Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner legt Computer lahm

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.01.2013, 22:23   #1
sschmidt
 
GVU Trojaner legt Computer lahm - Standard

GVU Trojaner legt Computer lahm



Hallo zusammen,
habe mir heute abend einen GVU-Trojaner eingefangen. Unter meinem Benutzer geht gar nichts mehr. Der Benutzer meiner Frau auf dem PC läuft noch. Mit diesem arbeite ich gerade. Das Kasperskytool habe ich bereits gestartet. Hat nichts gebracht.
Bin dann auf dieses Forum gestoßen. Für Hilfe wäre ich sehr dankbar
Grüße
Steffen

Geändert von sschmidt (11.01.2013 um 22:34 Uhr)

Alt 11.01.2013, 23:54   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner legt Computer lahm - Standard

GVU Trojaner legt Computer lahm



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 12.01.2013, 01:53   #3
sschmidt
 
GVU Trojaner legt Computer lahm - Standard

GVU Trojaner legt Computer lahm



Hallo cosinus,
Danke für deine rasche Antwort/Hilfe. Kontte die Files mit dem zweiten Benutzer auslesen.
was ich im Antivir gesehen habe gibt es einige Funde. Ist leichter Schweinkram. Bitte ich mit dem Mantel des Vergessens zu bedecken...
Gruß
Code:
ATTFilter
Exportierte Ereignisse:

11.01.2013 21:41 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\MF8ZY6R3\Separate_Fraction[1].htm'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2011-3402.B' 
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei konnte nicht geöffnet werden!
      Es wird versucht die Datei mit Hilfe des Snapshot Treibers zu durchsuchen.
      Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
      Die Quelldatei konnte nicht gefunden werden.
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '576ffc6f.qua' 
      verschoben!

11.01.2013 21:40 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\MF8ZY6R3\Separate_Fraction[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'EXP/CVE-2011-3402.B' [exploit] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

09.01.2013 21:55 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\9TZECOL5\school-girls-fucked_net[1].htm'
      enthielt einen Virus oder unerwünschtes Programm 'JS/JEHBlock.A' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '594847f6.qua' 
      verschoben!

09.01.2013 21:54 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\9TZECOL5\school-girls-fucked_net[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'JS/JEHBlock.A' [virus] gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

09.01.2013 21:54 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\9TZECOL5\school-girls-fucked_net[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'JS/JEHBlock.A' [virus] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

30.12.2012 18:24 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\NTMKT5F4\homemade-voyeur_com[1].htm'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Pornpop.A.17' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5681ed52.qua' 
      verschoben!

30.12.2012 18:24 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\NFW96IOK\Hardcore_Teen_Sex[1].htm'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Pornpop.A.12' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57e3e76e.qua' 
      verschoben!

30.12.2012 18:24 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\NTMKT5F4\homemade-voyeur_com[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Pornpop.A.17' [adware] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

30.12.2012 18:24 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\NTMKT5F4\homemade-voyeur_com[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Pornpop.A.17' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

30.12.2012 18:23 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\NFW96IOK\Hardcore_Teen_Sex[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Pornpop.A.12' [adware] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

30.12.2012 18:23 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\NFW96IOK\Hardcore_Teen_Sex[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Pornpop.A.12' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

30.12.2012 18:23 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\ZRB1360F\Hardcore_Teen_Sex[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Pornpop.A.12' [adware] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

30.12.2012 18:23 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\ZRB1360F\Hardcore_Teen_Sex[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Pornpop.A.12' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

30.12.2012 18:20 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\2B3SPJM7\Hard-Anal-at-Home[1].htm'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Pornpop.A.17' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5943ebf1.qua' 
      verschoben!

30.12.2012 18:19 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\2B3SPJM7\Hard-Anal-at-Home[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Pornpop.A.17' [adware] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

30.12.2012 18:19 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\2B3SPJM7\Hard-Anal-at-Home[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Pornpop.A.17' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         
__________________

Alt 12.01.2013, 13:04   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner legt Computer lahm - Standard

GVU Trojaner legt Computer lahm



Zitat:
Das Kasperskytool habe ich bereits gestartet. Hat nichts gebracht.
Es gibt nicht "das" Kasperskytool! Bitte genauere Angaben was du genutzt hast!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.01.2013, 11:58   #5
sschmidt
 
GVU Trojaner legt Computer lahm - Standard

GVU Trojaner legt Computer lahm



Hallo Cosinus,
sorry dass ich mich undeutlich ausgedrückt habe.
habe den Trojaner jetzt mit dem WindowsUnlocker von Kaspersky von der Platte gefegt. STRIKE!!! Hat beim ersten mal nicht geklappt da ich ne veraltete Version habe laufen lassen.
Jetzt gibt es noch zwei kleinere Folgeprobleme. Seit dem Virus kommt jetzt die Meldung "Server ist ausgelastet. Der Vorgang kann nicht ausgeführt werden, da die andere Anwendung aktiv ist. Klicken Sie aus WECHSELN ZU",..."
Es gibt aber keine andere Anwendung!!!

Und der Windows-Sicherheitscenter läßt sich nicht mehr aktivieren.
hast du mir bitte hierzu bitte ne Hilfestellung?
danke dir+Gruß


Alt 13.01.2013, 19:32   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner legt Computer lahm - Standard

GVU Trojaner legt Computer lahm



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
--> GVU Trojaner legt Computer lahm

Alt 15.01.2013, 20:16   #7
sschmidt
 
GVU Trojaner legt Computer lahm - Standard

GVU Trojaner legt Computer lahm



super deine Unterstützung. Habe jetzt das OTL installiert und sende dir die Files. Als neues und weiteres kleines Präsent hat der vernichtete Trojaner irgendwas geändert dass jetzt ständig nervige Sicherheitsabfragen durch das Windows7 kommen. Sonst läuft der PC aber recht gut. mein Nachbar hatte den auch drauf. bei dem hat er sogar Dateien verschlüsselt. bei mir immerhin nicht.
Gruß



Code:
ATTFilter
OTL logfile created on: 15.01.2013 20:58:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sabine\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 59,30% Memory free
6,49 Gb Paging File | 4,81 Gb Available in Paging File | 74,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,50 Gb Total Space | 13,62 Gb Free Space | 23,28% Space Free | Partition Type: NTFS
Drive D: | 407,17 Gb Total Space | 377,10 Gb Free Space | 92,62% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sabine\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Users\User\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\XSrvSetup.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Programme\vShare\vshare_toolbar.dll ()
MOD - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Winmgmt) -- C:\Users\User\wgsdgsdgdsgsd.exe File not found
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (BingDesktopUpdate) -- C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (SearchAnonymizer) -- C:\Users\User\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AppleChargerSrv) -- C:\Windows\System32\AppleChargerSrv.exe ()
SRV - (JMB36X) -- C:\Windows\System32\XSrvSetup.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (amd_sata) -- C:\Windows\System32\drivers\amd_sata.sys (Advanced Micro Devices)
DRV - (amd_xata) -- C:\Windows\System32\drivers\amd_xata.sys (Advanced Micro Devices)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (AppleCharger) -- C:\Windows\System32\drivers\AppleCharger.sys ()
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\User\Desktop
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.stimme.de/
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com.anonymize-me.de/?anonymto=687474703A2F2F7673686172652E746F6F6C626172686F6D652E636F6D2F7365617263682E617370783F713D7B7365617263685465726D737D26737263683D647370&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E73656172636871752E636F6D2F7765623F7372633D6965622673797374656D69643D34303626713D7B7365617263685465726D737D&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{8C3FFAEA-8D30-45DC-8130-ACCC3EAFE8C5}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{A41F9BD5-8099-4C95-A6BD-5F29BC9EDE9E}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{BBC2C47B-A90A-49A1-B872-03D9EF581AAA}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{C241842D-C18B-4927-962C-6E030D14110B}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{D1969390-1B2E-4274-8C03-3CA34A894085}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{F0A98150-2135-4DCF-AEA5-9C15D5E26FD6}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 0C E9 AD 3F 9E CD 01  [binary data]
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1003\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.stimme.de/"
FF - prefs.js..extensions.enabledAddons: software%40loadtubes.com:1.01
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: support%40Senseless.TV:1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.12.17 22:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@Senseless.TV: C:\Users\User\AppData\Roaming\SenselessTV\ffextension [2012.12.28 21:36:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.13 21:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.14 17:37:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.11 06:04:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@Senseless.TV: C:\Users\User\AppData\Roaming\SenselessTV\ffextension [2012.12.28 21:36:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.13 21:44:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.14 17:37:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.11 06:04:22 | 000,000,000 | ---D | M]
 
