Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Topic Torch Tollbar --> Virus?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.01.2013, 01:19   #1
Shilo
 
Topic Torch Tollbar --> Virus? - Standard

Topic Torch Tollbar --> Virus?



Hallo,
ich habe die letzten 2 Tage sehr viel Werbung eingeblendet bekommen, die zum Teil auch nicht entfernbar war.
Auch öffnet sich fast immer 2 Browser Fenster wobei eines für einen Ego-shooter deren Name A.V.A ist, Werbung macht.
Heute kamm auch auf einmal eine Toolbar, unten über der Taskleiste "Topic Torch".

Als ich dann mal nach Topic Torch gegoogle hab war es für mich schluß mit lustig.
Hab dann ein neues mir nicht bekanntes Programm "Yantoo" deinstaliert somit war auch die Tollbar verschwunden.
Aber ich glaube nicht das es dies war so suchte ich weiter und bin bei euch gelandet.

MbAM hat bei mir nichts gefunden auch nicht Kaspersky.

Code:
ATTFilter
OTL logfile created on: 13.01.2013 23:53:38 - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Bernhard\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
15,48 Gb Total Physical Memory | 13,31 Gb Available Physical Memory | 85,99% Memory free
30,95 Gb Paging File | 28,81 Gb Available in Paging File | 93,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,90 Gb Total Space | 14,39 Gb Free Space | 25,74% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 797,51 Gb Free Space | 85,61% Space Free | Partition Type: NTFS
 
Computer Name: BERNHARD-PC | User Name: Bernhard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Users\Bernhard\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\AddLyrics\YTLUpdater.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0ac5296285b1a74de78ded1c844cfb60\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ab16b2721684612a1c9053401797082\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\AddLyrics\YTLUpdater.exe ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys (NVIDIA Corporation)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (LGSUsbFilt) -- C:\Windows\SysNative\drivers\LGSUsbFilt.sys (Logitech Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (npusbio) -- C:\Windows\SysNative\drivers\npusbio_x64.sys ()
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (E100B) -- C:\Windows\SysNative\drivers\eFE5b32e.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{311E5933-A78B-43C0-B768-4C84EDF0FB23}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=AT&userid=53436c9e-893b-49b4-878f-7e89fa261913&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{311E5933-A78B-43C0-B768-4C84EDF0FB23}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Users\Bernhard\Downloads
IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=AT&userid=53436c9e-893b-49b4-878f-7e89fa261913&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=AT&userid=53436c9e-893b-49b4-878f-7e89fa261913&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://h1681442.stratoserver.net/board/index.php?page=Portal
IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=AT&userid=53436c9e-893b-49b4-878f-7e89fa261913&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=AT&userid=53436c9e-893b-49b4-878f-7e89fa261913&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=AT&userid=53436c9e-893b-49b4-878f-7e89fa261913&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deAT510
IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 20:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 20:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 20:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 20:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 20:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Program Files (x86)\AddLyrics\FF\ [2013.01.08 17:25:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2013.01.02 22:23:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.11.11 09:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Extensions
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (AddLyrics) - {B40720CF-4DDD-40DC-86EA-26404E77C1E8} - C:\Program Files (x86)\AddLyrics\AddLyrics.dll (RVZR)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [addlyrics@addlyrics.net] C:\Program Files (x86)\AddLyrics\YTLUpdater.exe ()
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\npjpi150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..Trusted Domains: blank ([]about in Local intranet)
O15 - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72058886-7396-4C6D-95FA-5EB8D6171E6A}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.13 23:29:14 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Sony Online Entertainment
[2013.01.13 21:30:04 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Local\Diagnostics
[2013.01.13 21:19:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\Bernhard\Desktop\OTL.exe
[2013.01.13 20:24:40 | 000,000,000 | ---D | C] -- D:\Users\Bernhard\Desktop\Alte Firefox-Daten
[2013.01.11 17:05:08 | 000,127,075 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2013.01.11 17:05:08 | 000,049,262 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\jpicpl32.cpl
[2013.01.11 17:05:08 | 000,049,247 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2013.01.11 17:05:08 | 000,049,245 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2013.01.11 17:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.01.11 17:04:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.01.08 22:40:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.01.08 22:40:39 | 002,743,440 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013.01.08 22:40:39 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013.01.08 22:40:39 | 001,561,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013.01.08 22:40:39 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.01.08 22:40:39 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013.01.08 22:40:39 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.01.08 22:40:39 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.01.08 22:40:39 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.01.08 22:40:38 | 003,643,024 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013.01.08 22:40:38 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2013.01.08 22:40:38 | 001,264,272 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013.01.08 22:40:38 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll
[2013.01.08 22:40:38 | 000,881,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013.01.08 22:40:38 | 000,834,936 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.01.08 22:40:38 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll
[2013.01.08 22:40:38 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.01.08 22:40:38 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.01.08 22:40:38 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.01.08 22:40:38 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.01.08 22:40:38 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.01.08 22:40:38 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013.01.08 22:40:38 | 000,109,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013.01.08 22:40:38 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.01.08 22:40:38 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll
[2013.01.08 22:40:38 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.01.08 22:40:38 | 000,065,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll
[2013.01.08 22:40:38 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll
[2013.01.08 22:40:38 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2013.01.08 22:40:37 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.01.08 22:40:37 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013.01.08 22:40:37 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013.01.08 22:40:37 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013.01.08 22:38:30 | 000,000,000 | ---D | C] -- C:\Driver_Win8_Win7
[2013.01.08 17:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.01.08 17:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AddLyrics
[2013.01.07 02:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.01.07 02:26:14 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Local\PutLockerDownloader
[2013.01.07 02:26:09 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
[2013.01.01 19:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.12.30 21:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2012.12.25 18:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.12.25 18:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2012.12.25 18:32:52 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Local\Logitech
[2012.12.25 18:32:52 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Leadertech
[2012.12.25 18:32:38 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012.12.25 18:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012.12.25 18:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.12.25 18:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2012.12.25 18:32:03 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Logitech
[2012.12.25 18:32:03 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Logishrd
[2012.12.25 18:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackIR v5
[2012.12.22 21:36:30 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\NVIDIA
[2012.12.18 20:01:02 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.12.18 20:01:02 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.12.18 20:01:02 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012.12.18 20:01:02 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012.12.18 20:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.12.16 19:55:15 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ski Challenge 13 (CH)
[2012.12.16 19:55:12 | 000,000,000 | ---D | C] -- C:\Games
[2012.12.16 05:09:47 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\ArmA II Launcher
[2012.12.16 05:08:32 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Local\ArmA
[2012.12.16 05:07:13 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\Documents\ArmA 2 Other Profiles
[2012.12.16 05:07:13 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\Documents\ArmA
[2012.12.16 04:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.16 04:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.16 03:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012.12.16 03:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely
[2012.12.16 03:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Open Freely
[2012.12.16 02:56:47 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.12.16 02:31:06 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.12.16 02:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.12.16 02:31:05 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Notepad++
[2012.12.15 23:25:33 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Nero
[2012.12.15 23:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012.12.15 23:25:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.15 23:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012.12.15 23:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012.12.15 23:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.12.15 23:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012.12.15 22:07:46 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Local\ArmA 2
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.13 23:22:42 | 000,024,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.13 23:22:42 | 000,024,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.13 23:19:51 | 001,621,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.13 23:19:51 | 000,700,168 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.13 23:19:51 | 000,654,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.13 23:19:51 | 000,148,964 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.13 23:19:51 | 000,121,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.13 23:15:53 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.13 23:15:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.13 23:15:34 | 3874,246,654 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.13 23:07:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.13 23:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.13 21:43:58 | 000,000,000 | ---- | M] () -- C:\Users\Bernhard\defogger_reenable
[2013.01.13 21:42:59 | 000,000,060 | ---- | M] () -- C:\Users\Bernhard\AppData\Roaming\mbam.context.scan
[2013.01.13 21:42:36 | 000,000,438 | ---- | M] () -- D:\Users\Bernhard\Desktop\LAN-Verbindung - Verknüpfung.lnk
[2013.01.13 21:21:20 | 000,365,568 | ---- | M] () -- D:\Users\Bernhard\Desktop\gmer-2.0.18444.exe
[2013.01.13 21:19:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Bernhard\Desktop\OTL.exe
[2013.01.13 21:19:14 | 000,050,477 | ---- | M] () -- D:\Users\Bernhard\Desktop\Defogger.exe
[2013.01.13 18:32:15 | 000,003,700 | ---- | M] () -- C:\Users\Bernhard\Documents\cc_20130113_183209.reg
[2013.01.13 18:30:20 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.13 18:14:46 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.12 23:15:32 | 000,147,358 | ---- | M] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1357824174-2013-01-12 23_15_31.943496.dmp
[2013.01.12 23:03:34 | 000,145,574 | ---- | M] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1357824174-2013-01-12 23_03_32.245331.dmp
[2013.01.12 13:49:39 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.12 13:49:39 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.11 17:04:53 | 000,127,075 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2013.01.11 17:04:53 | 000,049,262 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\jpicpl32.cpl
[2013.01.11 17:04:53 | 000,049,247 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2013.01.11 17:04:53 | 000,049,245 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2013.01.07 21:45:11 | 000,143,742 | ---- | M] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2013-01-07 21_45_11.271377.dmp
[2013.01.07 21:08:41 | 000,144,038 | ---- | M] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2013-01-07 21_08_41.379123.dmp
[2013.01.07 02:36:32 | 000,143,342 | ---- | M] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2013-01-07 02_36_32.672760.dmp
[2013.01.07 02:23:58 | 000,144,478 | ---- | M] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2013-01-07 02_23_58.563627.dmp
[2013.01.01 19:49:32 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.12.30 21:08:49 | 000,000,517 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk
[2012.12.30 19:03:04 | 000,001,365 | ---- | M] () -- D:\Users\Bernhard\Desktop\BierAIG #5 RHS.lnk
[2012.12.25 18:32:39 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012.12.25 18:12:10 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\TrackIR v5.lnk
[2012.12.25 18:05:33 | 000,000,842 | ---- | M] () -- C:\Users\Bernhard\Documents\cc_20121225_180526.reg
[2012.12.24 12:24:13 | 000,146,902 | ---- | M] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2012-12-24 12_24_13.163921.dmp
[2012.12.18 20:22:56 | 000,001,480 | ---- | M] () -- D:\Users\Bernhard\Desktop\arma - Verknüpfung.lnk
[2012.12.18 20:18:01 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.12.18 20:18:01 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.12.18 20:18:01 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012.12.18 20:18:01 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012.12.16 20:08:03 | 000,195,636 | ---- | M] () -- C:\Users\Bernhard\wer macht was.pdf
[2012.12.16 19:55:15 | 000,000,881 | ---- | M] () -- D:\Users\Bernhard\Desktop\Ski Challenge 13 (CH) starten.lnk
[2012.12.16 18:29:28 | 000,001,602 | ---- | M] () -- D:\Users\Bernhard\Desktop\AssassinsCreedBrotherhood - Verknüpfung.lnk
[2012.12.16 04:03:51 | 000,006,554 | ---- | M] () -- C:\Users\Bernhard\Documents\cc_20121216_040345.reg
[2012.12.16 04:03:27 | 000,057,850 | ---- | M] () -- C:\Users\Bernhard\Documents\cc_20121216_040318.reg
[2012.12.15 23:23:15 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 12.lnk
[2012.12.15 01:28:42 | 000,221,089 | ---- | M] () -- D:\Users\Bernhard\Desktop\Lobpreis Hochimst.png
[2012.12.15 01:23:59 | 000,058,880 | ---- | M] () -- D:\Users\Bernhard\Desktop\CGT-INTERN 20121201 Lobpreis und Anbetung in Hochimst_Gebetshaus_Termine 2013.msg
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.13 21:43:58 | 000,000,000 | ---- | C] () -- C:\Users\Bernhard\defogger_reenable
[2013.01.13 21:42:59 | 000,000,060 | ---- | C] () -- C:\Users\Bernhard\AppData\Roaming\mbam.context.scan
[2013.01.13 21:42:36 | 000,000,438 | ---- | C] () -- D:\Users\Bernhard\Desktop\LAN-Verbindung - Verknüpfung.lnk
[2013.01.13 21:21:20 | 000,365,568 | ---- | C] () -- D:\Users\Bernhard\Desktop\gmer-2.0.18444.exe
[2013.01.13 21:19:14 | 000,050,477 | ---- | C] () -- D:\Users\Bernhard\Desktop\Defogger.exe
[2013.01.13 18:32:12 | 000,003,700 | ---- | C] () -- C:\Users\Bernhard\Documents\cc_20130113_183209.reg
[2013.01.12 23:15:31 | 000,147,358 | ---- | C] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1357824174-2013-01-12 23_15_31.943496.dmp
[2013.01.12 23:03:32 | 000,145,574 | ---- | C] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1357824174-2013-01-12 23_03_32.245331.dmp
[2013.01.08 22:40:38 | 000,332,665 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.01.07 21:45:11 | 000,143,742 | ---- | C] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2013-01-07 21_45_11.271377.dmp
[2013.01.07 21:08:41 | 000,144,038 | ---- | C] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2013-01-07 21_08_41.379123.dmp
[2013.01.07 02:36:32 | 000,143,342 | ---- | C] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2013-01-07 02_36_32.672760.dmp
[2013.01.07 02:23:58 | 000,144,478 | ---- | C] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2013-01-07 02_23_58.563627.dmp
[2013.01.01 19:49:32 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.12.30 21:08:49 | 000,000,517 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
[2012.12.25 18:12:10 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\TrackIR v5.lnk
[2012.12.25 18:05:31 | 000,000,842 | ---- | C] () -- C:\Users\Bernhard\Documents\cc_20121225_180526.reg
[2012.12.24 12:24:13 | 000,146,902 | ---- | C] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2012-12-24 12_24_13.163921.dmp
[2012.12.22 21:36:00 | 000,045,600 | ---- | C] () -- C:\Windows\SysNative\drivers\npusbio_x64.sys
[2012.12.19 21:41:03 | 000,001,365 | ---- | C] () -- D:\Users\Bernhard\Desktop\BierAIG #5 RHS.lnk
[2012.12.18 19:56:24 | 000,001,480 | ---- | C] () -- D:\Users\Bernhard\Desktop\arma - Verknüpfung.lnk
[2012.12.16 20:08:02 | 000,195,636 | ---- | C] () -- C:\Users\Bernhard\wer macht was.pdf
[2012.12.16 19:55:15 | 000,000,881 | ---- | C] () -- D:\Users\Bernhard\Desktop\Ski Challenge 13 (CH) starten.lnk
[2012.12.16 18:29:28 | 000,001,602 | ---- | C] () -- D:\Users\Bernhard\Desktop\AssassinsCreedBrotherhood - Verknüpfung.lnk
[2012.12.16 04:03:50 | 000,006,554 | ---- | C] () -- C:\Users\Bernhard\Documents\cc_20121216_040345.reg
[2012.12.16 04:03:25 | 000,057,850 | ---- | C] () -- C:\Users\Bernhard\Documents\cc_20121216_040318.reg
[2012.12.16 04:01:06 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.16 03:18:04 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.12.15 23:23:15 | 000,002,843 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 12.lnk
[2012.12.15 01:26:08 | 000,221,089 | ---- | C] () -- D:\Users\Bernhard\Desktop\Lobpreis Hochimst.png
[2012.12.15 01:23:59 | 000,058,880 | ---- | C] () -- D:\Users\Bernhard\Desktop\CGT-INTERN 20121201 Lobpreis und Anbetung in Hochimst_Gebetshaus_Termine 2013.msg
[2012.11.25 01:46:18 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2012.11.17 19:30:36 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.17 19:30:35 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.16 14:09:19 | 001,640,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.08.16 10:56:34 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.08.16 10:56:34 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.16 05:09:47 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\ArmA II Launcher
[2012.11.12 14:21:10 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\HTC
[2012.11.12 14:21:14 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.12.19 21:39:55 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\JustSyncArmA
[2012.12.25 18:32:52 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Leadertech
[2012.11.11 23:35:46 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\mquadr.at
[2012.12.16 02:32:59 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Notepad++
[2012.11.12 00:56:47 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Outlook
[2012.11.16 03:49:25 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\pdfforge
[2012.11.17 19:30:33 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\PunkBuster
[2013.01.13 23:29:14 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Sony Online Entertainment
[2012.11.11 22:18:32 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\wargaming.net
 
