Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: browse to save virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.01.2013, 21:02   #1
siskat
 
browse to save virus - Standard

browse to save virus



halihalo
hab auch dieses problem und schon mal otl runtergeladen und laufen lassen.
hab zwar schon so einen thread gelesenn aber ich hab das so verstanden dass das bei jedem anders zu löschen ist?! na jedenfalls bin ich nicht grad die schlauste auf dem gebiet und hoff auf hilfe =)

edit
ogott ich hab ja lauter errors -.-


Code:
ATTFilter
OTL logfile created on: 17.01.2013 20:54:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\grinsekathze\Desktop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,60 Gb Total Physical Memory | 0,27 Gb Available Physical Memory | 16,64% Memory free
3,21 Gb Paging File | 1,08 Gb Available in Paging File | 33,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,84 Gb Total Space | 176,52 Gb Free Space | 62,41% Space Free | Partition Type: NTFS
Drive D: | 14,95 Gb Total Space | 1,85 Gb Free Space | 12,35% Space Free | Partition Type: NTFS
 
Computer Name: GRINSEKATHZE-PC | User Name: grinsekathze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\grinsekathze\Desktop\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\program files (x86)\avira\antivir desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe ()
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\program files (x86)\avira\antivir desktop\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FreemiumSystemStoreService) -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0B0FtDyD0C0C0E0FtBzytN0D0Tzu0CtAyByDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1302105681
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.at/"
FF - prefs.js..extensions.enabledAddons: 501e6fa18edf8%40501e6fa18ee31.info:1.0
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 08:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.13 13:46:30 | 000,000,000 | ---D | M]
 
[2011.11.24 14:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\Extensions
[2013.01.15 20:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\Firefox\Profiles\00ave1we.default\extensions
[2012.08.05 14:07:13 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\Firefox\Profiles\00ave1we.default\extensions\501e6fa18edf8@501e6fa18ee31.info
[2013.01.15 20:41:53 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.02.20 12:00:03 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\DivXWebPlayer@divx.com.xpi
[2013.01.15 20:37:18 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.01.15 20:41:53 | 000,533,036 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.01.15 20:41:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.10 20:28:13 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011.12.01 19:17:22 | 000,002,289 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\ecosia.xml
[2011.11.24 14:09:31 | 000,002,314 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\forestle-de.xml
[2013.01.09 16:06:00 | 000,002,329 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\Funmoods.xml
[2012.08.05 14:07:24 | 000,003,915 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\sweetim.xml
[2012.09.17 10:41:06 | 000,002,399 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\Web Search.xml
[2013.01.11 08:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.11 08:34:24 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.18 08:21:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 16:58:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.18 08:21:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.18 08:21:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.18 08:21:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.18 08:21:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Codecv Class) - {2D588057-BD3F-075B-B569-0C8FC43F046B} - C:\ProgramData\Codecv\bhoclass.dll File not found
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\grinsekathze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F7FB87-78B2-4A8C-A823-CC7F3395D176}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2d81870e-1dd0-11e1-830f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2d81870e-1dd0-11e1-830f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2d818754-1dd0-11e1-830f-101f745606e1}\Shell - "" = AutoRun
O33 - MountPoints2\{2d818754-1dd0-11e1-830f-101f745606e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dfdfc172-6525-11e1-88ed-d0df9abf4704}\Shell - "" = AutoRun
O33 - MountPoints2\{dfdfc172-6525-11e1-88ed-d0df9abf4704}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.17 11:22:58 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\.thumbnails
[2013.01.17 11:19:36 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\fontconfig
[2013.01.17 11:19:32 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\gegl-0.2
[2013.01.17 11:19:32 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\.gimp-2.8
[2013.01.17 11:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.01.15 19:49:52 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\Desktop\OSTTIROL WICHTIG
[2013.01.14 06:52:06 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\Desktop\ideen & upcycling
[2013.01.11 08:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.10 15:05:33 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.10 15:05:33 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.10 15:05:11 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.10 15:04:48 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.09 16:05:28 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Roaming\Funmoods
[2013.01.09 16:04:11 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\PutLockerDownloader
[2013.01.09 16:03:44 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
[2013.01.06 12:19:59 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Roaming\iScreensaver
[2013.01.05 14:36:47 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\WinZip
[2012.12.21 21:42:07 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.21 21:42:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.21 21:42:05 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.21 21:42:05 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.17 19:41:35 | 000,406,381 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0005.JPG
[2013.01.17 19:38:58 | 000,703,061 | ---- | M] () -- C:\Users\grinsekathze\Desktop\AP_A1_Umzugsservice.pdf
[2013.01.17 12:51:27 | 000,670,791 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0009.JPG
[2013.01.17 12:51:20 | 000,564,667 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0007.JPG
[2013.01.17 12:51:17 | 000,661,282 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0008.JPG
[2013.01.17 11:43:04 | 000,000,924 | ---- | M] () -- C:\Users\grinsekathze\Desktop\GIMP 2.lnk
[2013.01.17 11:42:54 | 000,275,565 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0126.png
[2013.01.17 11:42:54 | 000,002,118 | ---- | M] () -- C:\Users\grinsekathze\AppData\Local\recently-used.xbel
[2013.01.17 11:37:45 | 000,000,485 | ---- | M] () -- C:\Windows\cdplayer.ini
[2013.01.17 11:37:39 | 000,001,534 | ---- | M] () -- C:\ProgramData\ss.ini
[2013.01.17 11:36:16 | 000,737,137 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0126.xcf
[2013.01.17 09:20:33 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.17 09:20:33 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.17 09:20:33 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.17 09:20:33 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.17 09:20:33 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.16 23:26:45 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 23:26:45 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 23:19:26 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.01.16 23:18:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.11 03:21:01 | 000,296,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.09 16:04:46 | 000,368,102 | ---- | M] () -- C:\Users\grinsekathze\AppData\Local\funmoods-speeddial_sf.crx
[2013.01.09 16:04:46 | 000,031,465 | ---- | M] () -- C:\Users\grinsekathze\AppData\Local\funmoods.crx
[2013.01.09 16:03:44 | 000,000,924 | ---- | M] () -- C:\Users\grinsekathze\Desktop\Movie2KDownloader.lnk
[2012.12.20 08:29:39 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.12.20 08:29:16 | 000,701,576 | ---- | M] () -- C:\Users\grinsekathze\Desktop\Hochkar-Panoramakarte_DE.jpg
[2012.12.19 23:03:42 | 000,843,391 | ---- | M] () -- C:\Users\grinsekathze\Desktop\BAGS Kollektivvertrag 2012.pdf
[2012.12.19 13:39:53 | 000,279,411 | ---- | M] () -- C:\Users\grinsekathze\Desktop\Lebenslauf Kathrin Blumauer.pdf
 