[2010.11.01 13:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010.11.01 13:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.21 18:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wpp3pji7.default\extensions
[2012.05.03 19:12:04 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wpp3pji7.default\extensions\software@loadtubes.com
[2012.12.01 16:40:59 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wpp3pji7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.21 18:20:45 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wpp3pji7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.08.21 19:52:42 | 000,001,871 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wpp3pji7.default\searchplugins\{0E75C47B-1374-4000-8965-C1A99EF65FD0}.xml
[2012.08.21 19:52:42 | 000,002,078 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wpp3pji7.default\searchplugins\{723EF4DB-8719-4008-9E5B-7A27490C5D9E}.xml
[2012.08.21 19:52:42 | 000,002,189 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wpp3pji7.default\searchplugins\{F4A52853-1EC9-45AB-8991-50458EB81AD9}.xml
[2012.12.13 21:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.17 22:11:58 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.12.28 21:36:51 | 000,000,000 | ---D | M] (SenselessTV Video Plugin) -- C:\USERS\USER\APPDATA\ROAMING\SENSELESSTV\FFEXTENSION
[2012.12.13 21:44:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.15 15:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012.11.26 22:16:29 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.26 22:16:29 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2013.01.05 22:53:13 | 000,445,095 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15284 more lines...
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O2 - BHO: (SenselessTV Video Plugin) - {991D97B8-F0D8-4EA1-9100-7A65EA2D3A63} - C:\Users\User\AppData\Roaming\SenselessTV\bho.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\User\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3015292610-3859147213-2815788766-1003\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3015292610-3859147213-2815788766-1003\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Ocs_SM] C:\Users\User\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://notes.kwpartner.de/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://notes.kwpartner.de/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00BEA70F-AE5F-4DA7-91FA-4496FE787B40}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18C2FB04-7377-47A5-B748-F817A1EEE1F3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{db9a3a7e-d796-11df-b43c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{db9a3a7e-d796-11df-b43c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.15 20:36:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.15 20:36:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.15 20:36:16 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.11 23:45:36 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.01.11 06:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.01.10 22:18:48 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.01.10 22:18:48 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013.01.10 22:18:48 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013.01.10 22:18:48 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013.01.10 22:18:48 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013.01.10 22:18:48 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013.01.10 22:18:48 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013.01.10 22:18:48 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013.01.10 22:18:48 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013.01.10 22:18:48 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013.01.10 22:18:48 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013.01.10 22:18:48 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013.01.10 22:18:47 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013.01.10 22:18:47 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013.01.10 22:18:47 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013.01.10 22:18:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013.01.10 22:18:06 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.01.10 22:18:06 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.01.10 22:18:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013.01.10 22:18:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.10 22:18:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013.01.10 22:18:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013.01.10 22:18:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013.01.10 22:18:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.10 22:18:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.10 22:18:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013.01.10 22:18:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.10 22:18:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.10 22:18:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013.01.10 22:18:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.10 22:18:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013.01.10 22:18:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.10 22:18:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.10 22:18:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.10 22:18:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013.01.10 22:18:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.10 22:18:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.10 22:18:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013.01.10 22:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013.01.10 22:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.10 22:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013.01.10 22:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013.01.10 22:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.10 22:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013.01.10 22:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.10 22:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 22:04:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.09 22:04:21 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 22:04:21 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013.01.09 22:02:56 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013.01.02 22:20:10 | 000,000,000 | -H-D | C] -- C:\Windows\Icons
[2012.12.28 21:36:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SenselessTV
[2012.12.22 09:36:39 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.22 09:36:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.21 18:22:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\DDMSettings
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.15 20:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.15 20:34:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.15 20:34:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.15 15:09:28 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 15:09:28 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 15:04:10 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.11 23:12:11 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.11 22:39:58 | 000,006,466 | ---- | M] () -- C:\Windows\wininit.ini
[2013.01.11 21:50:22 | 000,654,034 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.11 21:50:22 | 000,615,916 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.11 21:50:22 | 000,129,906 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.11 21:50:22 | 000,106,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.11 21:41:49 | 000,002,865 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.10 05:56:42 | 000,298,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.09 21:48:32 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.09 21:48:32 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.05 22:53:13 | 000,445,095 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.26 10:22:19 | 000,044,643 | ---- | M] () -- C:\Users\User\Desktop\Kontoauszug_65076001__Nr.011_vom_01.12.2012_20121226102212.pdf
[2012.12.25 15:09:17 | 000,001,034 | ---- | M] () -- C:\Users\User\Desktop\tiptoi.lnk
[2012.12.25 13:11:58 | 000,015,020 | ---- | M] () -- C:\Users\User\Desktop\TK.odt
[2012.12.23 11:40:42 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.12.19 15:38:21 | 000,015,861 | ---- | M] () -- C:\Users\User\Desktop\Christa 70 Jahre.ods
[2012.12.18 18:57:54 | 000,444,891 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130105-225313.backup
[2012.12.17 22:12:00 | 000,001,588 | ---- | M] () -- C:\Users\User\Desktop\DivX Movies.lnk
[2012.12.17 22:11:37 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012.12.17 22:11:30 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.11 21:41:49 | 000,002,865 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.11 21:41:48 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.06 14:26:17 | 950,634,538 | ---- | C] () -- C:\Users\User\Desktop\Das Beste Aus Teen Test 03.avi
[2012.12.26 10:22:19 | 000,044,643 | ---- | C] () -- C:\Users\User\Desktop\Kontoauszug_65076001__Nr.011_vom_01.12.2012_20121226102212.pdf
[2012.12.25 12:24:45 | 000,015,020 | ---- | C] () -- C:\Users\User\Desktop\TK.odt
[2012.12.22 09:32:38 | 1456,326,656 | ---- | C] () -- C:\Users\User\Desktop\Excuse.Me.23.avi
[2012.12.17 22:11:37 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012.12.17 22:11:30 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012.11.30 20:59:21 | 000,006,466 | ---- | C] () -- C:\Windows\wininit.ini
[2012.03.20 18:33:53 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.03.20 18:32:42 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.03.20 18:32:42 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.03.20 18:32:41 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.03.20 18:32:41 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.12.14 21:14:40 | 000,001,283 | ---- | C] () -- C:\Windows\System32\.ini
[2010.11.06 22:16:45 | 000,011,264 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.01 11:41:33 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\OpenOffice.org
[2012.09.29 13:42:04 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Thunderbird
[2012.09.29 14:47:27 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\TuneUp Software
[2012.09.16 10:48:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Abelssoft
[2012.12.04 19:12:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited
[2012.10.24 20:42:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CCS64
[2012.07.19 15:06:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DesktopIconForAmazon
[2011.03.13 13:07:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\EurekaLog
[2011.04.03 12:36:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Imaxel
[2012.05.03 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\loadtbs
[2012.08.21 19:52:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OCS
[2010.11.03 22:29:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2012.08.21 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera
[2011.04.24 19:30:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RavensburgerTipToi
[2011.03.10 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\S.A.D
[2012.12.28 21:36:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SenselessTV
[2010.11.01 13:58:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
[2013.01.02 22:15:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2011.10.03 11:36:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Uniblue
[2012.12.05 20:48:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UpdateStar
[2011.06.09 21:47:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UpdateStar Drivers
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C64BF02A

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 15.01.2013 20:58:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sabine\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 59,30% Memory free
6,49 Gb Paging File | 4,81 Gb Available in Paging File | 74,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,50 Gb Total Space | 13,62 Gb Free Space | 23,28% Space Free | Partition Type: NTFS
Drive D: | 407,17 Gb Total Space | 377,10 Gb Free Space | 92,62% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17111942-A063-4B03-AD04-FBEC26BEDBC9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{31D20A24-EB68-4F71-93BF-3ABE90A561C8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{320DE523-6022-4430-BD81-99DCEB83A895}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3CAFDFF2-DB3A-41B8-9159-998F6032B195}" = rport=139 | protocol=6 | dir=out | app=system | 
"{41468095-B45A-4906-A68E-C098C8EF6A68}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4B761C16-22C5-4089-83B6-3CA5B13C3054}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{611F9E8C-E6F4-48AA-BE97-3DE12ED03170}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{683BF683-0B42-4BAF-A451-70A4F43E6A05}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{813760A9-D95B-4D0B-A25F-9631B6C207D5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{84506418-3A2D-4B13-A49D-4A1CA47399D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{893B6457-3319-4971-A6E5-00D039C5673A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{93C9B23A-6E16-4792-B95C-F3A10C1F40B6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A5718403-BA77-4863-B0F1-F2ABA7827066}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AAF923C8-C21F-45F6-822E-E74BDF45D14E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AE59FC35-19B3-41F2-8A1C-702C5D94E3E4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B1333986-3CB6-4A76-A346-C6DE5E151306}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C1891205-019D-4BCD-8C22-47B019AD35C7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CE4B2538-6774-41BC-B9B0-738B20EC7151}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EBD18EE9-1552-4813-80D6-9FF69C8BA00C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F74B0554-BEBD-4038-BBE8-6C8E0CC52E52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F9375A1A-4113-4CEE-A216-D40A52DC0FF7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FC47DFCE-FFD3-4C02-BAAE-171551118366}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FCF6E518-6473-4C76-A0E1-A345111BE475}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06BA630E-E744-465F-8793-0C0DD3527D9C}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{0D9701C4-DE26-42DB-A5D5-06926F5DDBCF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{32131827-636A-4934-A397-AFFC06B0BF31}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe | 
"{38D341B8-C3DC-46FD-A3B2-264455E9BF5A}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{408779A4-36F6-4D67-AFD3-1369BA309675}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{48A2C4EE-87B4-4B28-8494-87CE5FCBF58B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{57E5B0DC-5ECA-417A-85B0-9644DD364D89}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{58E47989-33E0-477E-90FC-8136C870565B}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe | 
"{5F64D70C-9C82-46B6-B437-91777091A8CA}" = protocol=6 | dir=out | app=system | 
"{6F4F0945-E9F2-4BA7-917D-85D03B5CF133}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6FC3D579-670B-4637-B78C-CCEA77EDAC4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{72901C4B-743D-4C12-8444-DB88A4421BCB}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe | 
"{7E2BD0CF-DE9E-4810-99B5-0431A3058F99}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{921B875F-AD10-44B7-AE85-7A36A619A285}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{96863968-B227-4B69-8CE6-DF142A8385CF}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe | 
"{AD61645F-C9F7-4AEC-9384-C54F06B82795}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{B1297F70-0CA4-45CE-8BD8-02D97A553847}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B12D7FE8-55F2-418F-AA70-055593B8A653}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B31ACCC5-DB96-4C20-93F1-F09E5C935F1A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B4E56A12-E0CC-4AC2-B845-947BCFF47DAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA366400-BE09-4E5D-B5A0-43E6622A2F75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB56A034-F993-4D76-8703-B56F51764492}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D84176CD-E33D-46C3-8A53-A4CDEF934884}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D94DB7A9-29E9-4D34-BF8D-2E60C58D87ED}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{E48BF1DF-4247-494C-9C73-9E9CCCE961ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EA54189D-034B-4429-BE55-38B7E29B7FB1}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe | 
"{EF8F4A7B-566C-4272-95EC-D5621BE87492}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe | 
"{F3A7A8B0-0048-47EE-AE46-FDCF552E546C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F97008F9-6F34-401F-B84D-2A6249B347F2}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{FD465F26-3BCF-464F-8669-02526BA473D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2654-4377-8F53-55F4-83B70EE44C73}" = CCC Help Dutch
"{01DD9D3D-FA8A-E148-008D-5CDF1BE8911F}" = CCC Help Korean
"{02F5BD83-B529-37E3-B5DF-32ABC7EC63C4}" = ccc-core-static
"{072224C5-0C98-0902-9A71-89D4A8F3E810}" = CCC Help Thai
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1229D58B-9185-4F85-71B2-4B34EBF8AD17}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{27C6CB2E-415B-6020-91FC-BA5CE3B912AC}" = CCC Help Russian
"{2889745F-A0E3-4C73-8318-B6C408B96E83}}_is1" = FOTOParadies
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{29656550-8463-258C-55BA-5C4F7950DBDE}" = CCC Help Portuguese
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{41B21B1F-950E-13FC-57C7-2AC44B196223}" = Catalyst Control Center Graphics Previews Vista
"{48D5DBBA-7B60-B832-59DB-BE252C2E5A23}" = CCC Help Finnish
"{490F45FA-738D-5D4A-6B9D-DC1373ACF794}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{53AFCE35-1653-91F4-8991-900731F32111}" = CCC Help Norwegian
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{568EF3B9-C672-E82A-BCD4-A88072578521}" = CCC Help Swedish
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{654733F2-22EC-776F-9C2D-CF3C4F578768}" = CCC Help Danish
"{67ABC7E8-A241-F90D-0B04-5BB03428AF96}" = CCC Help Greek
"{6AA30800-F713-BB43-EDA2-1C380FE7FD63}" = Catalyst Control Center Localization All
"{6F235FE4-8EC6-3FAB-1739-A434BFE76E27}" = CCC Help Chinese Standard
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{7DCB635C-D999-9496-A6D1-AAABD23A04FD}" = ATI AVIVO Codecs
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80827F8B-CBF5-FBF9-B91B-8DC58737A040}" = AMD Drag and Drop Transcoding
"{85090727-99E2-F1DC-1589-83D5AC986F3E}" = CCC Help Spanish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{936D2740-E38E-4977-B319-BB33587FCEAF}" = UpdateStar
"{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EEA437C-F436-755C-6B39-1840A33F45CF}" = Catalyst Control Center InstallProxy
"{A05EF3DC-AAFA-6903-433D-0F383F5F4EC3}" = CCC Help German
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A317EF8E-66FB-94B6-C4FA-96A0AED1AB2F}" = CCC Help Chinese Traditional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{B2AF5585-FACF-7760-5C68-F2DC6BBACE47}" = CCC Help Czech
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.9
"{BCA434F2-A541-F63E-890C-F5D14E5B33D0}" = CCC Help English
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C4406DB6-A28D-8047-7704-94A8DE7F6A68}" = CCC Help Hungarian
"{D5134D14-A38D-A217-4310-5C8B6DFA08D0}" = HydraVision
"{D79E2563-3FDD-0A62-187A-5BE5F920F317}" = CCC Help Turkish
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F538505D-D29C-6259-682C-E607D659B4B4}" = Catalyst Control Center Graphics Previews Common
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F768C380-A17C-B2DE-77CC-AB35434BE818}" = ccc-utility
"{F820F894-EC5F-D52A-F862-5B472EAFE69A}" = CCC Help French
"{FBD77AF9-B6DA-7383-14D8-FDC7CEBD2ADC}" = ATI Catalyst Install Manager
"{FFB4E67D-DEF9-30BC-39F6-E9C1B05539F9}" = CCC Help Japanese
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVI Media Player_is1" = AVI Media Player 1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BearShare" = BearShare
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CyberGhost VPN_is1" = CyberGhost VPN Patch 4.7.19
"DesktopIconAmazon" = Desktop Icon für Amazon
"DivX Setup" = DivX-Setup
"dm Digi Foto" = dm Digi Foto
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"loadtbs-2.1" = loadtbs-2.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Ravensburger tiptoi" = Ravensburger tiptoi
"SearchAnonymizer" = SearchAnonymizer
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"Senseless.TV Video Plugin" = Senseless.TV Video Plugin 1.0
"Tor" = Tor (remove only)
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"vShare" = vShare Plugin
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.01.2013 16:39:28 | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a2f9e3  Name des fehlerhaften Moduls: IEBHO.dll, Version: 1.0.0.1,
 Zeitstempel: 0x4d8b38b7  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x000419ad  ID des fehlerhaften
 Prozesses: 0xf9c  Startzeit der fehlerhaften Anwendung: 0x01cdf03bba000d70  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll  Berichtskennung: fe273a92-5c2e-11e2-adaf-1c6f6546502c
 