========== Purity Check ==========
 
 

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 13.01.2013 23:53:38 - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Bernhard\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
15,48 Gb Total Physical Memory | 13,31 Gb Available Physical Memory | 85,99% Memory free
30,95 Gb Paging File | 28,81 Gb Available in Paging File | 93,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,90 Gb Total Space | 14,39 Gb Free Space | 25,74% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 797,51 Gb Free Space | 85,61% Space Free | Partition Type: NTFS
 
Computer Name: BERNHARD-PC | User Name: Bernhard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0399D586-8DF0-4AEF-8D2F-F80696779A2E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{28F2CC07-2DBF-48A7-88E8-F64EEE859563}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4E0C946C-5AB2-4193-B79C-9C4A52BB83F4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{514C2BA7-DD64-450D-ABE0-D7DBEC2444D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5687EC2B-76D3-449C-BD04-8FBE4E28E7A7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{59F648D6-B4CE-4484-8DFB-82814CEB35C7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5ACA1AC9-A590-4283-8711-B9BB1D006CF7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5FC9ACD2-1E37-4566-BBB3-08998B055FDA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{625C236E-BF57-48B7-9709-9A8F9F75AE12}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{70323341-C42F-42E0-B28B-F4DDC58D56BA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{760D80C7-1883-4722-8FAD-6D1F781CA8FD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{803EA205-169B-4328-8B5B-54540A21A2E2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{81EDEE7C-BE3E-489B-B1A2-0B67ADF6DB18}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9399A28E-6F6C-48F6-A31F-D8CC1A2AD4CC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{942CE0DE-2936-4B88-ABEA-BFC48108C262}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{96207A97-449A-4477-A799-0E223984103E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9AB7A02D-DDBB-466C-B85C-6511E83C0EE4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A8CFC1C4-ED0C-4A18-B1C5-D0A35382D5C8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AC98B80D-B498-4773-8609-A22BDBBEAAE2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B7AD4292-48C1-41A6-AA45-0C19199C0F82}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B8CE9CB0-0B4A-4840-986D-B8728D3910E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C4C9895B-9FEF-4509-94E3-B4C02B31713C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D2298C00-5BB1-43D5-9D0B-DEEA68653368}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F665597E-C9F5-4E2A-9C55-93EF7FF7A30C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A73B30-300F-40A8-A3EC-B329F7A319BD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{086EC94A-B2C5-4A7C-9C91-96E82E945260}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{15F1B602-62D8-4625-9A24-DC7D731DDCEA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{285F931F-9FFE-499E-B58B-950011D2976E}" = protocol=6 | dir=in | app=d:\program files\ubis soft\assasin's creed brotherhood\uplaybrowser.exe | 
"{2A4ABE1A-4764-4CC5-9FAB-30CC84645B0F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2AAF90FA-2423-4917-B168-814ECA02AF3C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{30170395-1C90-48D2-9A4E-8A55CAE95580}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{36281C91-D260-4C68-A367-0B743FFFBB35}" = protocol=17 | dir=in | app=d:\program files\bohemia interactive\arma\arma.exe | 
"{3706C70B-C5C9-4BE8-8C48-8B03877FFED0}" = protocol=6 | dir=in | app=d:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{37E95901-7F4F-4BDB-897E-CA6E9F1474AF}" = protocol=17 | dir=in | app=d:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{3BE1738A-4C2B-4C96-A524-FF9DE08BDED0}" = protocol=17 | dir=in | app=d:\program files\ubis soft\assasin's creed brotherhood\acbmp.exe | 
"{3C274644-526D-42F5-A547-5E91203EF98C}" = protocol=6 | dir=out | app=system | 
"{4094834B-10E4-4FE0-98CD-50992271E1A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{496D0BC1-8A77-465C-966D-FBB442B2069A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{533BBBCB-55F2-4904-82B7-3DBFE32CAA33}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{58489B28-9ABC-4986-8CD4-C27E819427EF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5AB7B0CA-5A1A-447F-9A46-B7777612BBC7}" = protocol=6 | dir=in | app=d:\program files\ubis soft\assasin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{615C5834-7A46-43CA-ADBD-5186B78D459F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{63C4186B-EBB8-460A-AB94-CA26459D349B}" = protocol=6 | dir=in | app=d:\program files\bohemia interactive\arma 2\arma2oa.exe | 
"{66886C39-92F6-489D-A254-DC8271ED6516}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{6CC78D5B-9C83-4186-9BB0-5E7D4C01707C}" = protocol=17 | dir=in | app=d:\program files\bohemia interactive\arma 2\arma2oa.exe | 
"{6F3A1D73-F02E-4523-8502-754951771413}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{74394408-E078-4B93-BA89-D91EC3EE211A}" = protocol=17 | dir=in | app=d:\program files\ubis soft\assasin's creed brotherhood\acbsp.exe | 
"{74715770-7492-449C-BB17-2402BF583861}" = protocol=6 | dir=in | app=d:\program files\bohemia interactive\arma\arma.exe | 
"{74B2AEF5-2F9E-4974-9956-C7DF74C9F7A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{789F1161-41FC-4E9A-9001-2F0B7EBDE137}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{84335A12-253F-41F3-9F25-4B2189CB8017}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{92B71267-DAAA-4433-B2E9-D2DF6FF8EFD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{95E5DED7-B4A3-44BB-8CC8-1E01DADBEEFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{98F58E7E-58DB-444A-848F-FF9B2ED440D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9A0CD610-6B25-4A30-9A66-9B7FC8B6A25C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A219F355-E269-43F1-9F7F-359F056F737E}" = protocol=17 | dir=in | app=d:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{A5C15C5B-4176-463A-BB9F-53894E21190F}" = protocol=6 | dir=in | app=d:\program files\ubis soft\assasin's creed brotherhood\acbsp.exe | 
"{A67CAD26-561E-4D4A-A463-7332047C987B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A7A556A1-82B4-499F-856D-95BB1F74DFD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B65A81F2-21AD-413F-A6F7-4822671D8211}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B86515BE-F5EB-4455-A0C9-C4A9F2482605}" = protocol=6 | dir=in | app=d:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{B9FEDC2E-694D-4198-B2F8-A52E8ADA7B12}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{BCB161E0-E457-486B-8666-D90F74840677}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C14159B5-D008-4BD3-9748-3CA5B2C9BB83}" = protocol=17 | dir=in | app=d:\program files\ubis soft\assasin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{C16D6FA1-7657-456C-9ACE-A52B619D2BE2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{C4E3B693-6FF6-4F30-8050-5D4C736E878C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{CC3AFC15-BBDE-4104-AC20-3D8547B4BE75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA45F6C4-897D-44BF-B24E-B652B975D160}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EB2276D6-242A-4E1D-AD93-33D899B0B854}" = protocol=17 | dir=in | app=d:\program files\ubis soft\assasin's creed brotherhood\uplaybrowser.exe | 
"{F69E7AFF-876B-4C92-96D7-C4C4054A30E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD7D693F-C9B2-41E1-844D-93BF8D013E81}" = protocol=6 | dir=in | app=d:\program files\ubis soft\assasin's creed brotherhood\acbmp.exe | 
"TCP Query User{5D4B8012-B5E5-48D5-BA35-B21D31BC9EAD}D:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{ECF38791-6F87-44E1-AC42-C342B9060D2D}D:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{1066A995-FF75-4B8F-8406-D2FE461DC18B}D:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{A1668B90-C398-4A66-B5A9-69DC56FC36A7}D:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1" = Open Freely
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
"x64 Components_is1" = x64 Components v3.8.9
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E3AA543-09D7-401E-9DF2-2591D24C7C49}" = Addon Sync 2009
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C0CA68BF-2963-4139-8207-1E83038F86F8}" = Nero BurningROM 12
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F3CA05B7-B4C0-4C9B-AAA6-16B868B35DF2}" = TrackIR5
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"addlyrics@addlyrics.net" = AddLyrics
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"ArmA" = ArmA Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"ArmA2" = ArmA2 Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Controller" = Controller
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"sc13-CH_MAIN" = Ski Challenge 13 (CH)
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.01.2013 03:22:22 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 13.01.2013 03:22:43 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 13.01.2013 03:22:58 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 13.01.2013 03:23:22 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 13.01.2013 03:23:43 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 13.01.2013 03:23:58 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 13.01.2013 03:24:22 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 13.01.2013 03:24:43 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 13.01.2013 03:24:58 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 13.01.2013 03:25:22 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description = 
 
[ System Events ]
Error - 13.01.2013 02:15:20 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 619 Mal passiert.
 
Error - 13.01.2013 02:15:40 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:   %%5
 
Error - 13.01.2013 02:15:40 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 620 Mal passiert.
 
Error - 13.01.2013 02:15:55 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:   %%5
 
Error - 13.01.2013 02:15:55 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 621 Mal passiert.
 
Error - 13.01.2013 02:16:20 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:   %%5
 
Error - 13.01.2013 02:16:20 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 622 Mal passiert.
 
Error - 13.01.2013 02:16:40 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:   %%5
 
Error - 13.01.2013 02:16:40 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 623 Mal passiert.
 
Error - 13.01.2013 02:16:55 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:   %%5
 
 
< End of report >
         
Danke Shilo

Geändert von Shilo (14.01.2013 um 01:30 Uhr)

Alt 14.01.2013, 11:53   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Topic Torch Tollbar --> Virus? - Standard

Topic Torch Tollbar --> Virus?



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 14.01.2013, 12:10   #3
Shilo
 
Topic Torch Tollbar --> Virus? - Standard

Topic Torch Tollbar --> Virus?



MbAM
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bernhard :: BERNHARD-PC [Administrator]

13.01.2013 19:58:03
mbam-log-2013-01-13 (19-58-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 402122
Laufzeit: 11 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Bei Kaspersky weis ich nicht was und wo ich da schauen muss um einen Log zu finden.
Hab auch GMER ein log aber das ist riesig 1.12MB und ich kann es hier nicht einfügen, was hab ich da falsch gemacht.

Gruß Shilo und danke
__________________

Geändert von Shilo (14.01.2013 um 12:35 Uhr)

Alt 14.01.2013, 12:41   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Topic Torch Tollbar --> Virus? - Standard

Topic Torch Tollbar --> Virus?



Zitat:
Hab auch GMER ein log aber das ist riesig 1.12MB und ich kann es hier nicht einfügen, was hab ich da falsch gemacht.
Log zippen und hier anhängen!
Aber nur ausnahmsweise denn die Logs sollen grundsätzlich direkt gepostet werden in CODE-Tags!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.01.2013, 13:42   #5
Shilo
 
Topic Torch Tollbar --> Virus? - Standard

Topic Torch Tollbar --> Virus?



Hier das Logfile

Angehängte Dateien
Dateityp: 7z Gmer.7z (23,9 KB, 104x aufgerufen)

Alt 14.01.2013, 14:12   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Topic Torch Tollbar --> Virus? - Standard

Topic Torch Tollbar --> Virus?



Ok. Hatte Malwarebytes denn nie etwas gefunden?
Wie siehts mit anderen Virenscannern aus? Gab es wirklich niemals Funde?
__________________
--> Topic Torch Tollbar --> Virus?

Alt 14.01.2013, 14:29   #7
Shilo
 
Topic Torch Tollbar --> Virus? - Standard

Topic Torch Tollbar --> Virus?



Nein was mich auch wundert nur bei kasperky kammen ab und an gefährlicher link und auch 2 oder 3 Virus Wahrnungen wobei ich dann auch nichts angeklickt habe.
Hab denn PC ja auch erst seit Mitte Nov.

Alt 14.01.2013, 15:02   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Topic Torch Tollbar --> Virus? - Standard

Topic Torch Tollbar --> Virus?



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.01.2013, 15:37   #9
Shilo
 
Topic Torch Tollbar --> Virus? - Standard

Topic Torch Tollbar --> Virus?



Erstes
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.14.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bernhard :: BERNHARD-PC [administrator]

14.01.2013 15:24:01
mbar-log-2013-01-14 (15-24-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29839
Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Windows\System32\fsvk.exe.exe (Worm.Zhelatin) -> Delete on reboot.

(end)
         
Zweites
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bernhard :: BERNHARD-PC [administrator]

14.01.2013 15:33:08
mbar-log-2013-01-14 (15-33-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29748
Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Das BrowserfensterA.V.A mit dem Online Spiel startete auch gleich wieder.

Gruß Shilo

Alt 14.01.2013, 15:47   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Topic Torch Tollbar --> Virus? - Standard

Topic Torch Tollbar --> Virus?



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.01.2013, 16:07   #11
Shilo
 
Topic Torch Tollbar --> Virus? - Standard

Topic Torch Tollbar --> Virus?



Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-14 15:56:17
-----------------------------
15:56:17.480    OS Version: Windows x64 6.1.7601 Service Pack 1
15:56:17.480    Number of processors: 4 586 0x3A09
15:56:17.480    ComputerName: BERNHARD-PC  UserName: Bernhard
15:56:17.636    Initialize success
16:00:35.683    AVAST engine defs: 13011400
16:01:59.440    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:01:59.440    Disk 0 Vendor: Corsair_ 5.02 Size: 57241MB BusType: 3
16:01:59.440    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:01:59.440    Disk 1 Vendor: Hitachi_ MS2O Size: 953869MB BusType: 3
16:01:59.440    Disk 0 MBR read successfully
16:01:59.440    Disk 0 MBR scan
16:01:59.440    Disk 0 Windows 7 default MBR code
16:01:59.440    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        57239 MB offset 2048
16:01:59.456    Disk 0 scanning C:\Windows\system32\drivers
16:02:01.406    Service scanning
16:02:06.413    Modules scanning
16:02:06.413    Disk 0 trace - called modules:
16:02:06.413    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
16:02:06.912    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ec1c060]
16:02:06.912    3 CLASSPNP.SYS[fffff88001e0143f] -> nt!IofCallDriver -> [0xfffffa800c794b10]
16:02:06.912    5 ACPI.sys[fffff88000f147a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800c790050]
16:02:07.068    AVAST engine scan C:\Windows
16:02:07.349    AVAST engine scan C:\Windows\system32
16:02:54.898    AVAST engine scan C:\Windows\system32\drivers
16:02:57.347    AVAST engine scan C:\Users\Bernhard
16:03:12.978    AVAST engine scan C:\ProgramData
16:03:17.643    Scan finished successfully
16:03:27.221    Disk 0 MBR has been saved successfully to "D:\Users\Bernhard\Desktop\MBR.dat"
16:03:27.237    The log file has been saved successfully to "D:\Users\Bernhard\Desktop\aswMBR.txt"
         