========== Files Created - No Company Name ==========
 
[2013.01.17 19:41:35 | 000,406,381 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0005.JPG
[2013.01.17 19:08:43 | 000,703,061 | ---- | C] () -- C:\Users\grinsekathze\Desktop\AP_A1_Umzugsservice.pdf
[2013.01.17 12:51:06 | 000,670,791 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0009.JPG
[2013.01.17 12:51:06 | 000,564,667 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0007.JPG
[2013.01.17 12:51:05 | 000,661,282 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0008.JPG
[2013.01.17 11:42:54 | 000,002,118 | ---- | C] () -- C:\Users\grinsekathze\AppData\Local\recently-used.xbel
[2013.01.17 11:42:52 | 000,275,565 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0126.png
[2013.01.17 11:34:52 | 000,737,137 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0126.xcf
[2013.01.17 11:19:25 | 000,000,924 | ---- | C] () -- C:\Users\grinsekathze\Desktop\GIMP 2.lnk
[2013.01.17 11:15:17 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013.01.09 16:05:28 | 000,368,102 | ---- | C] () -- C:\Users\grinsekathze\AppData\Local\funmoods-speeddial_sf.crx
[2013.01.09 16:05:26 | 000,031,465 | ---- | C] () -- C:\Users\grinsekathze\AppData\Local\funmoods.crx
[2013.01.09 16:03:44 | 000,000,924 | ---- | C] () -- C:\Users\grinsekathze\Desktop\Movie2KDownloader.lnk
[2013.01.06 12:19:50 | 006,658,246 | ---- | C] () -- C:\Users\grinsekathze\Desktop\gezeitenweltglobus.EXE
[2012.12.20 08:29:09 | 000,701,576 | ---- | C] () -- C:\Users\grinsekathze\Desktop\Hochkar-Panoramakarte_DE.jpg
[2012.12.19 23:03:42 | 000,843,391 | ---- | C] () -- C:\Users\grinsekathze\Desktop\BAGS Kollektivvertrag 2012.pdf
[2012.12.19 13:39:48 | 000,279,411 | ---- | C] () -- C:\Users\grinsekathze\Desktop\Lebenslauf Kathrin Blumauer.pdf
[2012.12.07 11:56:23 | 000,000,485 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.12.07 11:32:59 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2012.02.25 21:59:17 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.12.11 17:37:20 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.28 12:49:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.11.24 17:20:17 | 000,007,599 | ---- | C] () -- C:\Users\grinsekathze\AppData\Local\Resmon.ResmonCfg
[2011.08.16 13:51:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.10 08:55:07 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.06.15 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Freemium
[2013.01.09 16:05:28 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Funmoods
[2013.01.06 12:19:59 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\iScreensaver
[2011.11.24 14:58:03 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Jens Lorek
[2012.10.09 12:51:15 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\OpenCandy
[2012.01.19 12:07:35 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\OpenOffice.org
[2012.11.08 12:49:48 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\pdfforge
[2012.01.19 11:57:55 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\SoftGrid Client
[2012.03.03 13:31:55 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Sony
[2011.11.24 14:03:21 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Synaptics
[2011.12.03 18:06:17 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\T-Mobile
[2011.12.11 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\TP
[2012.10.09 13:41:27 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\TuneUp Software
[2013.01.17 21:02:48 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
         