Error - 11.01.2013 18:08:55 | Computer Name = Computer | Source = System Restore | ID = 8200
Description = 
 
Error - 11.01.2013 18:09:35 | Computer Name = Computer | Source = System Restore | ID = 8200
Description = 
 
Error - 11.01.2013 18:11:08 | Computer Name = Computer | Source = System Restore | ID = 8200
Description = 
 
Error - 11.01.2013 18:14:01 | Computer Name = Computer | Source = System Restore | ID = 8200
Description = 
 
Error - 11.01.2013 18:14:49 | Computer Name = Computer | Source = System Restore | ID = 8200
Description = 
 
Error - 12.01.2013 12:49:46 | Computer Name = Computer | Source = Application Hang | ID = 1002
Description = Programm Integrator.exe, Version 10.0.4600.4 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 8e8    Startzeit: 01cdf0e46b6f3868    Endzeit: 5    Anwendungspfad: C:\Program
 Files\TuneUp Utilities 2011\Integrator.exe    Berichts-ID:   
 
Error - 13.01.2013 09:38:01 | Computer Name = Computer | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 49c    Startzeit: 01cdf1829c6f9346    Endzeit: 10    Anwendungspfad: 
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 7035938d-5d86-11e2-8e00-1c6f6546502c

 
Error - 14.01.2013 12:34:56 | Computer Name = Computer | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: d70    Startzeit: 01cdf273c0a23321    Endzeit: 15    Anwendungspfad: 
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 51178f71-5e68-11e2-b240-1c6f6546502c

 
Error - 14.01.2013 12:35:44 | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a2f9e3  Name des fehlerhaften Moduls: MSHTML.dll, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a30507  Ausnahmecode: 0xc0000005  Fehleroffset: 0x005e3399  ID des fehlerhaften
 Prozesses: 0xb60  Startzeit der fehlerhaften Anwendung: 0x01cdf2751843317d  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\system32\MSHTML.dll  Berichtskennung: 70cbe4e7-5e68-11e2-b240-1c6f6546502c
 
[ Spybot - Search and Destroy Events ]
Error - 30.11.2012 15:59:22 | Computer Name = Computer | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 11.01.2013 17:39:58 | Computer Name = Computer | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 12.01.2013 05:30:22 | Computer Name = Computer | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 15.01.2013 15:58:57 | Computer Name = Computer | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 15.01.2013 16:02:26 | Computer Name = Computer | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 15.01.2013 16:03:56 | Computer Name = Computer | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 15.01.2013 16:03:56 | Computer Name = Computer | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 15.01.2013 16:03:56 | Computer Name = Computer | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 15.01.2013 16:03:56 | Computer Name = Computer | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 15.01.2013 16:03:57 | Computer Name = Computer | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 15.01.2013 16:03:57 | Computer Name = Computer | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 15.01.2013 16:03:57 | Computer Name = Computer | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 15.01.2013 16:03:57 | Computer Name = Computer | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
 
< End of report >
         

Alt 16.01.2013, 13:39   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner legt Computer lahm - Standard

GVU Trojaner legt Computer lahm



Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.01.2013, 18:25   #9
sschmidt
 
GVU Trojaner legt Computer lahm - Standard

GVU Trojaner legt Computer lahm



so jetzt hat das Tool diverse Mailware entfernt.
Anbei die Logfile.

Gruß
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.17.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: COMPUTER [administrator]

17.01.2013 18:54:24
mbar-log-2013-01-17 (18-54-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27917
Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 21
HKLM\SOFTWARE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{DB1F5554-582C-4F53-82CC-458D2C04A2F1} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}\INPROCSERVER32 (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\loadtbs-2.1 (PUP.LoadTubes) -> Delete on reboot.

Registry Values Detected: 3
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: VShareTB -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data:  -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Data:  -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
c:\Users\User\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Delete on reboot.
c:\Users\User\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Delete on reboot.

Files Detected: 18
c:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Delete on reboot.
c:\Users\User\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\Plugins\npmieze.dll (PUP.LoadTubes) -> Delete on reboot.
c:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Delete on reboot.
c:\Users\User\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\User\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\User\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\User\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\User\AppData\Roaming\loadtbs\ffmpeg.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Users\User\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\User\AppData\Roaming\loadtbs\toolbar.dll (PUP.LoadTubes) -> Delete on reboot.
c:\Users\User\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Users\User\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\User\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Delete on reboot.
c:\Users\User\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Delete on reboot.
c:\Users\User\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Delete on reboot.
c:\Users\User\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Delete on reboot.
c:\Users\User\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Delete on reboot.

(end)
         

Alt 18.01.2013, 11:10   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner legt Computer lahm - Standard

GVU Trojaner legt Computer lahm



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.01.2013, 15:56   #11
sschmidt
 
GVU Trojaner legt Computer lahm - Standard

GVU Trojaner legt Computer lahm



Sorry, dass ich mich erst jetzt melde. Mein Urlaub ist rum und ich kann nur noch am WE am PC weiterarbeiten....
Anbei die Protokolle vom aswMBR/TDSS.
Der TDSS hat was kleines gefunden. habe dann SKIP gemacht.
Gruß
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-19 11:35:42
-----------------------------
11:35:42.522    OS Version: Windows 6.1.7601 Service Pack 1
11:35:42.522    Number of processors: 4 586 0x503
11:35:42.522    ComputerName: COMPUTER  UserName: User
11:36:02.152    Initialize success
11:41:32.443    AVAST engine defs: 13011900
11:44:58.693    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
11:44:58.703    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
11:44:58.713    Disk 0 MBR read successfully
11:44:58.723    Disk 0 MBR scan
11:44:58.743    Disk 0 Windows 7 default MBR code
11:44:58.753    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
11:44:58.773    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        59899 MB offset 206848
11:44:58.803    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       416939 MB offset 122880000
11:44:58.823    Disk 0 scanning sectors +976771072
11:44:58.893    Disk 0 scanning C:\Windows\system32\drivers
11:45:07.247    Service scanning
11:45:24.689    Modules scanning
11:45:29.359    Disk 0 trace - called modules:
11:45:29.705    ntkrnlpa.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys halmacpi.dll amd_sata.sys ndis.sys 
11:45:29.721    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869b7ac8]
11:45:29.736    3 CLASSPNP.SYS[8c38959e] -> nt!IofCallDriver -> [0x8598e518]
11:45:29.743    5 amd_xata.sys[8bff28b2] -> nt!IofCallDriver -> \Device\00000060[0x8676bb60]
11:45:31.386    AVAST engine scan C:\Windows
11:45:33.046    AVAST engine scan C:\Windows\system32
11:47:38.600    AVAST engine scan C:\Windows\system32\drivers
11:47:49.080    AVAST engine scan C:\Users\User
11:56:18.761    AVAST engine scan C:\ProgramData
11:57:25.651    Scan finished successfully
13:04:55.766    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
13:04:55.776    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-19 13:06:45
-----------------------------
13:06:45.510    OS Version: Windows 6.1.7601 Service Pack 1
13:06:45.510    Number of processors: 4 586 0x503
13:06:45.511    ComputerName: COMPUTER  UserName: User
13:06:46.158    Initialize success
13:06:58.062    AVAST engine defs: 13011900
13:07:05.215    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-19 13:06:45
-----------------------------
13:06:45.510    OS Version: Windows 6.1.7601 Service Pack 1
13:06:45.510    Number of processors: 4 586 0x503
13:06:45.511    ComputerName: COMPUTER  UserName: User
13:06:46.158    Initialize success
13:06:58.062    AVAST engine defs: 13011900
13:07:05.215    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
13:07:27.539    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
13:07:27.546    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
13:07:27.562    Disk 0 MBR read successfully
13:07:27.571    Disk 0 MBR scan
13:07:27.584    Disk 0 Windows 7 default MBR code
13:07:27.602    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:07:27.614    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        59899 MB offset 206848
13:07:27.638    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       416939 MB offset 122880000
13:07:27.647    Disk 0 scanning sectors +976771072
13:07:27.730    Disk 0 scanning C:\Windows\system32\drivers
13:07:38.330    Service scanning
13:07:56.214    Modules scanning
13:08:03.167    Disk 0 trace - called modules:
13:08:03.187    ntkrnlpa.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys halmacpi.dll amd_sata.sys 
13:08:03.192    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869b7ac8]
13:08:03.196    3 CLASSPNP.SYS[8c38959e] -> nt!IofCallDriver -> [0x8598e518]
13:08:03.201    5 amd_xata.sys[8bff28b2] -> nt!IofCallDriver -> \Device\00000060[0x8676bb60]
13:08:04.252    AVAST engine scan C:\Windows
13:08:07.468    AVAST engine scan C:\Windows\system32
13:10:49.689    AVAST engine scan C:\Windows\system32\drivers
13:10:59.330    AVAST engine scan C:\Users\User
13:18:59.702    AVAST engine scan C:\ProgramData
13:19:47.711    Scan finished successfully
13:37:19.496    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
13:37:19.522    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-19 13:06:45
-----------------------------
13:06:45.510    OS Version: Windows 6.1.7601 Service Pack 1
13:06:45.510    Number of processors: 4 586 0x503
13:06:45.511    ComputerName: COMPUTER  UserName: User
13:06:46.158    Initialize success
13:06:58.062    AVAST engine defs: 13011900
13:07:05.215    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
13:07:27.539    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
13:07:27.546    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
13:07:27.562    Disk 0 MBR read successfully
13:07:27.571    Disk 0 MBR scan
13:07:27.584    Disk 0 Windows 7 default MBR code
13:07:27.602    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:07:27.614    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        59899 MB offset 206848
13:07:27.638    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       416939 MB offset 122880000
13:07:27.647    Disk 0 scanning sectors +976771072
13:07:27.730    Disk 0 scanning C:\Windows\system32\drivers
13:07:38.330    Service scanning
13:07:56.214    Modules scanning
13:08:03.167    Disk 0 trace - called modules:
13:08:03.187    ntkrnlpa.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys halmacpi.dll amd_sata.sys 
13:08:03.192    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869b7ac8]
13:08:03.196    3 CLASSPNP.SYS[8c38959e] -> nt!IofCallDriver -> [0x8598e518]
13:08:03.201    5 amd_xata.sys[8bff28b2] -> nt!IofCallDriver -> \Device\00000060[0x8676bb60]
13:08:04.252    AVAST engine scan C:\Windows
13:08:07.468    AVAST engine scan C:\Windows\system32
13:10:49.689    AVAST engine scan C:\Windows\system32\drivers
13:10:59.330    AVAST engine scan C:\Users\User
13:18:59.702    AVAST engine scan C:\ProgramData
13:19:47.711    Scan finished successfully
13:37:19.496    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
13:37:19.522    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
13:38:04.901    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
13:38:04.901    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
         