Code:
ATTFilter
16:04:39.0040 4592  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:04:39.0352 4592  ============================================================
16:04:39.0352 4592  Current date / time: 2013/01/14 16:04:39.0352
16:04:39.0352 4592  SystemInfo:
16:04:39.0352 4592  
16:04:39.0352 4592  OS Version: 6.1.7601 ServicePack: 1.0
16:04:39.0352 4592  Product type: Workstation
16:04:39.0352 4592  ComputerName: BERNHARD-PC
16:04:39.0352 4592  UserName: Bernhard
16:04:39.0352 4592  Windows directory: C:\Windows
16:04:39.0352 4592  System windows directory: C:\Windows
16:04:39.0352 4592  Running under WOW64
16:04:39.0352 4592  Processor architecture: Intel x64
16:04:39.0352 4592  Number of processors: 4
16:04:39.0352 4592  Page size: 0x1000
16:04:39.0352 4592  Boot type: Normal boot
16:04:39.0352 4592  ============================================================
16:04:39.0508 4592  Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:04:39.0508 4592  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:04:39.0524 4592  ============================================================
16:04:39.0524 4592  \Device\Harddisk0\DR0:
16:04:39.0524 4592  MBR partitions:
16:04:39.0524 4592  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCBF30
16:04:39.0524 4592  \Device\Harddisk1\DR1:
16:04:39.0524 4592  MBR partitions:
16:04:39.0524 4592  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:04:39.0524 4592  ============================================================
16:04:39.0524 4592  C: <-> \Device\Harddisk0\DR0\Partition1
16:04:39.0524 4592  D: <-> \Device\Harddisk1\DR1\Partition1
16:04:39.0524 4592  ============================================================
16:04:39.0524 4592  Initialize success
16:04:39.0524 4592  ============================================================
16:05:09.0179 0160  ============================================================
16:05:09.0179 0160  Scan started
16:05:09.0179 0160  Mode: Manual; SigCheck; TDLFS; 
16:05:09.0179 0160  ============================================================
16:05:09.0367 0160  ================ Scan system memory ========================
16:05:09.0367 0160  System memory - ok
16:05:09.0367 0160  ================ Scan services =============================
16:05:09.0382 0160  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:05:09.0429 0160  1394ohci - ok
16:05:09.0429 0160  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:05:09.0445 0160  ACPI - ok
16:05:09.0445 0160  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:05:09.0445 0160  AcpiPmi - ok
16:05:09.0460 0160  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:05:09.0460 0160  AdobeARMservice - ok
16:05:09.0476 0160  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:05:09.0491 0160  AdobeFlashPlayerUpdateSvc - ok
16:05:09.0491 0160  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:05:09.0507 0160  adp94xx - ok
16:05:09.0507 0160  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:05:09.0523 0160  adpahci - ok
16:05:09.0523 0160  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:05:09.0523 0160  adpu320 - ok
16:05:09.0538 0160  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:05:09.0554 0160  AeLookupSvc - ok
16:05:09.0554 0160  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:05:09.0569 0160  AFD - ok
16:05:09.0569 0160  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:05:09.0585 0160  agp440 - ok
16:05:09.0585 0160  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:05:09.0585 0160  ALG - ok
16:05:09.0601 0160  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:05:09.0601 0160  aliide - ok
16:05:09.0601 0160  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:05:09.0601 0160  amdide - ok
16:05:09.0616 0160  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:05:09.0616 0160  AmdK8 - ok
16:05:09.0616 0160  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
16:05:09.0632 0160  AmdPPM - ok
16:05:09.0632 0160  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:05:09.0632 0160  amdsata - ok
16:05:09.0647 0160  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:05:09.0647 0160  amdsbs - ok
16:05:09.0647 0160  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:05:09.0663 0160  amdxata - ok
16:05:09.0663 0160  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:05:09.0679 0160  AppID - ok
16:05:09.0679 0160  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:05:09.0710 0160  AppIDSvc - ok
16:05:09.0710 0160  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:05:09.0725 0160  Appinfo - ok
16:05:09.0725 0160  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
16:05:09.0741 0160  arc - ok
16:05:09.0741 0160  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:05:09.0741 0160  arcsas - ok
16:05:09.0757 0160  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:05:09.0757 0160  aspnet_state - ok
16:05:09.0757 0160  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:05:09.0788 0160  AsyncMac - ok
16:05:09.0788 0160  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:05:09.0788 0160  atapi - ok
16:05:09.0803 0160  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:05:09.0835 0160  AudioEndpointBuilder - ok
16:05:09.0835 0160  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:05:09.0866 0160  AudioSrv - ok
16:05:09.0866 0160  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
16:05:09.0881 0160  AVP - ok
16:05:09.0881 0160  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:05:09.0897 0160  AxInstSV - ok
16:05:09.0897 0160  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:05:09.0913 0160  b06bdrv - ok
16:05:09.0913 0160  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:05:09.0928 0160  b57nd60a - ok
16:05:09.0928 0160  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:05:09.0944 0160  BDESVC - ok
16:05:09.0944 0160  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:05:09.0959 0160  Beep - ok
16:05:09.0975 0160  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:05:09.0991 0160  BFE - ok
16:05:10.0006 0160  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:05:10.0037 0160  BITS - ok
16:05:10.0037 0160  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
16:05:10.0037 0160  blbdrive - ok
16:05:10.0037 0160  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:05:10.0053 0160  bowser - ok
16:05:10.0053 0160  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:05:10.0069 0160  BrFiltLo - ok
16:05:10.0069 0160  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:05:10.0069 0160  BrFiltUp - ok
16:05:10.0084 0160  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:05:10.0084 0160  Browser - ok
16:05:10.0084 0160  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:05:10.0100 0160  Brserid - ok
16:05:10.0100 0160  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:05:10.0115 0160  BrSerWdm - ok
16:05:10.0115 0160  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:05:10.0115 0160  BrUsbMdm - ok
16:05:10.0131 0160  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:05:10.0131 0160  BrUsbSer - ok
16:05:10.0131 0160  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:05:10.0147 0160  BTHMODEM - ok
16:05:10.0147 0160  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:05:10.0162 0160  bthserv - ok
16:05:10.0178 0160  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:05:10.0193 0160  cdfs - ok
16:05:10.0193 0160  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
16:05:10.0209 0160  cdrom - ok
16:05:10.0209 0160  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:05:10.0225 0160  CertPropSvc - ok
16:05:10.0225 0160  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
16:05:10.0240 0160  circlass - ok
16:05:10.0240 0160  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:05:10.0256 0160  CLFS - ok
16:05:10.0256 0160  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:05:10.0271 0160  clr_optimization_v2.0.50727_32 - ok
16:05:10.0271 0160  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:05:10.0271 0160  clr_optimization_v2.0.50727_64 - ok
16:05:10.0287 0160  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:05:10.0287 0160  clr_optimization_v4.0.30319_32 - ok
16:05:10.0287 0160  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:05:10.0303 0160  clr_optimization_v4.0.30319_64 - ok
16:05:10.0303 0160  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
16:05:10.0303 0160  CmBatt - ok
16:05:10.0303 0160  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:05:10.0318 0160  cmdide - ok
16:05:10.0318 0160  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:05:10.0334 0160  CNG - ok
16:05:10.0334 0160  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:05:10.0334 0160  Compbatt - ok
16:05:10.0349 0160  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:05:10.0349 0160  CompositeBus - ok
16:05:10.0349 0160  COMSysApp - ok
16:05:10.0365 0160  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:05:10.0365 0160  crcdisk - ok
16:05:10.0381 0160  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:05:10.0381 0160  CryptSvc - ok
16:05:10.0396 0160  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:05:10.0412 0160  DcomLaunch - ok
16:05:10.0412 0160  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:05:10.0443 0160  defragsvc - ok
16:05:10.0443 0160  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:05:10.0459 0160  DfsC - ok
16:05:10.0474 0160  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:05:10.0490 0160  Dhcp - ok
16:05:10.0490 0160  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:05:10.0521 0160  discache - ok
16:05:10.0521 0160  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
16:05:10.0521 0160  Disk - ok
16:05:10.0521 0160  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:05:10.0537 0160  Dnscache - ok
16:05:10.0537 0160  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:05:10.0568 0160  dot3svc - ok
16:05:10.0568 0160  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:05:10.0583 0160  DPS - ok
16:05:10.0583 0160  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:05:10.0599 0160  drmkaud - ok
16:05:10.0615 0160  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:05:10.0630 0160  DXGKrnl - ok
16:05:10.0630 0160  [ A6DB3A7828B456A574243066E2E77D8C ] E100B           C:\Windows\system32\DRIVERS\efe5b32e.sys
16:05:10.0630 0160  E100B - ok
16:05:10.0646 0160  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:05:10.0661 0160  EapHost - ok
16:05:10.0693 0160  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:05:10.0724 0160  ebdrv - ok
16:05:10.0724 0160  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:05:10.0724 0160  EFS - ok
16:05:10.0739 0160  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:05:10.0755 0160  ehRecvr - ok
16:05:10.0755 0160  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:05:10.0755 0160  ehSched - ok
16:05:10.0771 0160  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:05:10.0771 0160  elxstor - ok
16:05:10.0771 0160  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:05:10.0786 0160  ErrDev - ok
16:05:10.0786 0160  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:05:10.0817 0160  EventSystem - ok
16:05:10.0817 0160  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:05:10.0849 0160  exfat - ok
16:05:10.0849 0160  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:05:10.0864 0160  fastfat - ok
16:05:10.0880 0160  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:05:10.0880 0160  Fax - ok
16:05:10.0895 0160  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
16:05:10.0895 0160  fdc - ok
16:05:10.0895 0160  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:05:10.0927 0160  fdPHost - ok
16:05:10.0927 0160  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:05:10.0942 0160  FDResPub - ok
16:05:10.0942 0160  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:05:10.0958 0160  FileInfo - ok
16:05:10.0958 0160  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:05:10.0973 0160  Filetrace - ok