Code:
ATTFilter
OTL Extras logfile created on: 17.01.2013 20:54:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\grinsekathze\Desktop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,60 Gb Total Physical Memory | 0,27 Gb Available Physical Memory | 16,64% Memory free
3,21 Gb Paging File | 1,08 Gb Available in Paging File | 33,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,84 Gb Total Space | 176,52 Gb Free Space | 62,41% Space Free | Partition Type: NTFS
Drive D: | 14,95 Gb Total Space | 1,85 Gb Free Space | 12,35% Space Free | Partition Type: NTFS
 
Computer Name: GRINSEKATHZE-PC | User Name: grinsekathze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13EEA3A6-E516-4194-A8CE-717DA7B76D75}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2268A202-11C0-49F9-9C95-759875048BDA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{539FF5B6-5F05-478D-8269-9BBE0D206530}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{540939FC-3ED2-4A9E-A670-847215014E2C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{561061A0-97E3-4C9C-9F0E-8F67AAE55EFA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6457E410-9D31-4B8B-A7D1-0F0ED27E3EF0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6A350EE5-D3F7-4A45-B487-F165E12A15F2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6CD84F12-28D6-4A94-B43E-C844C5ED8AA1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F7B7847-2B6F-4717-8956-248F2BE83111}" = rport=445 | protocol=6 | dir=out | app=system | 
"{801618EB-A544-4901-8103-15C9472A867E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{84050A94-2CFF-48DF-84B4-4DD06C822FF0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8992A69C-A922-4071-A185-DADBDDFDFDCE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{89BA3465-7CB5-426B-92C1-9EBF0A7D8550}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8FF5F538-755F-49B3-B4B4-B8F79B322488}" = lport=137 | protocol=17 | dir=in | app=system | 
"{96AA3A6D-4BA5-4822-B9FE-510C6280B224}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A5A4C60C-8DF7-4C28-A661-EF49464E43C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AB8FE59C-23B6-483C-AEBA-1DF54E48DA13}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C559004E-6364-446C-A1AA-69AAD8FD307E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CB5ED033-54AD-4DAD-A55E-2D63CB825E37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D130D9B6-774F-49ED-8BAB-A7CBF5D31E1D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D44AF393-0566-4F4A-B7FF-0053CE790234}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D488656A-AFD4-495C-967F-36381AB2E6BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D52E1818-3EFF-4504-98F0-3DA6F7AA512E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ECAB0EFA-F12F-464F-84D8-F577D58DC191}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F473DAB7-4097-40D5-A95C-35C6DEE72B51}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026440B1-F5E6-4CF8-A4A5-184550AF4840}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{03756458-D0EF-49D1-80FB-0BB566795FF3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{079676D3-E9B1-4B9C-B328-48C8C26948CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1681DB2E-D50D-46D4-AB22-7F62312A7C22}" = protocol=17 | dir=in | app=c:\users\grinsekathze\appdata\local\temp\icreinstall\cnet2_caesar4_demo_en_exe.exe | 
"{1C679E14-C62F-4D5D-99FC-605625A6616B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1EE95607-215E-4413-B499-7F11B3FCE57A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2630B676-75AC-4E86-A153-FD0D42AFFFCC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{368FD8D7-C361-4F9A-89D8-D7F3F89DC708}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{4677EF26-E74A-41D8-B816-6D8EDF883509}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{53A1595F-526E-4C05-BCE1-52A28B87B16E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{59D97E3A-C86A-466C-9D87-F17A80C6506A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5A966CD3-A561-471D-B945-9297A2C7EBCE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{627AFF59-12B3-4CB3-845A-0B312586CC40}" = protocol=6 | dir=out | app=system | 
"{69BD1719-1FA8-478D-9CD4-8721E52D4425}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6DA3B3E1-8145-471C-AD72-4C1466029568}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7257FB07-DCF0-4F10-B8D7-F2902EEEFD8B}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{74C68BD7-7394-491B-A7DE-D6821A89FCEB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{80F24660-0A69-42FB-8681-BA9152D96DBC}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{84C85B64-9AA5-4FD1-923B-248089C83A06}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{9A9D6371-B611-43D0-9E62-7D1ECB85DCFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A428ACA6-9BBD-48E7-B803-4FB5315D75A7}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{A5A0FD3C-FC9E-4504-AB4A-1F5260DAD400}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{A5DC2E51-FA28-4A2C-BD6A-A0BA1D87D0E5}" = protocol=6 | dir=in | app=c:\users\grinsekathze\appdata\local\temp\icreinstall\cnet2_caesar4_demo_en_exe.exe | 
