.2011		3.8  benötigt
QuickTime	Apple Inc.	10.06.2012	73,2MB	7.72.80.56  benötigt
Secunia PSI (2.0.0.4003)	Secunia	12.12.2011	3,47MB	2.0.0.4003  benötigt
SpeedFan (remove only)		28.10.2012		benötigt
Total Commander (Remove or Repair)	Ghisler Software GmbH	16.04.2010		7.50a unbekannt
TuneUp Utilities	TuneUp Software	03.08.2012		9.0.6030.1        benötigt
VLC media player 2.0.3	VideoLAN	16.10.2012		2.0.3    benötigt
Windows Live Essentials	Microsoft Corporation	20.10.2010		15.4.3502.0922  nicht benötigt
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	20.10.2010	5,57MB	15.4.5722.2 unbekannt
Yontoo 1.10.03	Yontoo LLC	07.10.2012	1,16MB	1.10.03    unbekannt
Zylom Games Player Plugin	Zylom Games	16.10.2012	nicht benötigt
         
Autostart:

Code:
ATTFilter
Ja	HKCU:Run	ISUSPM	Acresso Corporation	C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
Ja	HKLM:Run	HotKeysCmds	Intel Corporation	C:\Windows\system32\hkcmd.exe
Ja	HKLM:Run	IgfxTray	Intel Corporation	C:\Windows\system32\igfxtray.exe
Ja	HKLM:Run	IndexSearch	Nuance Communications, Inc.	"C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
Ja	HKLM:Run	Logitech Download Assistant	Microsoft Corporation	C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Ja	HKLM:Run	PaperPort PTD	Nuance Communications, Inc.	"C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
Ja	HKLM:Run	PDF5 Registry Controller	Nuance Communications, Inc.	C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
Ja	HKLM:Run	PDFHook	Nuance Communications, Inc.	C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
Ja	HKLM:Run	Persistence	Intel Corporation	C:\Windows\system32\igfxpers.exe
Ja	Startup Common	McAfee Security Scan Plus.lnk	McAfee, Inc.	C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
         

Alt 05.01.2013, 18:40   #8
markusg
/// Malware-holic
 
PUP.Adware.Agent gefunden - Standard

PUP.Adware.Agent gefunden



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Bing

McAfee
Nero
Secunia : aktualisieren wir später, erst mal weg
Total Commander
TuneUp : verzichte auf solchen Unsinn, einige Funktionen können dem PC schaden, oder bringen im besten Falle nichts.
Windows Live : alle
Yontoo
Zylom
Öffne CCleaner, analysieren, starten, PC neustarten.

CCleaner Autostart liste:
alle Haken raus außer:
HotKeysCmds

bei startup alle Haken raus.


Norton:
Anti Virus Software und Internet Security - Antivirussoftware | Norton Deutschland
hohl dir mal dort Version 2013, die hast du noch nicht, Upgrade ist kostenlos.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.01.2013, 21:28   #9
Larifari
 
PUP.Adware.Agent gefunden - Standard

PUP.Adware.Agent gefunden



Sorry für die späte Antwort, hab's nicht früher geschafft.

Zitat:
Zitat von markusg Beitrag anzeigen
CCleaner Autostart liste:
alle Haken raus außer:
HotKeysCmds

bei startup alle Haken raus.
Wo soll das sein? Im CCleaner habe ich außer den Autostart nichts passendes gefunden.

Zitat:
Zitat von markusg Beitrag anzeigen
Norton:
Anti Virus Software und Internet Security - Antivirussoftware | Norton Deutschland
hohl dir mal dort Version 2013, die hast du noch nicht, Upgrade ist kostenlos.
Habe auf der Seite leider kein kostenloses Upgrade gefunden. Die Lizenz läuft aber auch bald aus und wurde wohl auch schon erneuert (ist nicht mein PC), kann aber erst in ein paar Tagen drauf gemacht werden.


Hier noch das Log:

Code:
ATTFilter
# AdwCleaner v2.104 - Datei am 06/01/2013 um 22:19:24 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : *** - NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Premium
Ordner Gefunden : C:\ProgramData\Tarma Installer

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\1ClickDownload
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\Software\SweetIM
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\28m9fi33.default\prefs.js

Gefunden : user_pref("extensions.ghostery.uiLog", "{\"type\":\"pixel_block\",\"ref\":\"tbx.t-online.de/ps/srp/o[...]

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ac57sjml.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\***.Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\6qnhx6fh.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1968 octets] - [06/01/2013 22:19:24]

########## EOF - C:\AdwCleaner[R1].txt - [2028 octets] ##########
         

Alt 07.01.2013, 17:03   #10
markusg
/// Malware-holic
 
PUP.Adware.Agent gefunden - Standard

PUP.Adware.Agent gefunden



Hi
einfach die neue Version drüber instalieren, die Lizenz wird übernommen.


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

Neustarten, testen, wie PC und Programme laufen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.01.2013, 17:29   #11
Larifari
 
PUP.Adware.Agent gefunden - Standard

PUP.Adware.Agent gefunden



Hier das Log von Adwcleaner:

Code:
ATTFilter
# AdwCleaner v2.104 - Datei am 07/01/2013 um 22:15:19 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : *** - NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\Tarma Installer

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\SweetIM
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\28m9fi33.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\28m9fi33.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.ghostery.uiLog", "{\"type\":\"pixel_block\",\"ref\":\"tbx.t-online.de/ps/srp/o[...]