16:05:10.0973 0160  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:05:10.0989 0160  flpydisk - ok
16:05:10.0989 0160  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:05:11.0005 0160  FltMgr - ok
16:05:11.0005 0160  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
16:05:11.0020 0160  FontCache - ok
16:05:11.0020 0160  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:05:11.0036 0160  FontCache3.0.0.0 - ok
16:05:11.0036 0160  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:05:11.0036 0160  FsDepends - ok
16:05:11.0051 0160  [ B16B626996C74B564005BA855C5DEE90 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
16:05:11.0051 0160  fssfltr - ok
16:05:11.0067 0160  [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:05:11.0083 0160  fsssvc - ok
16:05:11.0083 0160  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:05:11.0098 0160  Fs_Rec - ok
16:05:11.0098 0160  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:05:11.0114 0160  fvevol - ok
16:05:11.0114 0160  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:05:11.0114 0160  gagp30kx - ok
16:05:11.0129 0160  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:05:11.0145 0160  gpsvc - ok
16:05:11.0161 0160  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:05:11.0161 0160  gupdate - ok
16:05:11.0161 0160  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:05:11.0161 0160  gupdatem - ok
16:05:11.0176 0160  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:05:11.0176 0160  gusvc - ok
16:05:11.0176 0160  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:05:11.0192 0160  hcw85cir - ok
16:05:11.0192 0160  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:05:11.0207 0160  HdAudAddService - ok
16:05:11.0207 0160  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:05:11.0207 0160  HDAudBus - ok
16:05:11.0223 0160  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:05:11.0223 0160  HidBatt - ok
16:05:11.0223 0160  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:05:11.0239 0160  HidBth - ok
16:05:11.0239 0160  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:05:11.0239 0160  HidIr - ok
16:05:11.0254 0160  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:05:11.0270 0160  hidserv - ok
16:05:11.0270 0160  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:05:11.0285 0160  HidUsb - ok
16:05:11.0285 0160  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:05:11.0301 0160  hkmsvc - ok
16:05:11.0301 0160  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:05:11.0317 0160  HomeGroupListener - ok
16:05:11.0317 0160  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:05:11.0332 0160  HomeGroupProvider - ok
16:05:11.0332 0160  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:05:11.0332 0160  HpSAMD - ok
16:05:11.0332 0160  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
16:05:11.0348 0160  HTCAND64 - ok
16:05:11.0348 0160  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:05:11.0379 0160  HTTP - ok
16:05:11.0379 0160  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:05:11.0395 0160  hwpolicy - ok
16:05:11.0395 0160  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:05:11.0395 0160  i8042prt - ok
16:05:11.0410 0160  [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
16:05:11.0410 0160  iaStor - ok
16:05:11.0426 0160  [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:05:11.0426 0160  IAStorDataMgrSvc - ok
16:05:11.0426 0160  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:05:11.0441 0160  iaStorV - ok
16:05:11.0457 0160  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:05:11.0457 0160  idsvc - ok
16:05:11.0473 0160  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:05:11.0473 0160  iirsp - ok
16:05:11.0488 0160  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:05:11.0504 0160  IKEEXT - ok
16:05:11.0551 0160  [ DC052337C24A87AA1ACC8FCE4F2D5C7F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:05:11.0597 0160  IntcAzAudAddService - ok
16:05:11.0597 0160  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:05:11.0597 0160  intelide - ok
16:05:11.0597 0160  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
16:05:11.0613 0160  intelppm - ok
16:05:11.0613 0160  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:05:11.0629 0160  IPBusEnum - ok
16:05:11.0644 0160  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:05:11.0660 0160  IpFilterDriver - ok
16:05:11.0660 0160  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:05:11.0691 0160  iphlpsvc - ok
16:05:11.0691 0160  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:05:11.0707 0160  IPMIDRV - ok
16:05:11.0707 0160  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:05:11.0722 0160  IPNAT - ok
16:05:11.0722 0160  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:05:11.0738 0160  IRENUM - ok
16:05:11.0738 0160  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:05:11.0753 0160  isapnp - ok
16:05:11.0753 0160  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:05:11.0753 0160  iScsiPrt - ok
16:05:11.0769 0160  [ 023896E23B61543A15A230EED996D911 ] iusb3hub        C:\Windows\system32\drivers\iusb3hub.sys
16:05:11.0769 0160  iusb3hub - ok
16:05:11.0785 0160  [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E ] iusb3xhc        C:\Windows\system32\drivers\iusb3xhc.sys
16:05:11.0800 0160  iusb3xhc - ok
16:05:11.0800 0160  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:05:11.0800 0160  kbdclass - ok
16:05:11.0800 0160  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:05:11.0816 0160  kbdhid - ok
16:05:11.0816 0160  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:05:11.0816 0160  KeyIso - ok
16:05:11.0831 0160  [ 8B5219318DF5895ABD230C373F2DF18A ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
16:05:11.0831 0160  kl1 - ok
16:05:11.0847 0160  [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
16:05:11.0863 0160  KLIF - ok
16:05:11.0863 0160  [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
16:05:11.0863 0160  KLIM6 - ok
16:05:11.0863 0160  [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
16:05:11.0878 0160  klkbdflt - ok
16:05:11.0878 0160  [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
16:05:11.0878 0160  klmouflt - ok
16:05:11.0878 0160  [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
16:05:11.0894 0160  kltdi - ok
16:05:11.0894 0160  [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
16:05:11.0894 0160  kneps - ok
16:05:11.0909 0160  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:05:11.0909 0160  KSecDD - ok
16:05:11.0909 0160  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:05:11.0925 0160  KSecPkg - ok
16:05:11.0925 0160  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:05:11.0941 0160  ksthunk - ok
16:05:11.0941 0160  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:05:11.0972 0160  KtmRm - ok
16:05:11.0972 0160  [ B8040D3B97B16B89701E31A17353856C ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
16:05:11.0972 0160  L1C - ok
16:05:11.0987 0160  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:05:12.0003 0160  LanmanServer - ok
16:05:12.0003 0160  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:05:12.0034 0160  LanmanWorkstation - ok
16:05:12.0034 0160  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
16:05:12.0034 0160  LGBusEnum - ok
16:05:12.0034 0160  [ F7205E939F50B1C8D16F895916BE6756 ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
16:05:12.0050 0160  LGSHidFilt - ok
16:05:12.0050 0160  [ 09521A95BEAB989F1A3E003ACD4E914A ] LGSUsbFilt      C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys
16:05:12.0050 0160  LGSUsbFilt - ok
16:05:12.0050 0160  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
16:05:12.0065 0160  LGVirHid - ok
16:05:12.0065 0160  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:05:12.0081 0160  lltdio - ok
16:05:12.0097 0160  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:05:12.0112 0160  lltdsvc - ok
16:05:12.0112 0160  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:05:12.0143 0160  lmhosts - ok
16:05:12.0143 0160  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:05:12.0143 0160  LSI_FC - ok
16:05:12.0143 0160  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:05:12.0159 0160  LSI_SAS - ok
16:05:12.0159 0160  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:05:12.0159 0160  LSI_SAS2 - ok
16:05:12.0175 0160  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:05:12.0175 0160  LSI_SCSI - ok
16:05:12.0175 0160  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:05:12.0206 0160  luafv - ok
16:05:12.0206 0160  massfilter - ok
16:05:12.0206 0160  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:05:12.0206 0160  MBAMProtector - ok
16:05:12.0253 0160  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:05:12.0268 0160  MBAMScheduler - ok
16:05:12.0284 0160  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:05:12.0299 0160  MBAMService - ok
16:05:12.0299 0160  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:05:12.0315 0160  Mcx2Svc - ok
16:05:12.0315 0160  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:05:12.0315 0160  megasas - ok
16:05:12.0331 0160  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:05:12.0331 0160  MegaSR - ok
16:05:12.0331 0160  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
16:05:12.0346 0160  MEIx64 - ok
16:05:12.0346 0160  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:05:12.0362 0160  Microsoft Office Groove Audit Service - ok
16:05:12.0362 0160  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:05:12.0377 0160  MMCSS - ok
16:05:12.0377 0160  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:05:12.0409 0160  Modem - ok
16:05:12.0409 0160  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:05:12.0409 0160  monitor - ok
16:05:12.0424 0160  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:05:12.0424 0160  mouclass - ok
16:05:12.0424 0160  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:05:12.0440 0160  mouhid - ok
16:05:12.0440 0160  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:05:12.0440 0160  mountmgr - ok
16:05:12.0440 0160  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:05:12.0455 0160  mpio - ok
16:05:12.0455 0160  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:05:12.0471 0160  mpsdrv - ok
16:05:12.0487 0160  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:05:12.0502 0160  MpsSvc - ok
16:05:12.0518 0160  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:05:12.0518 0160  MRxDAV - ok
16:05:12.0533 0160  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:05:12.0533 0160  mrxsmb - ok
16:05:12.0533 0160  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:05:12.0549 0160  mrxsmb10 - ok
16:05:12.0549 0160  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:05:12.0565 0160  mrxsmb20 - ok
16:05:12.0565 0160  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:05:12.0565 0160  msahci - ok
16:05:12.0565 0160  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:05:12.0580 0160  msdsm - ok
16:05:12.0580 0160  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:05:12.0596 0160  MSDTC - ok
16:05:12.0596 0160  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:05:12.0611 0160  Msfs - ok
16:05:12.0611 0160  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:05:12.0643 0160  mshidkmdf - ok
16:05:12.0643 0160  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:05:12.0643 0160  msisadrv - ok
16:05:12.0643 0160  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:05:12.0674 0160  MSiSCSI - ok
16:05:12.0674 0160  msiserver - ok
16:05:12.0674 0160  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:05:12.0689 0160  MSKSSRV - ok
16:05:12.0705 0160  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:05:12.0721 0160  MSPCLOCK - ok
16:05:12.0721 0160  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:05:12.0736 0160  MSPQM - ok
16:05:12.0752 0160  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:05:12.0752 0160  MsRPC - ok