"{B6CC1895-0E53-4C8C-BF8E-17F4D6B8F698}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BE6DBFC1-0CD2-428B-929F-2FEC4C560E2D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C29A2CB7-B77F-4F32-B2B9-4B66D5FE99B8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D07AF249-AD70-43C0-942A-62478836C5CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D1295660-6AFE-4BE0-B7A5-DC729CBAA2E7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D52E7DA4-91FF-4D8D-BEA4-49162CE7A3EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D9AD44F7-1DFE-410E-B0FB-82B5A0CE82A7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{DFA2248A-76ED-482A-8181-28D4BFED8034}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F0FF9D22-6C06-46B8-AF2C-D15E1FBDFF87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FB087712-4227-4562-9932-61DC9DD65422}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{C929FC29-7BAE-455B-97C6-D5E9425949CC}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"TCP Query User{DD914C7F-E884-4C32-9807-E27542C866CD}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"UDP Query User{448AA499-95F4-4FCE-ADFF-02686BB4A52A}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{9266BB6F-CBB5-43AB-92FF-3988CAB6750A}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E6BEFE9-0AFF-C09F-24A8-AA1CB05869BF}" = WMV9/VC-1 Video Playback
"{76A7DF87-2F94-A068-96B1-D5A392B785E1}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1250C3B-8953-8A3F-9FCF-D43BB6AE0051}" = AMD Fuel
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E04A3037-2F82-C518-D6CA-A63497D3872F}" = ATI Catalyst Install Manager
"GIMP-2_is1" = GIMP 2.8.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR 4.10 beta 2 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E73CF7-3B8E-49F6-B09C-3FB122B3938A}" = HP Software Framework
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26C4E5F1-314C-F3DF-2294-3685BF5F9E05}" = CCC Help Czech
"{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}" = HP Documentation
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP 3.92
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F1042D-1423-81C6-299B-C21FAB216F93}" = CCC Help Italian
"{6137C043-93EA-6769-90EA-01E87B041117}" = CCC Help Norwegian
"{6265A4F4-91FE-FFEC-1ECA-E5639B80ECB3}" = CCC Help French
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{657BD928-2C0B-7EFA-7740-DE8BC937FEF4}" = CCC Help Thai
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E30DB0-A342-F453-D14D-827B454A9E4A}" = CCC Help Swedish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6833708F-D07C-34AA-B195-698FA0C8879C}" = CCC Help Polish
"{687DB473-1A0F-5B1D-D0E0-A73258207AB2}" = ccc-core-static
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C92846D-67BA-5B17-38F4-E1318A0272B7}" = CCC Help Greek
"{6D437C07-418F-9E01-96EB-DC55F780A198}" = CCC Help Turkish
"{710E96D5-98A1-6732-8768-8F4ACCA520C1}" = CCC Help Portuguese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9299A9E5-4A0F-C936-76BD-62BCBD38CC21}" = CCC Help English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9B04A7CC-F80E-72C6-8B9E-83A88A5B479B}" = CCC Help Japanese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6A200F-90D7-F262-9639-16D640298E32}" = CCC Help Finnish
"{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}" = HP Support Assistant
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A37E63B7-29E5-CAF4-A81D-0A67946924E0}" = Catalyst Control Center Graphics Previews Common
"{A5449F23-80E8-04D2-EB41-7BE229CCB37B}" = Catalyst Control Center InstallProxy
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B97E3520-C726-475E-BC0C-7561952633AB}" = HP Power Manager
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C0838AAC-DF3E-5865-88D3-E43864E2B065}" = CCC Help Korean
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C257F891-7975-979B-3EDD-D3E74F1F583B}" = CCC Help Hungarian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CBD74B80-E1A2-08A1-69D9-DE37BFA265EF}" = CCC Help German
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA26698F-3E4F-FBAE-8219-5C3D3C1ECA92}" = CCC Help Spanish
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E13D5C1F-EA6D-E340-85A9-0EA7221F31E9}" = CCC Help Danish
"{E1D1E335-C6CE-C9A5-12B8-587D561E8B30}" = Catalyst Control Center Localization All
"{E3FE0FA5-D813-14AB-DE7B-594257E9550B}" = CCC Help Chinese Traditional
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E774EEC0-18E6-49C8-A271-07654C0A2047}" = Catalyst Control Center - Branding
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0C4AAC9-C7B6-59B3-789D-D2CA4E0CFCD1}" = CCC Help Dutch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5468CFB-F146-12D8-913B-513145180028}" = CCC Help Russian
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA2509E9-7197-8FB8-B35E-090A4F81CA6A}" = CCC Help Chinese Standard
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1ClickDownload" = Movie2KDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.11.2012 09:08:00 | Computer Name = grinsekathze-pc | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 09.11.2012 06:12:45 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.11.2012 05:54:51 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.11.2012 09:20:01 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.11.2012 06:27:03 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.11.2012 02:55:02 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.11.2012 05:14:04 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.11.2012 16:16:41 | Computer Name = grinsekathze-pc | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.2.4680,
 Zeitstempel: 0x50882871  Name des fehlerhaften Moduls: xul.dll, Version: 16.0.2.4680,
 Zeitstempel: 0x508827d6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00130ef7  ID des fehlerhaften
 Prozesses: 0xe6c  Startzeit der fehlerhaften Anwendung: 0x01cdc28333a79e11  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 332bf822-2e98-11e2-a968-101f745606e1
 