Code:
ATTFilter
16:52:05.0339 4940  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:52:05.0557 4940  ============================================================
16:52:05.0557 4940  Current date / time: 2013/01/27 16:52:05.0557
16:52:05.0557 4940  SystemInfo:
16:52:05.0557 4940  
16:52:05.0557 4940  OS Version: 6.1.7601 ServicePack: 1.0
16:52:05.0557 4940  Product type: Workstation
16:52:05.0557 4940  ComputerName: COMPUTER
16:52:05.0557 4940  UserName: User
16:52:05.0557 4940  Windows directory: C:\Windows
16:52:05.0557 4940  System windows directory: C:\Windows
16:52:05.0557 4940  Processor architecture: Intel x86
16:52:05.0557 4940  Number of processors: 4
16:52:05.0557 4940  Page size: 0x1000
16:52:05.0557 4940  Boot type: Normal boot
16:52:05.0557 4940  ============================================================
16:52:05.0916 4940  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:52:05.0931 4940  ============================================================
16:52:05.0931 4940  \Device\Harddisk0\DR0:
16:52:05.0931 4940  MBR partitions:
16:52:05.0931 4940  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:52:05.0931 4940  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x74FD800
16:52:05.0931 4940  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7530000, BlocksNum 0x32E55800
16:52:05.0931 4940  ============================================================
16:52:05.0963 4940  C: <-> \Device\Harddisk0\DR0\Partition2
16:52:05.0994 4940  D: <-> \Device\Harddisk0\DR0\Partition3
16:52:05.0994 4940  ============================================================
16:52:05.0994 4940  Initialize success
16:52:05.0994 4940  ============================================================
16:52:54.0042 2676  ============================================================
16:52:54.0042 2676  Scan started
16:52:54.0042 2676  Mode: Manual; SigCheck; TDLFS; 
16:52:54.0042 2676  ============================================================
16:52:55.0586 2676  ================ Scan system memory ========================
16:52:55.0586 2676  System memory - ok
16:52:55.0586 2676  ================ Scan services =============================
16:52:55.0742 2676  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:52:55.0836 2676  1394ohci - ok
16:52:55.0883 2676  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:52:55.0914 2676  ACPI - ok
16:52:55.0945 2676  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:52:55.0992 2676  AcpiPmi - ok
16:52:56.0117 2676  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:52:56.0132 2676  AdobeARMservice - ok
16:52:56.0195 2676  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:52:56.0226 2676  AdobeFlashPlayerUpdateSvc - ok
16:52:56.0304 2676  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:52:56.0351 2676  adp94xx - ok
16:52:56.0366 2676  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:52:56.0397 2676  adpahci - ok
16:52:56.0397 2676  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:52:56.0413 2676  adpu320 - ok
16:52:56.0460 2676  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:52:56.0538 2676  AeLookupSvc - ok
16:52:56.0600 2676  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
16:52:56.0647 2676  AFD - ok
16:52:56.0694 2676  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
16:52:56.0725 2676  agp440 - ok
16:52:56.0756 2676  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
16:52:56.0772 2676  aic78xx - ok
16:52:56.0803 2676  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
16:52:56.0834 2676  ALG - ok
16:52:56.0865 2676  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:52:56.0865 2676  aliide - ok
16:52:56.0912 2676  [ EC98CA8298F67926FA50876348534B1D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:52:56.0943 2676  AMD External Events Utility - ok
16:52:56.0959 2676  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:52:56.0959 2676  amdagp - ok
16:52:56.0975 2676  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:52:56.0990 2676  amdide - ok
16:52:57.0006 2676  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:52:57.0021 2676  AmdK8 - ok
16:52:57.0193 2676  [ 65B44179CF184B08E86097BFFBF03F24 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:52:57.0380 2676  amdkmdag - ok
16:52:57.0411 2676  [ 5E1C65524FF1713711CE27879D813384 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:52:57.0427 2676  amdkmdap - ok
16:52:57.0458 2676  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:52:57.0489 2676  AmdPPM - ok
16:52:57.0521 2676  [ 04B2587C961C084634054D60D3EB385B ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
16:52:57.0536 2676  amdsata - ok
16:52:57.0567 2676  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:52:57.0583 2676  amdsbs - ok
16:52:57.0614 2676  [ C078B06811670B90A52AE51AC3808E1E ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
16:52:57.0630 2676  amdxata - ok
16:52:57.0661 2676  [ BF3ACD11B5790916906B8AD5A1018D6F ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
16:52:57.0661 2676  amd_sata - ok
16:52:57.0708 2676  [ 86AEDB8BF368C132782251968F377519 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
16:52:57.0708 2676  amd_xata - ok
16:52:57.0786 2676  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:52:57.0817 2676  AntiVirSchedulerService - ok
16:52:57.0864 2676  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:52:57.0895 2676  AntiVirService - ok
16:52:57.0926 2676  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
16:52:57.0957 2676  AppID - ok
16:52:58.0020 2676  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:52:58.0082 2676  AppIDSvc - ok
16:52:58.0113 2676  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
16:52:58.0129 2676  Appinfo - ok
16:52:58.0160 2676  [ 75A8B998EB259DD512F01EA25BEC7F3B ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
16:52:58.0176 2676  AppleCharger - ok
16:52:58.0176 2676  [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
16:52:58.0176 2676  AppleChargerSrv - ok
16:52:58.0207 2676  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:52:58.0223 2676  arc - ok
16:52:58.0223 2676  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:52:58.0238 2676  arcsas - ok
16:52:58.0254 2676  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:52:58.0269 2676  AsyncMac - ok
16:52:58.0316 2676  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
16:52:58.0347 2676  atapi - ok
16:52:58.0394 2676  [ 7725AECCEDDF81BD8374C77157E450EA ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
16:52:58.0410 2676  AtiHDAudioService - ok
16:52:58.0457 2676  [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
16:52:58.0472 2676  AtiPcie - ok
16:52:58.0535 2676  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:52:58.0628 2676  AudioEndpointBuilder - ok
16:52:58.0628 2676  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:52:58.0659 2676  Audiosrv - ok
16:52:58.0706 2676  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:52:58.0722 2676  avgntflt - ok
16:52:58.0769 2676  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:52:58.0784 2676  avipbb - ok
16:52:58.0784 2676  [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:52:58.0800 2676  avkmgr - ok
16:52:58.0831 2676  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:52:58.0893 2676  AxInstSV - ok
16:52:58.0925 2676  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
16:52:58.0971 2676  b06bdrv - ok
16:52:58.0987 2676  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:52:59.0003 2676  b57nd60x - ok
16:52:59.0034 2676  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:52:59.0081 2676  BDESVC - ok
16:52:59.0096 2676  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:52:59.0127 2676  Beep - ok
16:52:59.0159 2676  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
16:52:59.0190 2676  BFE - ok
16:52:59.0252 2676  [ 8DC837789BBF0E1BEF252A8F7C101F7B ] BingDesktopUpdate C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
16:52:59.0283 2676  BingDesktopUpdate - ok
16:52:59.0315 2676  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
16:52:59.0346 2676  BITS - ok
16:52:59.0377 2676  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:52:59.0393 2676  blbdrive - ok
16:52:59.0424 2676  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:52:59.0455 2676  bowser - ok
16:52:59.0471 2676  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:52:59.0502 2676  BrFiltLo - ok
16:52:59.0502 2676  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:52:59.0517 2676  BrFiltUp - ok
16:52:59.0549 2676  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
16:52:59.0595 2676  Browser - ok
16:52:59.0611 2676  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:52:59.0658 2676  Brserid - ok
16:52:59.0673 2676  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:52:59.0705 2676  BrSerWdm - ok
16:52:59.0720 2676  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:52:59.0736 2676  BrUsbMdm - ok
16:52:59.0751 2676  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:52:59.0767 2676  BrUsbSer - ok
16:52:59.0783 2676  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:52:59.0798 2676  BTHMODEM - ok
16:52:59.0830 2676  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
16:52:59.0876 2676  bthserv - ok
16:52:59.0892 2676  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:52:59.0923 2676  cdfs - ok
16:52:59.0939 2676  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:52:59.0970 2676  cdrom - ok
16:52:59.0986 2676  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:53:00.0064 2676  CertPropSvc - ok
16:53:00.0204 2676  [ 213B6EC3DE19E35373A1906397588429 ] CGVPNCliSrvc    C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
16:53:00.0282 2676  CGVPNCliSrvc - ok
16:53:00.0298 2676  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:53:00.0329 2676  circlass - ok
16:53:00.0360 2676  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
16:53:00.0391 2676  CLFS - ok
16:53:00.0454 2676  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:53:00.0485 2676  clr_optimization_v2.0.50727_32 - ok
16:53:00.0532 2676  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:53:00.0578 2676  clr_optimization_v4.0.30319_32 - ok
16:53:00.0594 2676  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:53:00.0610 2676  CmBatt - ok
16:53:00.0625 2676  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:53:00.0641 2676  cmdide - ok
16:53:00.0672 2676  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:53:00.0703 2676  CNG - ok
16:53:00.0703 2676  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:53:00.0719 2676  Compbatt - ok
16:53:00.0734 2676  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:53:00.0750 2676  CompositeBus - ok
16:53:00.0766 2676  COMSysApp - ok
16:53:00.0766 2676  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:53:00.0781 2676  crcdisk - ok
16:53:00.0812 2676  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:53:00.0828 2676  CryptSvc - ok
16:53:00.0859 2676  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:53:00.0922 2676  DcomLaunch - ok
16:53:00.0953 2676  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:53:00.0984 2676  defragsvc - ok
16:53:01.0015 2676  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:53:01.0062 2676  DfsC - ok
16:53:01.0093 2676  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:53:01.0124 2676  Dhcp - ok
16:53:01.0156 2676  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
16:53:01.0202 2676  discache - ok
16:53:01.0218 2676  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:53:01.0234 2676  Disk - ok
16:53:01.0265 2676  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:53:01.0312 2676  Dnscache - ok
16:53:01.0343 2676  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:53:01.0390 2676  dot3svc - ok
16:53:01.0421 2676  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
16:53:01.0468 2676  DPS - ok
16:53:01.0483 2676  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:53:01.0514 2676  drmkaud - ok
16:53:01.0530 2676  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:53:01.0561 2676  DXGKrnl - ok
16:53:01.0592 2676  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
16:53:01.0655 2676  EapHost - ok
16:53:01.0733 2676  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
16:53:01.0842 2676  ebdrv - ok
16:53:01.0858 2676  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
16:53:01.0904 2676  EFS - ok
16:53:01.0967 2676  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:53:02.0014 2676  ehRecvr - ok
16:53:02.0029 2676  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
16:53:02.0092 2676  ehSched - ok
16:53:02.0123 2676  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:53:02.0138 2676  elxstor - ok
16:53:02.0170 2676  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:53:02.0185 2676  ErrDev - ok
16:53:02.0216 2676  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
16:53:02.0263 2676  EventSystem - ok
16:53:02.0279 2676  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
16:53:02.0310 2676  exfat - ok
16:53:02.0326 2676  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:53:02.0341 2676  fastfat - ok
16:53:02.0372 2676  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
16:53:02.0404 2676  Fax - ok
16:53:02.0419 2676  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:53:02.0435 2676  fdc - ok
16:53:02.0466 2676  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
16:53:02.0482 2676  fdPHost - ok
16:53:02.0482 2676  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
16:53:02.0513 2676  FDResPub - ok
16:53:02.0528 2676  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:53:02.0528 2676  FileInfo - ok
16:53:02.0544 2676  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:53:02.0575 2676  Filetrace - ok
16:53:02.0591 2676  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:53:02.0606 2676  flpydisk - ok
16:53:02.0622 2676  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:53:02.0638 2676  FltMgr - ok
16:53:02.0669 2676  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
16:53:02.0700 2676  FontCache - ok
16:53:02.0747 2676  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:53:02.0762 2676  FontCache3.0.0.0 - ok
16:53:02.0778 2676  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:53:02.0809 2676  FsDepends - ok
16:53:02.0840 2676  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:53:02.0872 2676  Fs_Rec - ok
16:53:02.0903 2676  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:53:02.0950 2676  fvevol - ok
16:53:02.0965 2676  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:53:02.0981 2676  gagp30kx - ok
16:53:03.0028 2676  [ D556CB79967E92B5CC69686D16C1D846 ] gdrv            C:\Windows\gdrv.sys
16:53:03.0043 2676  gdrv - ok
16:53:03.0074 2676  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:53:03.0121 2676  gpsvc - ok
16:53:03.0199 2676  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:53:03.0230 2676  gupdate - ok
16:53:03.0230 2676  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:53:03.0246 2676  gupdatem - ok
16:53:03.0277 2676  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:53:03.0308 2676  hcw85cir - ok
16:53:03.0340 2676  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:53:03.0355 2676  HdAudAddService - ok
16:53:03.0371 2676  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:53:03.0402 2676  HDAudBus - ok
16:53:03.0418 2676  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:53:03.0433 2676  HidBatt - ok
16:53:03.0449 2676  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:53:03.0480 2676  HidBth - ok
16:53:03.0496 2676  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:53:03.0511 2676  HidIr - ok
16:53:03.0542 2676  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
16:53:03.0589 2676  hidserv - ok
16:53:03.0636 2676  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
16:53:03.0652 2676  HidUsb - ok
16:53:03.0683 2676  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:53:03.0714 2676  hkmsvc - ok