16:05:12.0752 0160  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:05:12.0767 0160  mssmbios - ok
16:05:12.0767 0160  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:05:12.0783 0160  MSTEE - ok
16:05:12.0783 0160  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:05:12.0799 0160  MTConfig - ok
16:05:12.0799 0160  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:05:12.0799 0160  Mup - ok
16:05:12.0814 0160  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:05:12.0830 0160  napagent - ok
16:05:12.0845 0160  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:05:12.0845 0160  NativeWifiP - ok
16:05:12.0861 0160  [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
16:05:12.0877 0160  NAUpdate - ok
16:05:12.0877 0160  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:05:12.0892 0160  NDIS - ok
16:05:12.0892 0160  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:05:12.0923 0160  NdisCap - ok
16:05:12.0923 0160  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:05:12.0939 0160  NdisTapi - ok
16:05:12.0939 0160  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:05:12.0970 0160  Ndisuio - ok
16:05:12.0970 0160  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:05:12.0986 0160  NdisWan - ok
16:05:12.0986 0160  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:05:13.0017 0160  NDProxy - ok
16:05:13.0017 0160  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:05:13.0033 0160  NetBIOS - ok
16:05:13.0033 0160  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:05:13.0064 0160  NetBT - ok
16:05:13.0064 0160  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:05:13.0064 0160  Netlogon - ok
16:05:13.0079 0160  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:05:13.0095 0160  Netman - ok
16:05:13.0095 0160  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:13.0111 0160  NetMsmqActivator - ok
16:05:13.0111 0160  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:13.0111 0160  NetPipeActivator - ok
16:05:13.0126 0160  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:05:13.0142 0160  netprofm - ok
16:05:13.0142 0160  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:13.0157 0160  NetTcpActivator - ok
16:05:13.0157 0160  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:13.0157 0160  NetTcpPortSharing - ok
16:05:13.0173 0160  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:05:13.0173 0160  nfrd960 - ok
16:05:13.0173 0160  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:05:13.0204 0160  NlaSvc - ok
16:05:13.0204 0160  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:05:13.0220 0160  Npfs - ok
16:05:13.0220 0160  [ 95A2AB418251A3B2A2571CDE880B80D0 ] npusbio         C:\Windows\system32\Drivers\npusbio_x64.sys
16:05:13.0235 0160  npusbio - ok
16:05:13.0235 0160  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:05:13.0251 0160  nsi - ok
16:05:13.0251 0160  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:05:13.0282 0160  nsiproxy - ok
16:05:13.0298 0160  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:05:13.0313 0160  Ntfs - ok
16:05:13.0313 0160  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:05:13.0345 0160  Null - ok
16:05:13.0345 0160  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
16:05:13.0345 0160  NVHDA - ok
16:05:13.0469 0160  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:05:13.0610 0160  nvlddmkm - ok
16:05:13.0610 0160  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:05:13.0625 0160  nvraid - ok
16:05:13.0625 0160  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:05:13.0641 0160  nvstor - ok
16:05:13.0641 0160  [ 84948366BDC2D86EC4316A6FCC0C8561 ] NvStUSB         C:\Windows\system32\drivers\nvstusb.sys
16:05:13.0657 0160  NvStUSB - ok
16:05:13.0657 0160  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:05:13.0672 0160  nvsvc - ok
16:05:13.0688 0160  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:05:13.0703 0160  nvUpdatusService - ok
16:05:13.0703 0160  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:05:13.0703 0160  nv_agp - ok
16:05:13.0719 0160  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:05:13.0735 0160  odserv - ok
16:05:13.0735 0160  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:05:13.0735 0160  ohci1394 - ok
16:05:13.0750 0160  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:05:13.0750 0160  ose - ok
16:05:13.0750 0160  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:05:13.0766 0160  p2pimsvc - ok
16:05:13.0766 0160  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:05:13.0781 0160  p2psvc - ok
16:05:13.0781 0160  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
16:05:13.0797 0160  Parport - ok
16:05:13.0797 0160  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:05:13.0797 0160  partmgr - ok
16:05:13.0797 0160  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:05:13.0813 0160  PcaSvc - ok
16:05:13.0813 0160  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:05:13.0828 0160  pci - ok
16:05:13.0828 0160  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:05:13.0844 0160  pciide - ok
16:05:13.0844 0160  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:05:13.0844 0160  pcmcia - ok
16:05:13.0844 0160  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:05:13.0859 0160  pcw - ok
16:05:13.0859 0160  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:05:13.0891 0160  PEAUTH - ok
16:05:13.0906 0160  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:05:13.0922 0160  PerfHost - ok
16:05:13.0937 0160  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:05:13.0953 0160  pla - ok
16:05:13.0969 0160  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:05:13.0984 0160  PlugPlay - ok
16:05:13.0984 0160  PnkBstrA - ok
16:05:13.0984 0160  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:05:13.0984 0160  PNRPAutoReg - ok
16:05:14.0000 0160  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:05:14.0000 0160  PNRPsvc - ok
16:05:14.0015 0160  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:05:14.0031 0160  PolicyAgent - ok
16:05:14.0031 0160  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:05:14.0062 0160  Power - ok
16:05:14.0062 0160  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:05:14.0078 0160  PptpMiniport - ok
16:05:14.0078 0160  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
16:05:14.0093 0160  Processor - ok
16:05:14.0093 0160  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:05:14.0109 0160  ProfSvc - ok
16:05:14.0109 0160  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:05:14.0109 0160  ProtectedStorage - ok
16:05:14.0125 0160  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:05:14.0140 0160  Psched - ok
16:05:14.0156 0160  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:05:14.0171 0160  ql2300 - ok
16:05:14.0171 0160  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:05:14.0187 0160  ql40xx - ok
16:05:14.0187 0160  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:05:14.0203 0160  QWAVE - ok
16:05:14.0203 0160  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:05:14.0218 0160  QWAVEdrv - ok
16:05:14.0218 0160  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:05:14.0234 0160  RasAcd - ok
16:05:14.0234 0160  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:05:14.0249 0160  RasAgileVpn - ok
16:05:14.0265 0160  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:05:14.0281 0160  RasAuto - ok
16:05:14.0281 0160  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:05:14.0312 0160  Rasl2tp - ok
16:05:14.0312 0160  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:05:14.0327 0160  RasMan - ok
16:05:14.0327 0160  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:05:14.0374 0160  RasPppoe - ok
16:05:14.0374 0160  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:05:14.0390 0160  RasSstp - ok
16:05:14.0390 0160  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:05:14.0421 0160  rdbss - ok
16:05:14.0421 0160  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
16:05:14.0437 0160  rdpbus - ok
16:05:14.0437 0160  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:05:14.0452 0160  RDPCDD - ok
16:05:14.0452 0160  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:05:14.0483 0160  RDPENCDD - ok
16:05:14.0483 0160  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:05:14.0499 0160  RDPREFMP - ok
16:05:14.0499 0160  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:05:14.0515 0160  RDPWD - ok
16:05:14.0515 0160  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:05:14.0530 0160  rdyboost - ok
16:05:14.0530 0160  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:05:14.0546 0160  RemoteAccess - ok
16:05:14.0546 0160  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:05:14.0577 0160  RemoteRegistry - ok
16:05:14.0577 0160  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:05:14.0593 0160  RpcEptMapper - ok
16:05:14.0608 0160  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:05:14.0608 0160  RpcLocator - ok
16:05:14.0608 0160  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:05:14.0639 0160  RpcSs - ok
16:05:14.0639 0160  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:05:14.0655 0160  rspndr - ok
16:05:14.0671 0160  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:05:14.0671 0160  SamSs - ok
16:05:14.0671 0160  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:05:14.0686 0160  sbp2port - ok
16:05:14.0686 0160  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:05:14.0702 0160  SCardSvr - ok
16:05:14.0702 0160  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:05:14.0733 0160  scfilter - ok
16:05:14.0733 0160  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:05:14.0764 0160  Schedule - ok
16:05:14.0764 0160  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:05:14.0795 0160  SCPolicySvc - ok
16:05:14.0795 0160  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:05:14.0795 0160  SDRSVC - ok
16:05:14.0811 0160  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:05:14.0827 0160  secdrv - ok
16:05:14.0827 0160  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:05:14.0842 0160  seclogon - ok
16:05:14.0842 0160  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:05:14.0873 0160  SENS - ok
16:05:14.0873 0160  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:05:14.0889 0160  SensrSvc - ok
16:05:14.0889 0160  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:05:14.0889 0160  Serenum - ok
16:05:14.0889 0160  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
16:05:14.0905 0160  Serial - ok
16:05:14.0905 0160  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:05:14.0920 0160  sermouse - ok
16:05:14.0920 0160  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:05:14.0936 0160  SessionEnv - ok
16:05:14.0936 0160  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:05:14.0951 0160  sffdisk - ok
16:05:14.0951 0160  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:05:14.0967 0160  sffp_mmc - ok
16:05:14.0967 0160  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:05:14.0983 0160  sffp_sd - ok
16:05:14.0983 0160  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:05:14.0983 0160  sfloppy - ok
16:05:14.0998 0160  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:05:15.0014 0160  SharedAccess - ok
16:05:15.0014 0160  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:05:15.0045 0160  ShellHWDetection - ok
16:05:15.0045 0160  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:05:15.0045 0160  SiSRaid2 - ok
16:05:15.0061 0160  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:05:15.0061 0160  SiSRaid4 - ok
16:05:15.0061 0160  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:05:15.0092 0160  Smb - ok
16:05:15.0092 0160  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:05:15.0092 0160  SNMPTRAP - ok
16:05:15.0092 0160  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:05:15.0107 0160  spldr - ok
16:05:15.0107 0160  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:05:15.0123 0160  Spooler - ok