Error - 16.11.2012 05:27:46 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.11.2012 08:14:18 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.11.2012 05:57:53 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description = 
 
[ Hewlett-Packard Events ]
Error - 23.04.2012 09:12:15 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041223031211.xml
 File not created by asset agent
 
Error - 17.06.2012 06:12:04 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061217121201.xml
 File not created by asset agent
 
Error - 13.08.2012 04:43:58 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081213104339.xml
 File not created by asset agent
 
Error - 20.08.2012 01:38:55 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081220073849.xml
 File not created by asset agent
 
Error - 02.09.2012 12:36:35 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091202063626.xml
 File not created by asset agent
 
Error - 16.09.2012 12:35:19 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091216063507.xml
 File not created by asset agent
 
Error - 23.09.2012 12:24:17 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091223062413.xml
 File not created by asset agent
 
Error - 02.10.2012 07:31:02 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101202013056.xml
 File not created by asset agent
 
Error - 17.10.2012 05:33:01 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101217113257.xml
 File not created by asset agent
 
Error - 05.01.2013 07:34:23 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011305123418.xml
 File not created by asset agent
 
[ HP Wireless Assistant Events ]
Error - 24.11.2011 09:35:14 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 24.11.2011 09:35:20 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 24.11.2011 09:36:25 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 24.11.2011 09:36:30 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 24.11.2011 09:37:35 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 24.11.2011 09:37:40 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 15.12.2011 16:34:57 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException     bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 10.02.2012 12:07:49 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Starten des Servers fehlgeschlagen
 (Ausnahme von HRESULT: 0x80080005 (CO_E_SERVER_EXEC_FAILURE))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 20.08.2012 07:28:09 | Computer Name = grinsekathze-pc | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 20.08.2012 07:28:13 | Computer Name = grinsekathze-pc | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
[ System Events ]
Error - 16.01.2013 05:36:50 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%1058
 
Error - 16.01.2013 05:37:01 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%1058
 
Error - 16.01.2013 05:37:17 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%1058
 
Error - 16.01.2013 05:37:17 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%1058
 
Error - 16.01.2013 16:57:39 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%1058
 
Error - 16.01.2013 18:19:03 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Media Center Extender-Dienst" ist vom Dienst "PnP-X-IP-Busenumerator"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 16.01.2013 18:19:03 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%1058
 
Error - 16.01.2013 18:19:17 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%1058
 
Error - 16.01.2013 18:19:34 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%1058
 
Error - 16.01.2013 18:19:34 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%1058
 
 
< End of report >
         

so..ich hoffe ich hab bis jetzt mal alles richtig gemacht.

grüssleins
kat

Alt 17.01.2013, 21:33   #2
markusg
/// Malware-holic
 
browse to save virus - Standard

browse to save virus



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________

__________________

Alt 18.01.2013, 10:25   #3
siskat
 
browse to save virus - Standard

browse to save virus



schönen guten morgen =)

ich hoff das passt so...