16:53:03.0745 2676  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:53:03.0792 2676  HomeGroupListener - ok
16:53:03.0823 2676  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:53:03.0839 2676  HomeGroupProvider - ok
16:53:03.0870 2676  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:53:03.0886 2676  HpSAMD - ok
16:53:03.0917 2676  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:53:03.0964 2676  HTTP - ok
16:53:03.0979 2676  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:53:03.0995 2676  hwpolicy - ok
16:53:03.0995 2676  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:53:04.0010 2676  i8042prt - ok
16:53:04.0042 2676  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:53:04.0042 2676  iaStorV - ok
16:53:04.0088 2676  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:53:04.0135 2676  idsvc - ok
16:53:04.0166 2676  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:53:04.0182 2676  iirsp - ok
16:53:04.0213 2676  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:53:04.0260 2676  IKEEXT - ok
16:53:04.0369 2676  [ 5A4AAD2240CB8B50FFEAEDB2BF747ABD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:53:04.0463 2676  IntcAzAudAddService - ok
16:53:04.0463 2676  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:53:04.0478 2676  intelide - ok
16:53:04.0510 2676  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:53:04.0541 2676  intelppm - ok
16:53:04.0572 2676  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:53:04.0603 2676  IPBusEnum - ok
16:53:04.0619 2676  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:53:04.0650 2676  IpFilterDriver - ok
16:53:04.0681 2676  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:53:04.0697 2676  iphlpsvc - ok
16:53:04.0728 2676  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:53:04.0759 2676  IPMIDRV - ok
16:53:04.0775 2676  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:53:04.0822 2676  IPNAT - ok
16:53:04.0837 2676  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:53:04.0853 2676  IRENUM - ok
16:53:04.0853 2676  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:53:04.0868 2676  isapnp - ok
16:53:04.0884 2676  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:53:04.0900 2676  iScsiPrt - ok
16:53:04.0946 2676  [ F3A41EC4C6506E76E07A219B3A1DF8D2 ] JMB36X          C:\Windows\System32\XSrvSetup.exe
16:53:04.0978 2676  JMB36X - ok
16:53:05.0009 2676  [ 6242E8DD2E43E8A0DDA517D62C9680E6 ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
16:53:05.0024 2676  JRAID - ok
16:53:05.0056 2676  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
16:53:05.0056 2676  kbdclass - ok
16:53:05.0087 2676  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:53:05.0118 2676  kbdhid - ok
16:53:05.0134 2676  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
16:53:05.0149 2676  KeyIso - ok
16:53:05.0165 2676  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:53:05.0180 2676  KSecDD - ok
16:53:05.0212 2676  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:53:05.0243 2676  KSecPkg - ok
16:53:05.0274 2676  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:53:05.0336 2676  KtmRm - ok
16:53:05.0368 2676  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:53:05.0399 2676  LanmanServer - ok
16:53:05.0414 2676  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:53:05.0446 2676  LanmanWorkstation - ok
16:53:05.0492 2676  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:53:05.0524 2676  lltdio - ok
16:53:05.0555 2676  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:53:05.0586 2676  lltdsvc - ok
16:53:05.0602 2676  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:53:05.0617 2676  lmhosts - ok
16:53:05.0633 2676  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:53:05.0648 2676  LSI_FC - ok
16:53:05.0664 2676  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:53:05.0664 2676  LSI_SAS - ok
16:53:05.0680 2676  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:53:05.0680 2676  LSI_SAS2 - ok
16:53:05.0695 2676  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:53:05.0695 2676  LSI_SCSI - ok
16:53:05.0711 2676  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
16:53:05.0726 2676  luafv - ok
16:53:05.0758 2676  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:53:05.0773 2676  Mcx2Svc - ok
16:53:05.0773 2676  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:53:05.0789 2676  megasas - ok
16:53:05.0804 2676  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:53:05.0820 2676  MegaSR - ok
16:53:05.0836 2676  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
16:53:05.0867 2676  MMCSS - ok
16:53:05.0882 2676  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
16:53:05.0914 2676  Modem - ok
16:53:05.0945 2676  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:53:05.0960 2676  monitor - ok
16:53:05.0976 2676  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
16:53:05.0976 2676  mouclass - ok
16:53:05.0992 2676  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:53:06.0007 2676  mouhid - ok
16:53:06.0038 2676  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:53:06.0038 2676  mountmgr - ok
16:53:06.0085 2676  [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:53:06.0116 2676  MozillaMaintenance - ok
16:53:06.0132 2676  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:53:06.0148 2676  mpio - ok
16:53:06.0163 2676  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:53:06.0194 2676  mpsdrv - ok
16:53:06.0226 2676  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:53:06.0257 2676  MpsSvc - ok
16:53:06.0288 2676  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:53:06.0304 2676  MRxDAV - ok
16:53:06.0335 2676  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:53:06.0350 2676  mrxsmb - ok
16:53:06.0366 2676  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:53:06.0397 2676  mrxsmb10 - ok
16:53:06.0413 2676  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:53:06.0413 2676  mrxsmb20 - ok
16:53:06.0444 2676  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
16:53:06.0444 2676  msahci - ok
16:53:06.0460 2676  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:53:06.0475 2676  msdsm - ok
16:53:06.0491 2676  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
16:53:06.0506 2676  MSDTC - ok
16:53:06.0553 2676  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:53:06.0569 2676  Msfs - ok
16:53:06.0584 2676  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:53:06.0616 2676  mshidkmdf - ok
16:53:06.0631 2676  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:53:06.0647 2676  msisadrv - ok
16:53:06.0678 2676  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:53:06.0756 2676  MSiSCSI - ok
16:53:06.0772 2676  msiserver - ok
16:53:06.0787 2676  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:53:06.0850 2676  MSKSSRV - ok
16:53:06.0865 2676  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:53:06.0912 2676  MSPCLOCK - ok
16:53:06.0912 2676  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:53:06.0943 2676  MSPQM - ok
16:53:06.0959 2676  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:53:06.0959 2676  MsRPC - ok
16:53:06.0990 2676  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:53:06.0990 2676  mssmbios - ok
16:53:07.0006 2676  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:53:07.0021 2676  MSTEE - ok
16:53:07.0021 2676  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:53:07.0037 2676  MTConfig - ok
16:53:07.0052 2676  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:53:07.0068 2676  Mup - ok
16:53:07.0084 2676  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
16:53:07.0115 2676  napagent - ok
16:53:07.0146 2676  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:53:07.0162 2676  NativeWifiP - ok
16:53:07.0208 2676  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:53:07.0240 2676  NDIS - ok
16:53:07.0271 2676  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:53:07.0302 2676  NdisCap - ok
16:53:07.0333 2676  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:53:07.0380 2676  NdisTapi - ok
16:53:07.0411 2676  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:53:07.0442 2676  Ndisuio - ok
16:53:07.0458 2676  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:53:07.0474 2676  NdisWan - ok
16:53:07.0489 2676  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:53:07.0520 2676  NDProxy - ok
16:53:07.0520 2676  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:53:07.0536 2676  NetBIOS - ok
16:53:07.0567 2676  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:53:07.0598 2676  NetBT - ok
16:53:07.0614 2676  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
16:53:07.0614 2676  Netlogon - ok
16:53:07.0645 2676  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
16:53:07.0676 2676  Netman - ok
16:53:07.0692 2676  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
16:53:07.0723 2676  netprofm - ok
16:53:07.0786 2676  [ EFD7C94281882CBBA8EC1B967E9F73D8 ] netr28u         C:\Windows\system32\DRIVERS\netr28u.sys
16:53:07.0817 2676  netr28u - ok
16:53:07.0832 2676  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:53:07.0832 2676  NetTcpPortSharing - ok
16:53:07.0864 2676  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:53:07.0864 2676  nfrd960 - ok
16:53:07.0895 2676  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:53:07.0926 2676  NlaSvc - ok
16:53:07.0957 2676  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:53:07.0973 2676  Npfs - ok
16:53:07.0988 2676  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
16:53:08.0004 2676  nsi - ok
16:53:08.0020 2676  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:53:08.0082 2676  nsiproxy - ok
16:53:08.0113 2676  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:53:08.0144 2676  Ntfs - ok
16:53:08.0160 2676  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
16:53:08.0191 2676  Null - ok
16:53:08.0207 2676  [ 68C890DDB21028CB1EA5551B47B29E1B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
16:53:08.0207 2676  nusb3hub - ok
16:53:08.0222 2676  [ 2CF970C1A9E05D3B91039C2DD4471C0E ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:53:08.0238 2676  nusb3xhc - ok
16:53:08.0269 2676  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:53:08.0285 2676  nvraid - ok
16:53:08.0285 2676  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:53:08.0300 2676  nvstor - ok
16:53:08.0316 2676  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:53:08.0316 2676  nv_agp - ok
16:53:08.0332 2676  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:53:08.0347 2676  ohci1394 - ok
16:53:08.0378 2676  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:53:08.0410 2676  p2pimsvc - ok
16:53:08.0441 2676  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:53:08.0441 2676  p2psvc - ok
16:53:08.0488 2676  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:53:08.0519 2676  Parport - ok
16:53:08.0534 2676  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:53:08.0550 2676  partmgr - ok
16:53:08.0566 2676  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
16:53:08.0597 2676  Parvdm - ok
16:53:08.0597 2676  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:53:08.0628 2676  PcaSvc - ok
16:53:08.0644 2676  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
16:53:08.0644 2676  pci - ok
16:53:08.0675 2676  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
16:53:08.0675 2676  pciide - ok
16:53:08.0690 2676  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:53:08.0706 2676  pcmcia - ok
16:53:08.0706 2676  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
16:53:08.0722 2676  pcw - ok
16:53:08.0737 2676  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:53:08.0753 2676  PEAUTH - ok
16:53:08.0815 2676  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
16:53:08.0862 2676  pla - ok
16:53:08.0909 2676  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:53:08.0956 2676  PlugPlay - ok
16:53:08.0971 2676  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:53:09.0002 2676  PNRPAutoReg - ok
16:53:09.0018 2676  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:53:09.0034 2676  PNRPsvc - ok
16:53:09.0049 2676  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:53:09.0080 2676  PolicyAgent - ok
16:53:09.0112 2676  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
16:53:09.0127 2676  Power - ok
16:53:09.0158 2676  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:53:09.0190 2676  PptpMiniport - ok
16:53:09.0205 2676  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:53:09.0221 2676  Processor - ok
16:53:09.0252 2676  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
16:53:09.0283 2676  ProfSvc - ok
16:53:09.0299 2676  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:53:09.0299 2676  ProtectedStorage - ok
16:53:09.0330 2676  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:53:09.0346 2676  Psched - ok
16:53:09.0377 2676  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:53:09.0408 2676  ql2300 - ok
16:53:09.0424 2676  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:53:09.0424 2676  ql40xx - ok
16:53:09.0455 2676  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
16:53:09.0486 2676  QWAVE - ok
16:53:09.0502 2676  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:53:09.0502 2676  QWAVEdrv - ok
16:53:09.0517 2676  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:53:09.0548 2676  RasAcd - ok
16:53:09.0564 2676  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:53:09.0595 2676  RasAgileVpn - ok
16:53:09.0595 2676  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
16:53:09.0626 2676  RasAuto - ok
16:53:09.0626 2676  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:53:09.0658 2676  Rasl2tp - ok
16:53:09.0689 2676  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
16:53:09.0720 2676  RasMan - ok
16:53:09.0720 2676  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:53:09.0751 2676  RasPppoe - ok
16:53:09.0782 2676  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:53:09.0814 2676  RasSstp - ok
16:53:09.0829 2676  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:53:09.0845 2676  rdbss - ok
16:53:09.0860 2676  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:53:09.0876 2676  rdpbus - ok
16:53:09.0892 2676  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:53:09.0923 2676  RDPCDD - ok
16:53:09.0938 2676  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:53:09.0954 2676  RDPENCDD - ok
16:53:09.0954 2676  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:53:09.0970 2676  RDPREFMP - ok
16:53:10.0048 2676  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:53:10.0094 2676  RdpVideoMiniport - ok
16:53:10.0126 2676  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:53:10.0157 2676  RDPWD - ok
16:53:10.0188 2676  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:53:10.0204 2676  rdyboost - ok
16:53:10.0235 2676  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:53:10.0282 2676  RemoteAccess - ok
16:53:10.0297 2676  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:53:10.0328 2676  RemoteRegistry - ok
16:53:10.0360 2676  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:53:10.0375 2676  RpcEptMapper - ok
16:53:10.0391 2676  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
16:53:10.0422 2676  RpcLocator - ok
16:53:10.0453 2676  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
16:53:10.0500 2676  RpcSs - ok
16:53:10.0547 2676  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:53:10.0594 2676  rspndr - ok
16:53:10.0640 2676  [ 2FD0636A8A3E8B2D0FEF07D48CFBA7A2 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
16:53:10.0656 2676  RTHDMIAzAudService - ok
16:53:10.0672 2676  [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
16:53:10.0687 2676  RTL8167 - ok
16:53:10.0703 2676  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
16:53:10.0718 2676  SamSs - ok
16:53:10.0750 2676  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:53:10.0765 2676  sbp2port - ok