16:05:15.0154 0160  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:05:15.0201 0160  sppsvc - ok
16:05:15.0201 0160  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:05:15.0232 0160  sppuinotify - ok
16:05:15.0232 0160  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:05:15.0248 0160  srv - ok
16:05:15.0248 0160  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:05:15.0263 0160  srv2 - ok
16:05:15.0263 0160  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:05:15.0263 0160  srvnet - ok
16:05:15.0263 0160  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:05:15.0295 0160  SSDPSRV - ok
16:05:15.0295 0160  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:05:15.0326 0160  SstpSvc - ok
16:05:15.0326 0160  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:05:15.0341 0160  Stereo Service - ok
16:05:15.0341 0160  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:05:15.0341 0160  stexstor - ok
16:05:15.0357 0160  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:05:15.0373 0160  stisvc - ok
16:05:15.0373 0160  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:05:15.0373 0160  swenum - ok
16:05:15.0373 0160  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:05:15.0404 0160  swprv - ok
16:05:15.0419 0160  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:05:15.0435 0160  SysMain - ok
16:05:15.0451 0160  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:05:15.0451 0160  TabletInputService - ok
16:05:15.0466 0160  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:05:15.0482 0160  TapiSrv - ok
16:05:15.0482 0160  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:05:15.0513 0160  TBS - ok
16:05:15.0529 0160  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:05:15.0544 0160  Tcpip - ok
16:05:15.0560 0160  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:05:15.0591 0160  TCPIP6 - ok
16:05:15.0591 0160  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:05:15.0607 0160  tcpipreg - ok
16:05:15.0607 0160  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:05:15.0622 0160  TDPIPE - ok
16:05:15.0622 0160  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:05:15.0622 0160  TDTCP - ok
16:05:15.0638 0160  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:05:15.0653 0160  tdx - ok
16:05:15.0653 0160  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:05:15.0653 0160  TermDD - ok
16:05:15.0669 0160  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:05:15.0685 0160  TermService - ok
16:05:15.0700 0160  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:05:15.0700 0160  Themes - ok
16:05:15.0700 0160  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:05:15.0731 0160  THREADORDER - ok
16:05:15.0731 0160  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
16:05:15.0747 0160  TPM - ok
16:05:15.0747 0160  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:05:15.0763 0160  TrkWks - ok
16:05:15.0763 0160  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:05:15.0794 0160  TrustedInstaller - ok
16:05:15.0794 0160  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:05:15.0809 0160  tssecsrv - ok
16:05:15.0809 0160  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:05:15.0825 0160  TsUsbFlt - ok
16:05:15.0825 0160  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:05:15.0825 0160  TsUsbGD - ok
16:05:15.0841 0160  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:05:15.0856 0160  tunnel - ok
16:05:15.0856 0160  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:05:15.0856 0160  uagp35 - ok
16:05:15.0872 0160  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:05:15.0887 0160  udfs - ok
16:05:15.0887 0160  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:05:15.0903 0160  UI0Detect - ok
16:05:15.0903 0160  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:05:15.0919 0160  uliagpkx - ok
16:05:15.0919 0160  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:05:15.0919 0160  umbus - ok
16:05:15.0919 0160  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:05:15.0934 0160  UmPass - ok
16:05:15.0934 0160  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:05:15.0965 0160  upnphost - ok
16:05:15.0965 0160  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:05:15.0965 0160  usbccgp - ok
16:05:15.0981 0160  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:05:15.0981 0160  usbcir - ok
16:05:15.0981 0160  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
16:05:15.0997 0160  usbehci - ok
16:05:15.0997 0160  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:05:16.0012 0160  usbhub - ok
16:05:16.0012 0160  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:05:16.0012 0160  usbohci - ok
16:05:16.0012 0160  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
16:05:16.0028 0160  usbprint - ok
16:05:16.0028 0160  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:05:16.0043 0160  USBSTOR - ok
16:05:16.0043 0160  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:05:16.0043 0160  usbuhci - ok
16:05:16.0043 0160  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:05:16.0075 0160  UxSms - ok
16:05:16.0075 0160  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:05:16.0075 0160  VaultSvc - ok
16:05:16.0090 0160  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:05:16.0090 0160  vdrvroot - ok
16:05:16.0090 0160  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:05:16.0121 0160  vds - ok
16:05:16.0121 0160  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:05:16.0137 0160  vga - ok
16:05:16.0137 0160  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:05:16.0153 0160  VgaSave - ok
16:05:16.0153 0160  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:05:16.0168 0160  vhdmp - ok
16:05:16.0168 0160  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:05:16.0168 0160  viaide - ok
16:05:16.0184 0160  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:05:16.0184 0160  volmgr - ok
16:05:16.0184 0160  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:05:16.0199 0160  volmgrx - ok
16:05:16.0199 0160  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:05:16.0215 0160  volsnap - ok
16:05:16.0215 0160  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:05:16.0215 0160  vsmraid - ok
16:05:16.0231 0160  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:05:16.0262 0160  VSS - ok
16:05:16.0262 0160  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:05:16.0277 0160  vwifibus - ok
16:05:16.0277 0160  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:05:16.0309 0160  W32Time - ok
16:05:16.0309 0160  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:05:16.0324 0160  WacomPen - ok
16:05:16.0324 0160  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:05:16.0340 0160  WANARP - ok
16:05:16.0340 0160  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:05:16.0355 0160  Wanarpv6 - ok
16:05:16.0371 0160  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:05:16.0387 0160  WatAdminSvc - ok
16:05:16.0402 0160  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:05:16.0433 0160  wbengine - ok
16:05:16.0433 0160  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:05:16.0449 0160  WbioSrvc - ok
16:05:16.0449 0160  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:05:16.0465 0160  wcncsvc - ok
16:05:16.0465 0160  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:05:16.0465 0160  WcsPlugInService - ok
16:05:16.0480 0160  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
16:05:16.0480 0160  Wd - ok
16:05:16.0480 0160  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:05:16.0496 0160  Wdf01000 - ok
16:05:16.0496 0160  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:05:16.0511 0160  WdiServiceHost - ok
16:05:16.0511 0160  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:05:16.0527 0160  WdiSystemHost - ok
16:05:16.0527 0160  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:05:16.0543 0160  WebClient - ok
16:05:16.0543 0160  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:05:16.0574 0160  Wecsvc - ok
16:05:16.0574 0160  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:05:16.0589 0160  wercplsupport - ok
16:05:16.0589 0160  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:05:16.0621 0160  WerSvc - ok
16:05:16.0621 0160  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:05:16.0636 0160  WfpLwf - ok
16:05:16.0636 0160  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:05:16.0652 0160  WIMMount - ok
16:05:16.0652 0160  WinDefend - ok
16:05:16.0652 0160  WinHttpAutoProxySvc - ok
16:05:16.0667 0160  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:05:16.0683 0160  Winmgmt - ok
16:05:16.0699 0160  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:05:16.0730 0160  WinRM - ok
16:05:16.0745 0160  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:05:16.0761 0160  Wlansvc - ok
16:05:16.0777 0160  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:05:16.0808 0160  wlidsvc - ok
16:05:16.0808 0160  [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
16:05:16.0823 0160  WmBEnum - ok
16:05:16.0823 0160  [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
16:05:16.0823 0160  WmFilter - ok
16:05:16.0823 0160  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:05:16.0839 0160  WmiAcpi - ok
16:05:16.0839 0160  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:05:16.0855 0160  wmiApSrv - ok
16:05:16.0855 0160  WMPNetworkSvc - ok
16:05:16.0855 0160  [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
16:05:16.0855 0160  WmVirHid - ok
16:05:16.0855 0160  [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
16:05:16.0870 0160  WmXlCore - ok
16:05:16.0870 0160  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:05:16.0870 0160  WPCSvc - ok
16:05:16.0886 0160  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:05:16.0886 0160  WPDBusEnum - ok
16:05:16.0886 0160  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:05:16.0917 0160  ws2ifsl - ok
16:05:16.0917 0160  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:05:16.0917 0160  wscsvc - ok
16:05:16.0933 0160  WSearch - ok
16:05:16.0948 0160  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:05:16.0979 0160  wuauserv - ok
16:05:16.0979 0160  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:05:16.0995 0160  WudfPf - ok
16:05:17.0011 0160  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:05:17.0026 0160  WUDFRd - ok
16:05:17.0026 0160  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:05:17.0042 0160  wudfsvc - ok
16:05:17.0057 0160  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:05:17.0073 0160  WwanSvc - ok
16:05:17.0073 0160  ================ Scan global ===============================
16:05:17.0073 0160  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:05:17.0073 0160  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:05:17.0073 0160  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:05:17.0089 0160  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:05:17.0089 0160  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:05:17.0089 0160  [Global] - ok
16:05:17.0089 0160  ================ Scan MBR ==================================
16:05:17.0089 0160  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:05:17.0182 0160  \Device\Harddisk0\DR0 - ok
16:05:17.0198 0160  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:05:17.0354 0160  \Device\Harddisk1\DR1 - ok
16:05:17.0354 0160  ================ Scan VBR ==================================
16:05:17.0354 0160  [ 26202A2B12BC7A1F83B47D2EA7B4B98D ] \Device\Harddisk0\DR0\Partition1
16:05:17.0354 0160  \Device\Harddisk0\DR0\Partition1 - ok
16:05:17.0354 0160  [ F8CC40FC7035DD243500E8CF16A09DB5 ] \Device\Harddisk1\DR1\Partition1
16:05:17.0354 0160  \Device\Harddisk1\DR1\Partition1 - ok
16:05:17.0354 0160  ============================================================
16:05:17.0354 0160  Scan finished
16:05:17.0354 0160  ============================================================
16:05:17.0354 4984  Detected object count: 0
16:05:17.0354 4984  Actual detected object count: 0
         