Code:
ATTFilter
11:02:51.0861 2700  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:02:52.0189 2700  ============================================================
11:02:52.0189 2700  Current date / time: 2013/01/18 11:02:52.0189
11:02:52.0189 2700  SystemInfo:
11:02:52.0189 2700  
11:02:52.0189 2700  OS Version: 6.1.7601 ServicePack: 1.0
11:02:52.0189 2700  Product type: Workstation
11:02:52.0189 2700  ComputerName: GRINSEKATHZE-PC
11:02:52.0189 2700  UserName: grinsekathze
11:02:52.0189 2700  Windows directory: C:\Windows
11:02:52.0189 2700  System windows directory: C:\Windows
11:02:52.0189 2700  Running under WOW64
11:02:52.0189 2700  Processor architecture: Intel x64
11:02:52.0189 2700  Number of processors: 2
11:02:52.0189 2700  Page size: 0x1000
11:02:52.0189 2700  Boot type: Normal boot
11:02:52.0189 2700  ============================================================
11:02:53.0343 2700  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:02:53.0359 2700  ============================================================
11:02:53.0359 2700  \Device\Harddisk0\DR0:
11:02:53.0359 2700  MBR partitions:
11:02:53.0359 2700  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:02:53.0359 2700  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x235AF000
11:02:53.0359 2700  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23613000, BlocksNum 0x1DE7800
11:02:53.0359 2700  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
11:02:53.0359 2700  ============================================================
11:02:53.0375 2700  C: <-> \Device\Harddisk0\DR0\Partition2
11:02:53.0406 2700  D: <-> \Device\Harddisk0\DR0\Partition3
11:02:53.0406 2700  ============================================================
11:02:53.0406 2700  Initialize success
11:02:53.0406 2700  ============================================================
11:03:29.0954 1020  ============================================================
11:03:29.0954 1020  Scan started
11:03:29.0954 1020  Mode: Manual; SigCheck; TDLFS; 
11:03:29.0954 1020  ============================================================
11:03:31.0374 1020  ================ Scan system memory ========================
11:03:31.0374 1020  System memory - ok
11:03:31.0374 1020  ================ Scan services =============================
11:03:32.0232 1020  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:03:32.0793 1020  1394ohci - ok
11:03:32.0840 1020  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:03:32.0887 1020  ACPI - ok
11:03:32.0949 1020  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:03:33.0105 1020  AcpiPmi - ok
11:03:33.0277 1020  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:03:33.0324 1020  AdobeARMservice - ok
11:03:33.0386 1020  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:03:33.0449 1020  adp94xx - ok
11:03:33.0511 1020  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:03:33.0558 1020  adpahci - ok
11:03:33.0667 1020  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:03:33.0714 1020  adpu320 - ok
11:03:33.0776 1020  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:03:34.0135 1020  AeLookupSvc - ok
11:03:34.0213 1020  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
11:03:34.0229 1020  AERTFilters - ok
11:03:34.0307 1020  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
11:03:34.0416 1020  AFD - ok
11:03:34.0494 1020  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:03:34.0541 1020  agp440 - ok
11:03:34.0619 1020  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
11:03:34.0712 1020  ALG - ok
11:03:34.0759 1020  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:03:34.0790 1020  aliide - ok
11:03:34.0837 1020  [ F4F8D818F8BB7EAFB7B9A259D6CBFE68 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:03:34.0977 1020  AMD External Events Utility - ok
11:03:35.0040 1020  AMD FUEL Service - ok
11:03:35.0055 1020  [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
11:03:35.0087 1020  AMD Reservation Manager - ok
11:03:35.0133 1020  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:03:35.0165 1020  amdide - ok
11:03:35.0196 1020  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
11:03:35.0352 1020  amdiox64 - ok
11:03:35.0399 1020  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:03:35.0461 1020  AmdK8 - ok
11:03:35.0726 1020  [ E93230B4214A90854BE7F27E61C1E8FD ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
11:03:36.0132 1020  amdkmdag - ok
11:03:36.0210 1020  [ 2B614A1CB27F36C5B2D96E554472A809 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
11:03:36.0272 1020  amdkmdap - ok
11:03:36.0303 1020  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:03:36.0366 1020  AmdPPM - ok
11:03:36.0413 1020  [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:03:36.0459 1020  amdsata - ok
11:03:36.0573 1020  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
11:03:36.0623 1020  amdsbs - ok
11:03:36.0653 1020  [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:03:36.0683 1020  amdxata - ok
11:03:36.0713 1020  [ 80A508D0C7A21BC13C01D4C671541203 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
11:03:36.0733 1020  amd_sata - ok
11:03:36.0753 1020  [ 2BE940F3A632A1A301B22B096BF221F1 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
11:03:36.0783 1020  amd_xata - ok
11:03:36.0843 1020  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:03:36.0893 1020  AntiVirSchedulerService - ok
11:03:36.0963 1020  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:03:36.0983 1020  AntiVirService - ok
11:03:37.0023 1020  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
11:03:37.0243 1020  AppID - ok
11:03:37.0283 1020  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:03:37.0373 1020  AppIDSvc - ok
11:03:37.0413 1020  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
11:03:37.0523 1020  Appinfo - ok
11:03:37.0573 1020  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
11:03:37.0603 1020  arc - ok
11:03:37.0633 1020  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:03:37.0673 1020  arcsas - ok
11:03:37.0693 1020  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:03:37.0793 1020  AsyncMac - ok
11:03:37.0833 1020  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
11:03:37.0873 1020  atapi - ok
11:03:37.0933 1020  [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