16:53:10.0781 2676  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:53:10.0812 2676  SCardSvr - ok
16:53:10.0843 2676  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:53:10.0859 2676  scfilter - ok
16:53:10.0890 2676  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
16:53:10.0921 2676  Schedule - ok
16:53:10.0937 2676  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:53:10.0968 2676  SCPolicySvc - ok
16:53:10.0984 2676  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:53:11.0030 2676  SDRSVC - ok
16:53:11.0108 2676  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
16:53:11.0140 2676  SDScannerService - ok
16:53:11.0186 2676  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
16:53:11.0202 2676  SDUpdateService - ok
16:53:11.0233 2676  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
16:53:11.0264 2676  SDWSCService - ok
16:53:11.0358 2676  [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\User\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
16:53:11.0389 2676  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
16:53:11.0389 2676  SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
16:53:11.0420 2676  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:53:11.0498 2676  secdrv - ok
16:53:11.0514 2676  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
16:53:11.0545 2676  seclogon - ok
16:53:11.0561 2676  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
16:53:11.0608 2676  SENS - ok
16:53:11.0623 2676  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:53:11.0654 2676  SensrSvc - ok
16:53:11.0686 2676  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:53:11.0717 2676  Serenum - ok
16:53:11.0748 2676  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:53:11.0764 2676  Serial - ok
16:53:11.0795 2676  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:53:11.0810 2676  sermouse - ok
16:53:11.0842 2676  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:53:11.0873 2676  SessionEnv - ok
16:53:11.0888 2676  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:53:11.0935 2676  sffdisk - ok
16:53:11.0935 2676  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:53:11.0966 2676  sffp_mmc - ok
16:53:11.0982 2676  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:53:11.0998 2676  sffp_sd - ok
16:53:12.0013 2676  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:53:12.0013 2676  sfloppy - ok
16:53:12.0044 2676  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:53:12.0091 2676  SharedAccess - ok
16:53:12.0122 2676  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:53:12.0138 2676  ShellHWDetection - ok
16:53:12.0169 2676  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:53:12.0169 2676  sisagp - ok
16:53:12.0200 2676  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:53:12.0200 2676  SiSRaid2 - ok
16:53:12.0216 2676  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:53:12.0232 2676  SiSRaid4 - ok
16:53:12.0247 2676  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:53:12.0263 2676  Smb - ok
16:53:12.0294 2676  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:53:12.0310 2676  SNMPTRAP - ok
16:53:12.0310 2676  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:53:12.0325 2676  spldr - ok
16:53:12.0341 2676  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
16:53:12.0372 2676  Spooler - ok
16:53:12.0450 2676  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:53:12.0528 2676  sppsvc - ok
16:53:12.0544 2676  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:53:12.0575 2676  sppuinotify - ok
16:53:12.0606 2676  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:53:12.0622 2676  srv - ok
16:53:12.0637 2676  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:53:12.0653 2676  srv2 - ok
16:53:12.0668 2676  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:53:12.0684 2676  srvnet - ok
16:53:12.0700 2676  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:53:12.0731 2676  SSDPSRV - ok
16:53:12.0778 2676  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
16:53:12.0793 2676  ssmdrv - ok
16:53:12.0809 2676  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:53:12.0856 2676  SstpSvc - ok
16:53:12.0871 2676  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:53:12.0887 2676  stexstor - ok
16:53:12.0918 2676  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
16:53:12.0980 2676  StiSvc - ok
16:53:13.0012 2676  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:53:13.0027 2676  swenum - ok
16:53:13.0043 2676  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
16:53:13.0074 2676  swprv - ok
16:53:13.0105 2676  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
16:53:13.0152 2676  SysMain - ok
16:53:13.0168 2676  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:53:13.0199 2676  TabletInputService - ok
16:53:13.0230 2676  [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
16:53:13.0246 2676  tap0901 - ok
16:53:13.0277 2676  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:53:13.0308 2676  TapiSrv - ok
16:53:13.0324 2676  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
16:53:13.0355 2676  TBS - ok
16:53:13.0402 2676  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:53:13.0433 2676  Tcpip - ok
16:53:13.0464 2676  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:53:13.0480 2676  TCPIP6 - ok
16:53:13.0495 2676  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:53:13.0511 2676  tcpipreg - ok
16:53:13.0526 2676  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:53:13.0558 2676  TDPIPE - ok
16:53:13.0589 2676  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:53:13.0620 2676  TDTCP - ok
16:53:13.0636 2676  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:53:13.0682 2676  tdx - ok
16:53:13.0698 2676  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:53:13.0714 2676  TermDD - ok
16:53:13.0729 2676  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
16:53:13.0776 2676  TermService - ok
16:53:13.0807 2676  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
16:53:13.0823 2676  Themes - ok
16:53:13.0838 2676  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
16:53:13.0854 2676  THREADORDER - ok
16:53:13.0870 2676  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
16:53:13.0885 2676  TrkWks - ok
16:53:13.0948 2676  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:53:14.0010 2676  TrustedInstaller - ok
16:53:14.0026 2676  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:53:14.0057 2676  tssecsrv - ok
16:53:14.0088 2676  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:53:14.0135 2676  TsUsbFlt - ok
16:53:14.0228 2676  [ 876A1FE7A7CA957E84C3AF797F2E7FC5 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
16:53:14.0260 2676  TuneUp.UtilitiesSvc - ok
16:53:14.0306 2676  [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
16:53:14.0322 2676  TuneUpUtilitiesDrv - ok
16:53:14.0353 2676  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:53:14.0400 2676  tunnel - ok
16:53:14.0431 2676  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:53:14.0431 2676  uagp35 - ok
16:53:14.0462 2676  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:53:14.0494 2676  udfs - ok
16:53:14.0509 2676  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:53:14.0540 2676  UI0Detect - ok
16:53:14.0572 2676  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:53:14.0572 2676  uliagpkx - ok
16:53:14.0587 2676  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
16:53:14.0603 2676  umbus - ok
16:53:14.0618 2676  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:53:14.0634 2676  UmPass - ok
16:53:14.0650 2676  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
16:53:14.0665 2676  upnphost - ok
16:53:14.0696 2676  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
16:53:14.0743 2676  usbccgp - ok
16:53:14.0774 2676  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:53:14.0806 2676  usbcir - ok
16:53:14.0837 2676  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:53:14.0837 2676  usbehci - ok
16:53:14.0868 2676  [ E5B14557793164DB879EE56F5B59C3E2 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
16:53:14.0884 2676  usbfilter - ok
16:53:14.0915 2676  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:53:14.0946 2676  usbhub - ok
16:53:14.0962 2676  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:53:14.0977 2676  usbohci - ok
16:53:15.0008 2676  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:53:15.0024 2676  usbprint - ok
16:53:15.0040 2676  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:53:15.0071 2676  USBSTOR - ok
16:53:15.0086 2676  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:53:15.0086 2676  usbuhci - ok
16:53:15.0118 2676  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
16:53:15.0149 2676  UxSms - ok
16:53:15.0180 2676  [ 907C6BCE7A235B128A585040B5E7D319 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
16:53:15.0211 2676  UxTuneUp - ok
16:53:15.0211 2676  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
16:53:15.0227 2676  VaultSvc - ok
16:53:15.0258 2676  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:53:15.0274 2676  vdrvroot - ok
16:53:15.0305 2676  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
16:53:15.0336 2676  vds - ok
16:53:15.0367 2676  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:53:15.0383 2676  vga - ok
16:53:15.0398 2676  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:53:15.0414 2676  VgaSave - ok
16:53:15.0445 2676  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:53:15.0476 2676  vhdmp - ok
16:53:15.0492 2676  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:53:15.0492 2676  viaagp - ok
16:53:15.0508 2676  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
16:53:15.0523 2676  ViaC7 - ok
16:53:15.0554 2676  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
16:53:15.0554 2676  viaide - ok
16:53:15.0570 2676  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:53:15.0586 2676  volmgr - ok
16:53:15.0586 2676  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:53:15.0601 2676  volmgrx - ok
16:53:15.0617 2676  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:53:15.0632 2676  volsnap - ok
16:53:15.0664 2676  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:53:15.0679 2676  vsmraid - ok
16:53:15.0710 2676  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
16:53:15.0742 2676  VSS - ok
16:53:15.0757 2676  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:53:15.0773 2676  vwifibus - ok
16:53:15.0788 2676  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:53:15.0820 2676  vwififlt - ok
16:53:15.0835 2676  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
16:53:15.0866 2676  W32Time - ok
16:53:15.0898 2676  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:53:15.0913 2676  WacomPen - ok
16:53:15.0929 2676  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:53:15.0960 2676  WANARP - ok
16:53:15.0960 2676  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:53:15.0976 2676  Wanarpv6 - ok
16:53:16.0038 2676  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:53:16.0085 2676  WatAdminSvc - ok
16:53:16.0116 2676  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
16:53:16.0147 2676  wbengine - ok
16:53:16.0178 2676  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:53:16.0194 2676  WbioSrvc - ok
16:53:16.0210 2676  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:53:16.0225 2676  wcncsvc - ok
16:53:16.0241 2676  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:53:16.0272 2676  WcsPlugInService - ok
16:53:16.0288 2676  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:53:16.0303 2676  Wd - ok
16:53:16.0319 2676  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:53:16.0334 2676  Wdf01000 - ok
16:53:16.0350 2676  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:53:16.0412 2676  WdiServiceHost - ok
16:53:16.0428 2676  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:53:16.0444 2676  WdiSystemHost - ok
16:53:16.0490 2676  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
16:53:16.0506 2676  WebClient - ok
16:53:16.0522 2676  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:53:16.0553 2676  Wecsvc - ok
16:53:16.0568 2676  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:53:16.0615 2676  wercplsupport - ok
16:53:16.0631 2676  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:53:16.0662 2676  WerSvc - ok
16:53:16.0678 2676  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:53:16.0693 2676  WfpLwf - ok
16:53:16.0709 2676  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:53:16.0709 2676  WIMMount - ok
16:53:16.0771 2676  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:53:16.0818 2676  WinDefend - ok
16:53:16.0818 2676  WinHttpAutoProxySvc - ok
16:53:16.0818 2676  Winmgmt - ok
16:53:16.0880 2676  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
16:53:16.0927 2676  WinRM - ok
16:53:16.0974 2676  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:53:17.0005 2676  Wlansvc - ok
16:53:17.0021 2676  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:53:17.0036 2676  WmiAcpi - ok
16:53:17.0083 2676  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:53:17.0114 2676  wmiApSrv - ok
16:53:17.0177 2676  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:53:17.0224 2676  WMPNetworkSvc - ok
16:53:17.0255 2676  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:53:17.0270 2676  WPCSvc - ok
16:53:17.0302 2676  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:53:17.0317 2676  WPDBusEnum - ok
16:53:17.0348 2676  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:53:17.0380 2676  ws2ifsl - ok
16:53:17.0395 2676  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:53:17.0411 2676  wscsvc - ok
16:53:17.0426 2676  WSearch - ok
16:53:17.0473 2676  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
16:53:17.0504 2676  wuauserv - ok
16:53:17.0536 2676  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:53:17.0567 2676  WudfPf - ok
16:53:17.0598 2676  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:53:17.0645 2676  WUDFRd - ok
16:53:17.0676 2676  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:53:17.0707 2676  wudfsvc - ok
16:53:17.0723 2676  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:53:17.0754 2676  WwanSvc - ok
16:53:17.0770 2676  ================ Scan global ===============================
16:53:17.0785 2676  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:53:17.0816 2676  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
16:53:17.0832 2676  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
16:53:17.0863 2676  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:53:17.0894 2676  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:53:17.0910 2676  [Global] - ok
16:53:17.0910 2676  ================ Scan MBR ==================================
16:53:17.0926 2676  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:53:18.0284 2676  \Device\Harddisk0\DR0 - ok
16:53:18.0284 2676  ================ Scan VBR ==================================
16:53:18.0300 2676  [ 62E36389B4AB94B4F994BD5259320E8F ] \Device\Harddisk0\DR0\Partition1
16:53:18.0300 2676  \Device\Harddisk0\DR0\Partition1 - ok
16:53:18.0331 2676  [ 802DC2DB9103BF46527FC6489DF14443 ] \Device\Harddisk0\DR0\Partition2
16:53:18.0331 2676  \Device\Harddisk0\DR0\Partition2 - ok
16:53:18.0347 2676  [ 815F969737D4E2A38C25724BE8CE4AE2 ] \Device\Harddisk0\DR0\Partition3
16:53:18.0362 2676  \Device\Harddisk0\DR0\Partition3 - ok
16:53:18.0362 2676  ============================================================
16:53:18.0362 2676  Scan finished
16:53:18.0362 2676  ============================================================
16:53:18.0378 0632  Detected object count: 1
16:53:18.0378 0632  Actual detected object count: 1
16:53:44.0446 0632  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:44.0446 0632  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 28.01.2013, 10:21   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner legt Computer lahm - Standard