Alt 14.01.2013, 16:25   #12
Shilo
 
Topic Torch Tollbar --> Virus? - Standard

Topic Torch Tollbar --> Virus?



Doppelpost

Geändert von Shilo (14.01.2013 um 16:47 Uhr)

Alt 14.01.2013, 21:32   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Topic Torch Tollbar --> Virus? - Standard

Topic Torch Tollbar --> Virus?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.01.2013, 22:49   #14
Shilo
 
Topic Torch Tollbar --> Virus? - Standard

Topic Torch Tollbar --> Virus?



Erledigt
Code:
ATTFilter
ComboFix 13-01-14.01 - Bernhard 14.01.2013  22:44:18.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.15849.14210 [GMT 1:00]
ausgeführt von:: d:\users\Bernhard\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmp6029.tmp
c:\windows\SysWow64\tmp602A.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-14 bis 2013-01-14  ))))))))))))))))))))))))))))))
.
.
2013-01-13 22:29 . 2013-01-13 22:29	--------	d-----w-	c:\users\Bernhard\AppData\Roaming\Sony Online Entertainment
2013-01-13 20:38 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{085BE292-6F25-4802-A9F6-5D77E8E932AD}\mpengine.dll
2013-01-13 20:30 . 2013-01-13 20:30	--------	d-----w-	c:\users\Bernhard\AppData\Local\Diagnostics
2013-01-11 16:05 . 2013-01-11 16:04	49262	----a-w-	c:\windows\SysWow64\jpicpl32.cpl
2013-01-11 16:04 . 2013-01-11 16:04	--------	d-----w-	c:\program files (x86)\Java
2013-01-11 16:04 . 2013-01-11 16:04	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-01-08 21:38 . 2013-01-08 21:38	--------	d-----w-	C:\Driver_Win8_Win7
2013-01-08 16:27 . 2013-01-08 16:27	--------	d-----w-	c:\program files (x86)\Realtek
2013-01-07 01:26 . 2013-01-13 19:09	--------	d-----w-	c:\programdata\Tarma Installer
2013-01-07 01:26 . 2013-01-07 01:26	--------	d-----w-	c:\users\Bernhard\AppData\Local\PutLockerDownloader
2012-12-25 17:38 . 2012-12-25 17:38	--------	d-----w-	c:\program files\Logitech
2012-12-25 17:38 . 2012-12-25 17:38	--------	d-----w-	c:\program files\Common Files\Logitech
2012-12-25 17:32 . 2012-12-25 17:32	--------	d-----w-	c:\users\Bernhard\AppData\Roaming\Leadertech
2012-12-25 17:32 . 2012-12-25 17:32	--------	d-----w-	c:\users\Bernhard\AppData\Local\Logitech
2012-12-25 17:32 . 2012-12-25 17:32	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-12-25 17:32 . 2012-12-25 17:32	--------	d-----w-	c:\programdata\LogiShrd
2012-12-25 17:32 . 2012-12-25 17:32	--------	d-----w-	c:\program files\Logitech Gaming Software
2012-12-25 17:32 . 2012-12-25 17:32	--------	d-----w-	c:\users\Bernhard\AppData\Roaming\Logitech
2012-12-25 17:32 . 2012-12-25 17:32	--------	d-----w-	c:\users\Bernhard\AppData\Roaming\Logishrd
2012-12-25 17:11 . 2000-01-05 05:35	208896	----a-w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-12-25 17:11 . 2000-01-04 05:44	237568	----a-w-	c:\program files (x86)\Common Files\InstallShield\IScript\IScript.dll
2012-12-25 17:11 . 2000-01-04 05:39	32768	----a-w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-12-25 17:11 . 2000-01-04 05:39	212992	----a-w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2012-12-22 20:36 . 2012-12-22 20:36	--------	d-----w-	c:\users\Bernhard\AppData\Roaming\NVIDIA
2012-12-22 20:36 . 2009-12-17 15:49	45600	----a-w-	c:\windows\system32\drivers\npusbio_x64.sys
2012-12-22 20:34 . 2000-01-04 04:44	151552	----a-w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-12-18 19:01 . 2012-12-18 19:18	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2012-12-18 19:01 . 2012-12-18 19:18	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-12-18 19:01 . 2012-12-18 19:18	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2012-12-18 19:01 . 2012-12-18 19:18	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-12-18 19:01 . 2012-12-18 19:16	--------	d-----w-	c:\program files (x86)\OpenAL
2012-12-16 18:55 . 2012-12-16 18:55	--------	d-----w-	C:\Games
2012-12-16 04:09 . 2012-12-16 04:09	--------	d-----w-	c:\users\Bernhard\AppData\Roaming\ArmA II Launcher
2012-12-16 04:08 . 2012-12-18 19:23	--------	d-----w-	c:\users\Bernhard\AppData\Local\ArmA
2012-12-16 03:01 . 2013-01-13 17:30	--------	d-----w-	c:\program files\CCleaner
2012-12-16 02:18 . 2010-03-15 10:31	165376	----a-w-	c:\windows\SysWow64\unrar.dll
2012-12-16 02:18 . 2012-12-16 02:18	--------	d-----w-	c:\program files (x86)\K-Lite Codec Pack
2012-12-16 02:17 . 2012-12-16 02:17	--------	d-----w-	c:\program files\Open Freely
2012-12-16 01:31 . 2012-12-16 01:32	--------	d-----w-	c:\users\Bernhard\AppData\Roaming\Notepad++
2012-12-15 22:25 . 2012-12-15 22:25	--------	d-----w-	c:\users\Bernhard\AppData\Roaming\Nero
2012-12-15 22:25 . 2012-12-16 02:06	--------	d-----w-	c:\program files (x86)\Common Files\AVG Secure Search
2012-12-15 22:25 . 2012-12-15 22:25	--------	d--h--w-	c:\programdata\Common Files
2012-12-15 22:23 . 2012-12-15 22:23	--------	d-----w-	c:\program files (x86)\Nero
2012-12-15 22:22 . 2012-12-15 22:23	--------	d-----w-	c:\programdata\Nero
2012-12-15 22:15 . 2012-12-15 22:23	--------	d-----w-	c:\program files (x86)\Common Files\Nero
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 12:49 . 2012-11-11 10:44	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-12 12:49 . 2012-11-11 10:44	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 15:49 . 2012-11-30 05:12	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-17 18:30 . 2012-11-17 18:30	189248	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-11-17 18:30 . 2012-11-17 18:30	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-11-16 02:32 . 2012-11-12 02:27	613720	----a-w-	c:\windows\system32\drivers\klif.sys
2012-11-16 02:32 . 2012-06-08 10:38	54104	----a-w-	c:\windows\system32\drivers\kltdi.sys
2012-11-12 02:56 . 2012-07-25 13:53	29528	----a-w-	c:\windows\system32\drivers\klmouflt.sys
2012-11-12 02:56 . 2012-05-25 18:38	29016	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2012-11-11 23:42 . 2012-11-11 23:42	5	----a-w-	c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-10 21:18	220632	----a-w-	c:\users\Bernhard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-10 21:18	220632	----a-w-	c:\users\Bernhard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-10 21:18	220632	----a-w-	c:\users\Bernhard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-16 356376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2012-10-02 445800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-11 1255736]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-11-16 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys [2012-06-14 357184]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys [2012-06-14 789824]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-11-12 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-11-12 29528]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-10-02 66360]
S3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys [2012-10-02 43832]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys [2009-12-17 45600]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-11 12:49]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12 03:02]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12 03:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-10 21:18	244696	----a-w-	c:\users\Bernhard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-10 21:18	244696	----a-w-	c:\users\Bernhard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-10 21:18	244696	----a-w-	c:\users\Bernhard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-20 13192848]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://h1681442.stratoserver.net/board/index.php?page=Portal
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=AT&userid=53436c9e-893b-49b4-878f-7e89fa261913&searchtype=ds&q={searchTerms}
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.138
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-14  22:47:42
ComboFix-quarantined-files.txt  2013-01-14 21:47
.
Vor Suchlauf: 11 Verzeichnis(se), 14.080.425.984 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 14.094.368.768 Bytes frei
.
- - End Of File - - F63A4E3B70EE6F878AE5AE90ACB9BD02
         

Alt 14.01.2013, 23:41   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Topic Torch Tollbar --> Virus? - Standard

Topic Torch Tollbar --> Virus?



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Topic Torch Tollbar --> Virus?
addlyrics, adobe reader xi, avp.exe, bho, browser, ebanking, entfernen, error, fehler, firefox, flash player, google, helper, home, install.exe, internet security 2013, intranet, kaspersky internet security 2013, logfile, msvcrt, nvidia update, office 2007, programm, realtek, registry, rundll, scan, security, senden, software, svchost.exe, tarma, tastatur, usb, viel werbung, virus, werbung, windows



Ähnliche Themen: Topic Torch Tollbar --> Virus?


  1. Ads by Shopper For Torch entfernen
    Anleitungen, FAQs & Links - 04.08.2015 (2)
  2. easylifeapp und torch-browser - aber: darf ich hier posten?
    Lob, Kritik und Wünsche - 09.05.2014 (2)
  3. Windows 8, 64 Bit. Probleme mit Topic Torch/ Wise Enhance
    Log-Analyse und Auswertung - 04.05.2014 (7)
  4. Trojaner "Plurepush Topic Torch" entfernen
    Log-Analyse und Auswertung - 02.05.2014 (5)
  5. Iminent-und Facemood Tollbar sowie Websteroid läßt sich nicht entfernen (Windows7)
    Log-Analyse und Auswertung - 31.01.2014 (7)
  6. Plötzlich Topic Torch Tollbar und andere Pop-Ups
    Plagegeister aller Art und deren Bekämpfung - 16.01.2014 (18)
  7. torch toolbar entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.01.2014 (9)
  8. Topic Torch by WebCake (adware)
    Plagegeister aller Art und deren Bekämpfung - 25.12.2013 (1)
  9. Trojaner Topic Torch
    Plagegeister aller Art und deren Bekämpfung - 13.12.2013 (13)
  10. Topic Torch
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (11)
  11. Topic Torch, Windows 8
    Plagegeister aller Art und deren Bekämpfung - 15.09.2013 (9)
  12. Topic Torch (Schädling?)
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (9)
  13. Laptop seit 2 Wochen sehr langsam (Aussetzer) - Malware bereits über anderes Topic "behandelt"
    Alles rund um Windows - 25.07.2013 (8)
  14. Yet another TR/ATRAPS.Gen2 topic
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (22)
  15. Bezüglich Topic: Icq Virus 'Schau dir das Bild mal an :D'
    Log-Analyse und Auswertung - 28.06.2010 (2)
  16. about:blank plus komische tollbar !
    Plagegeister aller Art und deren Bekämpfung - 10.01.2005 (35)

Zum Thema Topic Torch Tollbar --> Virus? - Hallo, ich habe die letzten 2 Tage sehr viel Werbung eingeblendet bekommen, die zum Teil auch nicht entfernbar war. Auch öffnet sich fast immer 2 Browser Fenster wobei eines für - Topic Torch Tollbar --> Virus?...
Archiv
Du betrachtest: Topic Torch Tollbar --> Virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.