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ac57sjml.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\***.Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\6qnhx6fh.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2097 octets] - [06/01/2013 22:19:24]
AdwCleaner[S1].txt - [2167 octets] - [07/01/2013 22:15:19]

########## EOF - C:\AdwCleaner[S1].txt - [2227 octets] ##########
         

Alt 08.01.2013, 17:41   #12
markusg
/// Malware-holic
 
PUP.Adware.Agent gefunden - Standard

PUP.Adware.Agent gefunden



Hi
kannst du adwcleaner mal löschen, neu laden und das löschprozedere erneut ausführen und das Log posten?
Es gab heute ein Update
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.01.2013, 18:25   #13
Larifari
 
PUP.Adware.Agent gefunden - Standard

PUP.Adware.Agent gefunden



ok hier:

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 08/01/2013 um 19:21:28 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : *** - NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\28m9fi33.default\extensions\staged

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\28m9fi33.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ac57sjml.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\***.Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\6qnhx6fh.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2097 octets] - [06/01/2013 22:19:24]
AdwCleaner[R2].txt - [1241 octets] - [07/01/2013 22:37:45]
AdwCleaner[S1].txt - [2296 octets] - [07/01/2013 22:15:19]
AdwCleaner[S2].txt - [1286 octets] - [08/01/2013 19:21:28]

########## EOF - C:\AdwCleaner[S2].txt - [1346 octets] ##########
         

Alt 08.01.2013, 18:37   #14
markusg
/// Malware-holic
 
PUP.Adware.Agent gefunden - Standard

PUP.Adware.Agent gefunden



Hi, neustarten bitte, testen, wie PC + Programme laufen, internet explorer bitte auch testen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.01.2013, 19:51   #15
Larifari
 
PUP.Adware.Agent gefunden - Standard

PUP.Adware.Agent gefunden



Hallo,
läuft alles soweit ok, auch der IE. Nur die Festplatte macht etwas viel Geräusch, weiß nicht, ob das was zu bedeuten hat.

Antwort

Themen zu PUP.Adware.Agent gefunden
administrator, adobe, adobe reader xi, autorun, bho, bingbar, defender, downloader, error, explorer, firefox, flash player, format, helper, install.exe, langsam, log, logfile, mozilla, office 2007, programme, recycle.bin, registry, rundll, scan, secunia psi, security, sehr langsam, senden, software, svchost.exe, symantec, tarma



Ähnliche Themen: PUP.Adware.Agent gefunden


  1. Variante von Win32/Adware.Agent.NOH Anwendung gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.11.2015 (7)
  2. Viren (APPL/RedCap (Cloud), SPR/Agent.dkb, TR/Drop.Rotbrow.K.1, ADWARE/InstallCore.Gen7 und zweimal ADWARE/BHO.Bprotector.1.4).
    Plagegeister aller Art und deren Bekämpfung - 10.05.2015 (7)
  3. Adware.Gen7 - Adware/Cherished.oia - Adware/InstallCore.Gen9 - TR/Trash.Gen bei Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2014 (13)
  4. Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefunden
    Log-Analyse und Auswertung - 22.10.2014 (4)
  5. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  6. PC läuft langsam Adware Agent,Pup Optional B..,Pup Optional S..,wurde von Malewarebytes gefunden
    Log-Analyse und Auswertung - 04.10.2013 (41)
  7. ADWARE/InstallCore.Gen' + Adware/Vittalia.AB + TR/Agent.887358 Infektion !
    Plagegeister aller Art und deren Bekämpfung - 29.09.2013 (8)
  8. 3x Adware Agent mit Malewarebytes gefunden
    Log-Analyse und Auswertung - 28.08.2013 (8)
  9. Adware.Agent mit Malwarebytes gefunden
    Log-Analyse und Auswertung - 02.07.2013 (8)
  10. Adware/Agent.1908736 und Keylogger gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (1)
  11. Adware Agent in C:\Users\xxxxx\AppData\Local\Temp\814044.Uninstall\Uninstall.exe ;Adware.Agent in C:\Users\xxxxxx\Downloads\FLV
    Log-Analyse und Auswertung - 30.12.2012 (32)
  12. pup.adware.agent gefunden, probleme beim starten/runterfahren
    Log-Analyse und Auswertung - 10.09.2012 (2)
  13. Trojan.Agent/Gen, Adware.Tracking Cookie und Oreans32 gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (11)
  14. PC von Adware.Agent.ZGen, Adware.ClickPotato, Adware.ShopperReports, Adware.Hotbar, Adwa angegriffen
    Mülltonne - 30.06.2011 (0)
  15. Adware.Agent und TR/Trash.Gen Trojan gefunden und bei Gmer was falsch gemacht :-(
    Plagegeister aller Art und deren Bekämpfung - 22.02.2011 (44)
  16. Internet verlangsamt sich (Adware.RelevantKnowlegde/Zwangi/Agent gefunden)
    Plagegeister aller Art und deren Bekämpfung - 22.02.2010 (1)
  17. 5 mal Malware - u.a. : ADWARE/Adware.Gen, ADSPY/FTat.A.2, TR/Agent.95104, ...
    Log-Analyse und Auswertung - 15.01.2010 (2)

Zum Thema PUP.Adware.Agent gefunden - Hallo liebes Forum, Malwarebytes hat einen Fund von PUP.Adware.Agent gemeldet. Hier das Log: Code: Alles auswählen Aufklappen ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.19.10 Windows 7 Service Pack 1 - PUP.Adware.Agent gefunden...
Archiv
Du betrachtest: PUP.Adware.Agent gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.