GVU Trojaner legt Computer lahm



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.02.2013, 18:23   #13
sschmidt
 
GVU Trojaner legt Computer lahm - Standard

GVU Trojaner legt Computer lahm



Top! aktueller Stand:
- Microsoftsicherheitscenter geht wieder
- blöde Meldung von wegen Speicherplatz kommt nicht mehr

anbei das File von Comobfix
Gruß und bis nächstes WE

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-02-03.01 - User 03.02.2013  16:53:41.1.4 - x86
ausgeführt von:: c:\users\Sabine\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\desktop_65315180.ico
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-03 bis 2013-02-03  ))))))))))))))))))))))))))))))
.
.
2013-02-03 15:58 . 2013-02-03 16:06	--------	d-----w-	c:\users\User\AppData\Local\temp
2013-02-03 15:58 . 2013-02-03 15:58	--------	d-----w-	c:\users\Sabine\AppData\Local\temp
2013-02-02 21:35 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9EC8574-DD96-4C2C-8A43-EE05F5A99726}\mpengine.dll
2013-02-01 15:33 . 2012-11-22 09:50	92184	----a-w-	c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2013-01-25 10:45 . 2013-01-25 10:45	2551808	----a-w-	c:\programdata\Microsoft\BingDesktop\Updater\BingDesktop.msi
2013-01-18 10:22 . 2013-01-18 10:22	--------	d-----w-	C:\found.000
2013-01-17 17:46 . 2013-01-17 17:46	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-15 19:36 . 2013-01-12 02:30	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-01-11 22:45 . 2013-01-12 17:44	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2013-01-11 20:41 . 2013-01-11 20:41	2865	----a-w-	c:\programdata\dsgsdgdsgdsgw.js
2013-01-11 05:04 . 2013-01-11 05:04	--------	d-----w-	c:\program files\Mozilla Thunderbird
2013-01-09 21:04 . 2012-11-20 04:51	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 21:04 . 2012-11-22 04:45	626688	----a-w-	c:\windows\system32\usp10.dll
2013-01-09 21:04 . 2012-11-09 04:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 21:04 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 21:04 . 2012-11-23 02:56	2345984	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 21:04 . 2012-11-23 02:48	49152	----a-w-	c:\windows\system32\taskhost.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2010-10-31 08:17	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-09 20:48 . 2012-04-01 04:59	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-09 20:48 . 2011-05-14 05:07	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 14:13 . 2012-12-22 08:36	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:36	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-11 14:52 . 2012-12-02 15:18	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-11 14:52 . 2012-12-02 15:18	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-11-28 09:35 . 2012-05-12 20:57	859072	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-28 09:35 . 2010-11-03 21:17	779704	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-16 19:17 . 2012-12-02 15:18	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-14 02:09 . 2012-12-13 18:21	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 18:21	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 18:21	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 18:21	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 18:21	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 18:21	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-13 20:29 . 2012-11-13 20:29	354216	----a-w-	c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-09 04:42 . 2012-12-13 18:19	2048	----a-w-	c:\windows\system32\tzres.dll
2013-01-28 21:17 . 2013-01-28 21:17	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{991D97B8-F0D8-4EA1-9100-7A65EA2D3A63}]
2012-08-28 06:53	84840	----a-w-	c:\users\User\AppData\Roaming\SenselessTV\bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-03 9267816]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"Ocs_SM"="c:\users\User\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-08-21 106496]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2013-01-25 2127896]
.
c:\users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [x]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 JMB36X;JMB36X;c:\windows\System32\XSrvSetup.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\User\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:48]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-14 11:06]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-14 11:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.stimme.de/
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{00BEA70F-AE5F-4DA7-91FA-4496FE787B40}: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{00BEA70F-AE5F-4DA7-91FA-4496FE787B40}\5416379724F687D2148353632343: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{00BEA70F-AE5F-4DA7-91FA-4496FE787B40}\5416379724F687D2734364236383: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{00BEA70F-AE5F-4DA7-91FA-4496FE787B40}\5416379724F687D2735364436303: NameServer = 156.154.70.25,156.154.71.25
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://notes.kwpartner.de/dwa85W.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wpp3pji7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.stimme.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-21 18:20; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wpp3pji7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - ExtSQL: 2012-12-28 21:36; support@Senseless.TV; c:\users\User\AppData\Roaming\SenselessTV\ffextension
FF - ExtSQL: !HIDDEN! 2012-12-28 21:36; support@Senseless.TV; c:\users\User\AppData\Roaming\SenselessTV\ffextension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-03  17:09:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-03 16:09
.
Vor Suchlauf: 7 Verzeichnis(se), 14.376.845.312 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 14.317.985.792 Bytes frei
.
- - End Of File - - 31D5AE03F8E67EED9470ADC4F98F0B51
         