11:03:37.0973 1020  AthBTPort - ok
11:03:38.0043 1020  [ 4C4A576818EA028257C624AE36FF7A03 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
11:03:38.0073 1020  Atheros Bt&Wlan Coex Agent - ok
11:03:38.0093 1020  [ 684B36CA4067DA7000CF95771A3CF0E7 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
11:03:38.0113 1020  AtherosSvc - ok
11:03:38.0223 1020  [ 7C2D67E273E76ADC3ADB621B8404C5FB ] athr            C:\Windows\system32\DRIVERS\athrx.sys
11:03:38.0433 1020  athr - ok
11:03:38.0503 1020  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:03:38.0543 1020  AtiHDAudioService - ok
11:03:38.0594 1020  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:03:38.0703 1020  AudioEndpointBuilder - ok
11:03:38.0735 1020  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:03:38.0813 1020  AudioSrv - ok
11:03:38.0859 1020  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
11:03:38.0906 1020  avgntflt - ok
11:03:38.0937 1020  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
11:03:38.0984 1020  avipbb - ok
11:03:39.0015 1020  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
11:03:39.0047 1020  avkmgr - ok
11:03:39.0093 1020  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:03:39.0218 1020  AxInstSV - ok
11:03:39.0265 1020  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
11:03:39.0343 1020  b06bdrv - ok
11:03:39.0374 1020  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:03:39.0468 1020  b57nd60a - ok
11:03:39.0546 1020  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
11:03:39.0655 1020  BCM43XX - ok
11:03:39.0686 1020  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:03:39.0764 1020  BDESVC - ok
11:03:39.0795 1020  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:03:39.0873 1020  Beep - ok
11:03:39.0951 1020  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
11:03:40.0092 1020  BFE - ok
11:03:40.0154 1020  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
11:03:40.0295 1020  BITS - ok
11:03:40.0326 1020  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
11:03:40.0373 1020  blbdrive - ok
11:03:40.0435 1020  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:03:40.0466 1020  Bonjour Service - ok
11:03:40.0513 1020  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:03:40.0591 1020  bowser - ok
11:03:40.0622 1020  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
11:03:40.0669 1020  BrFiltLo - ok
11:03:40.0700 1020  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
11:03:40.0747 1020  BrFiltUp - ok
11:03:40.0778 1020  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
11:03:40.0872 1020  Browser - ok
11:03:40.0919 1020  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:03:41.0028 1020  Brserid - ok
11:03:41.0059 1020  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:03:41.0106 1020  BrSerWdm - ok
11:03:41.0153 1020  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:03:41.0199 1020  BrUsbMdm - ok
11:03:41.0215 1020  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:03:41.0262 1020  BrUsbSer - ok
11:03:41.0324 1020  [ 227C8F308DE4AF4808E587465CEAB838 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
11:03:41.0371 1020  BTATH_A2DP - ok
11:03:41.0418 1020  [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
11:03:41.0433 1020  BTATH_BUS - ok
11:03:41.0465 1020  [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
11:03:41.0511 1020  BTATH_HCRP - ok
11:03:41.0527 1020  [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
11:03:41.0558 1020  BTATH_LWFLT - ok
11:03:41.0574 1020  [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
11:03:41.0605 1020  BTATH_RCP - ok
11:03:41.0652 1020  [ FF8B065F96E4D9525AA7227299FBD05C ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
11:03:41.0699 1020  BtFilter - ok
11:03:41.0745 1020  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
11:03:41.0823 1020  BthEnum - ok
11:03:41.0855 1020  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:03:41.0917 1020  BTHMODEM - ok
11:03:41.0964 1020  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
11:03:42.0026 1020  BthPan - ok
11:03:42.0073 1020  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
11:03:42.0151 1020  BTHPORT - ok
11:03:42.0198 1020  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
11:03:42.0291 1020  bthserv - ok
11:03:42.0323 1020  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
11:03:42.0385 1020  BTHUSB - ok
11:03:42.0416 1020  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:03:42.0510 1020  cdfs - ok
11:03:42.0572 1020  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:03:42.0635 1020  cdrom - ok
11:03:42.0681 1020  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:03:42.0791 1020  CertPropSvc - ok
11:03:42.0837 1020  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
11:03:42.0931 1020  circlass - ok
11:03:43.0009 1020  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
11:03:43.0040 1020  CLFS - ok
11:03:43.0118 1020  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:03:43.0149 1020  clr_optimization_v2.0.50727_32 - ok
11:03:43.0212 1020  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:03:43.0259 1020  clr_optimization_v2.0.50727_64 - ok
11:03:43.0274 1020  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
11:03:43.0305 1020  clwvd - ok
11:03:43.0352 1020  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
11:03:43.0399 1020  CmBatt - ok
11:03:43.0415 1020  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:03:43.0446 1020  cmdide - ok
11:03:43.0493 1020  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
11:03:43.0586 1020  CNG - ok
11:03:43.0617 1020  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
11:03:43.0664 1020  Compbatt - ok
11:03:43.0711 1020  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:03:43.0758 1020  CompositeBus - ok
11:03:43.0773 1020  COMSysApp - ok
11:03:43.0805 1020  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:03:43.0836 1020  crcdisk - ok
11:03:43.0898 1020  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:03:43.0992 1020  CryptSvc - ok
11:03:44.0054 1020  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:03:44.0148 1020  DcomLaunch - ok
11:03:44.0179 1020  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
11:03:44.0304 1020  defragsvc - ok