--- --- ---

Alt 03.02.2013, 21:57   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner legt Computer lahm - Standard

GVU Trojaner legt Computer lahm



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Folder::
C:\found.000

File::
c:\programdata\dsgsdgdsgdsgw.js
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.02.2013, 20:35   #15
sschmidt
 
GVU Trojaner legt Computer lahm - Standard

GVU Trojaner legt Computer lahm



gerne- hier bitte.


Code:
ATTFilter
ComboFix 13-02-07.01 - User 07.02.2013  21:25:02.2.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3325.1858 [GMT 1:00]
ausgeführt von:: c:\users\Sabine\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sabine\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Antivirus *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\dsgsdgdsgdsgw.js"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\found.000
c:\found.000\dir0000.chk\like[2].htm
c:\found.000\dir0000.chk\likebox[1].htm
c:\found.000\dir0000.chk\MetArt_Pombe_Katya-AC_by_Leonardo_high_0074[1].jpg
c:\found.000\dir0001.chk\view[4].htm
c:\found.000\dir0001.chk\wmedia[1].htm
c:\found.000\dir0002.chk\mobile_adult[1].js
c:\found.000\dir0002.chk\RecorderButtonLow[1].png
c:\programdata\dsgsdgdsgdsgw.js
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-07 bis 2013-02-07  ))))))))))))))))))))))))))))))
.
.
2013-02-07 20:30 . 2013-02-07 20:31	--------	d-----w-	c:\users\User\AppData\Local\temp
2013-02-07 20:30 . 2013-02-07 20:30	--------	d-----w-	c:\users\Sabine\AppData\Local\temp
2013-02-07 20:30 . 2013-02-07 20:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-06 21:08 . 2013-02-06 21:08	87310	----a-w-	c:\windows\system32\drivers\fvstore.dat
2013-02-06 15:36 . 2013-02-06 15:36	--------	d-----w-	C:\VTRoot
2013-02-06 15:18 . 2013-02-07 20:12	490448	----a-w-	c:\windows\system32\drivers\sfi.dat
2013-02-06 15:17 . 2013-02-06 15:18	--------	d-s---w-	c:\programdata\Shared Space
2013-02-06 15:16 . 2013-02-06 15:57	--------	d-----w-	c:\users\User\AppData\Local\Comodo
2013-02-06 15:16 . 2013-02-06 15:16	42760	----a-w-	c:\windows\system32\certsentry.dll
2013-02-06 15:16 . 2013-02-06 15:57	--------	d-----w-	c:\program files\Comodo
2013-02-06 15:13 . 2013-02-06 15:13	--------	d-----w-	c:\users\User\AppData\Local\Secunia PSI
2013-02-06 15:12 . 2013-02-06 15:12	--------	d-----w-	c:\program files\Secunia
2013-02-06 14:58 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FAB24B1-4D89-470C-86A7-4A7F246379F3}\mpengine.dll
2013-02-03 18:35 . 2013-02-03 18:35	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-01-24 21:43 . 2013-01-24 21:43	35488	----a-w-	c:\windows\system32\cmdcsr.dll
2013-01-24 21:43 . 2013-01-24 21:43	354752	----a-w-	c:\windows\system32\guard32.dll
2013-01-24 21:42 . 2013-01-24 21:42	40656	----a-w-	c:\windows\system32\cmdkbd32.dll
2013-01-24 21:42 . 2013-01-24 21:42	263888	----a-w-	c:\windows\system32\cmdvrt32.dll
2013-01-17 17:46 . 2013-01-17 17:46	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-16 18:51 . 2013-01-16 18:51	84416	----a-w-	c:\windows\system32\drivers\inspect.sys
2013-01-16 18:51 . 2013-01-16 18:51	43728	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2013-01-16 18:51 . 2013-01-16 18:51	576768	----a-w-	c:\windows\system32\drivers\cmdguard.sys
2013-01-16 18:51 . 2013-01-16 18:51	20072	----a-w-	c:\windows\system32\drivers\cmderd.sys
2013-01-11 22:45 . 2013-01-12 17:44	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2013-01-11 05:04 . 2013-01-11 05:04	--------	d-----w-	c:\program files\Mozilla Thunderbird
2013-01-09 21:04 . 2012-11-20 04:51	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 21:04 . 2012-11-22 04:45	626688	----a-w-	c:\windows\system32\usp10.dll
2013-01-09 21:04 . 2012-11-09 04:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 21:04 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 21:04 . 2012-11-23 02:56	2345984	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 21:04 . 2012-11-23 02:48	49152	----a-w-	c:\windows\system32\taskhost.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-03 18:35 . 2012-05-12 20:57	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-03 18:35 . 2010-11-03 21:17	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-17 00:28 . 2010-10-31 08:17	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-09 20:48 . 2012-04-01 04:59	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-09 20:48 . 2011-05-14 05:07	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 14:13 . 2012-12-22 08:36	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:36	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-11-14 02:09 . 2012-12-13 18:21	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 18:21	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 18:21	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 18:21	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 18:21	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 18:21	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-13 20:29 . 2012-11-13 20:29	354216	----a-w-	c:\windows\system32\DivXControlPanelApplet.cpl
2013-01-28 21:17 . 2013-01-28 21:17	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{991D97B8-F0D8-4EA1-9100-7A65EA2D3A63}]
2012-08-28 06:53	84840	----a-w-	c:\users\User\AppData\Roaming\SenselessTV\bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-03 9267816]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"Ocs_SM"="c:\users\User\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-08-21 106496]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-01-24 1430736]
.
c:\users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
R2 SearchAnonymizer;SearchAnonymizer;c:\users\User\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 JMB36X;JMB36X;c:\windows\System32\XSrvSetup.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:48]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-14 11:06]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-14 11:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.stimme.de/
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{00BEA70F-AE5F-4DA7-91FA-4496FE787B40}: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{00BEA70F-AE5F-4DA7-91FA-4496FE787B40}\5416379724F687D2148353632343: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{00BEA70F-AE5F-4DA7-91FA-4496FE787B40}\5416379724F687D2734364236383: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{00BEA70F-AE5F-4DA7-91FA-4496FE787B40}\5416379724F687D2735364436303: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{18C2FB04-7377-47A5-B748-F817A1EEE1F3}: NameServer = 8.26.56.26,156.154.70.22
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://notes.kwpartner.de/dwa85W.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wpp3pji7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.stimme.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-21 18:20; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wpp3pji7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - ExtSQL: 2012-12-28 21:36; support@Senseless.TV; c:\users\User\AppData\Roaming\SenselessTV\ffextension
FF - ExtSQL: !HIDDEN! 2012-12-28 21:36; support@Senseless.TV; c:\users\User\AppData\Roaming\SenselessTV\ffextension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Vidalia - c:\program files\Vidalia Bridge Bundle\Vidalia\vidalia.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(636)
c:\windows\system32\guard32.dll
.
Zeit der Fertigstellung: 2013-02-07  21:32:44
ComboFix-quarantined-files.txt  2013-02-07 20:32
ComboFix2.txt  2013-02-03 16:09
.
Vor Suchlauf: 11 Verzeichnis(se), 14.107.455.488 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 14.834.802.688 Bytes frei
.
- - End Of File - - 3716C89E6250D09F9C00DA8FC9F18142
         

Antwort

Themen zu GVU Trojaner legt Computer lahm
abend, adware/pornpop.a.12, adware/pornpop.a.17, benutzer, bereits, compu, computer, computer lahm, gvu trojaner, hallo zusammen, heute, js/jehblock.a, kaspersky, lahm, nichts, pc läuft, troja, trojaner, zusammen



Ähnliche Themen: GVU Trojaner legt Computer lahm


  1. E-Bay-Mahnung geöffnet - Virus legt Computer lahm
    Log-Analyse und Auswertung - 11.09.2014 (5)
  2. Trojaner legt Windows 7 PC lahm
    Log-Analyse und Auswertung - 09.08.2013 (3)
  3. Trojaner legt onlinebanking lahm
    Log-Analyse und Auswertung - 13.12.2012 (1)
  4. Trojaner legt mein Internet lahm
    Log-Analyse und Auswertung - 07.10.2012 (3)
  5. Folgende Fehlermeldung legt meinen LapTop lahm: "ihr computer wurde durch das system der automatischen informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 28.09.2012 (32)
  6. GVU Trojaner legt Geschäfts PC lahm
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (49)
  7. GVU Trojaner legt PC lahm
    Log-Analyse und Auswertung - 06.08.2012 (2)
  8. GVU-Trojaner legt Benutzer lahm
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (9)
  9. BKA Trojaner legt alles lahm
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  10. Programm "Spyware Protection" legt meinen Computer lahm und will gekauft werden.
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (2)
  11. Trojaner legt alles lahm
    Plagegeister aller Art und deren Bekämpfung - 30.08.2009 (6)
  12. Trojaner legt Firefox lahm
    Plagegeister aller Art und deren Bekämpfung - 23.04.2009 (1)
  13. Trojaner legt alles lahm
    Log-Analyse und Auswertung - 14.01.2009 (4)
  14. Trojaner legt alles lahm
    Plagegeister aller Art und deren Bekämpfung - 29.12.2008 (0)
  15. trojaner/virus legt pc lahm
    Log-Analyse und Auswertung - 23.09.2008 (35)
  16. Trojaner legt Pc lahm....need Help
    Log-Analyse und Auswertung - 02.04.2008 (4)
  17. Trojaner der AntivirXP lahm legt
    Plagegeister aller Art und deren Bekämpfung - 02.01.2005 (10)

Zum Thema GVU Trojaner legt Computer lahm - Hallo zusammen, habe mir heute abend einen GVU-Trojaner eingefangen. Unter meinem Benutzer geht gar nichts mehr. Der Benutzer meiner Frau auf dem PC läuft noch. Mit diesem arbeite ich gerade. - GVU Trojaner legt Computer lahm...
Archiv
Du betrachtest: GVU Trojaner legt Computer lahm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.