11:03:44.0319 1020  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:03:44.0429 1020  DfsC - ok
11:03:44.0491 1020  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:03:44.0616 1020  Dhcp - ok
11:03:44.0663 1020  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
11:03:44.0741 1020  discache - ok
11:03:44.0803 1020  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
11:03:44.0834 1020  Disk - ok
11:03:44.0881 1020  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:03:44.0959 1020  Dnscache - ok
11:03:45.0006 1020  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:03:45.0115 1020  dot3svc - ok
11:03:45.0146 1020  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
11:03:45.0240 1020  DPS - ok
11:03:45.0287 1020  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:03:45.0333 1020  drmkaud - ok
11:03:45.0380 1020  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:03:45.0458 1020  DXGKrnl - ok
11:03:45.0489 1020  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
11:03:45.0599 1020  EapHost - ok
11:03:45.0723 1020  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
11:03:45.0973 1020  ebdrv - ok
11:03:46.0004 1020  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
11:03:46.0082 1020  EFS - ok
11:03:46.0176 1020  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:03:46.0285 1020  ehRecvr - ok
11:03:46.0301 1020  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
11:03:46.0363 1020  ehSched - ok
11:03:46.0410 1020  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:03:46.0472 1020  elxstor - ok
11:03:46.0488 1020  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:03:46.0550 1020  ErrDev - ok
11:03:46.0597 1020  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
11:03:46.0706 1020  EventSystem - ok
11:03:46.0753 1020  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
11:03:46.0847 1020  exfat - ok
11:03:46.0862 1020  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:03:46.0971 1020  fastfat - ok
11:03:47.0018 1020  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
11:03:47.0096 1020  Fax - ok
11:03:47.0112 1020  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
11:03:47.0190 1020  fdc - ok
11:03:47.0221 1020  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:03:47.0299 1020  fdPHost - ok
11:03:47.0315 1020  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:03:47.0424 1020  FDResPub - ok
11:03:47.0471 1020  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:03:47.0502 1020  FileInfo - ok
11:03:47.0533 1020  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:03:47.0627 1020  Filetrace - ok
11:03:47.0673 1020  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
11:03:47.0705 1020  flpydisk - ok
11:03:47.0720 1020  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:03:47.0783 1020  FltMgr - ok
11:03:47.0845 1020  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
11:03:47.0970 1020  FontCache - ok
11:03:48.0032 1020  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:03:48.0079 1020  FontCache3.0.0.0 - ok
11:03:48.0344 1020  [ EAE9B4318A46C08037BDB5CFE3053CF2 ] FreemiumSystemStoreService C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe
11:03:48.0776 1020  FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - warning
11:03:48.0776 1020  FreemiumSystemStoreService - detected UnsignedFile.Multi.Generic (1)
11:03:48.0826 1020  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:03:48.0866 1020  FsDepends - ok
11:03:48.0896 1020  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:03:48.0926 1020  Fs_Rec - ok
11:03:48.0956 1020  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:03:48.0996 1020  fvevol - ok
11:03:49.0036 1020  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:03:49.0076 1020  gagp30kx - ok
11:03:49.0136 1020  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
11:03:49.0256 1020  gpsvc - ok
11:03:49.0276 1020  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:03:49.0346 1020  hcw85cir - ok
11:03:49.0396 1020  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:03:49.0466 1020  HdAudAddService - ok
11:03:49.0496 1020  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:03:49.0546 1020  HDAudBus - ok
11:03:49.0596 1020  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
11:03:49.0646 1020  HidBatt - ok
11:03:49.0686 1020  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:03:49.0736 1020  HidBth - ok
11:03:49.0766 1020  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:03:49.0806 1020  HidIr - ok
11:03:49.0846 1020  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
11:03:49.0946 1020  hidserv - ok
11:03:50.0006 1020  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:03:50.0046 1020  HidUsb - ok
11:03:50.0066 1020  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:03:50.0176 1020  hkmsvc - ok
11:03:50.0206 1020  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:03:50.0316 1020  HomeGroupListener - ok
11:03:50.0356 1020  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:03:50.0446 1020  HomeGroupProvider - ok
11:03:50.0556 1020  [ 7A24AD37416B91E4B5E5B46BD25C075F ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
11:03:50.0586 1020  HP Health Check Service - ok
11:03:50.0656 1020  [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
11:03:50.0676 1020  HP Wireless Assistant Service - ok
11:03:50.0722 1020  [ 03431817C7236371433D3C860810FE8A ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:03:50.0753 1020  HPDrvMntSvc.exe - ok
11:03:50.0784 1020  [ CC518F83732860997C3FAF56D15627A7 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:03:50.0831 1020  hpqwmiex - ok
11:03:50.0847 1020  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:03:50.0878 1020  HpSAMD - ok
11:03:50.0956 1020  [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:03:50.0971 1020  HPWMISVC - ok
11:03:51.0034 1020  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:03:51.0143 1020  HTTP - ok
11:03:51.0159 1020  hwdatacard - ok
11:03:51.0174 1020  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:03:51.0221 1020  hwpolicy - ok
11:03:51.0268 1020  hwusbdev - ok
11:03:51.0318 1020  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:03:51.0358 1020  i8042prt - ok
11:03:51.0418 1020  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:03:51.0478 1020  iaStorV - ok
11:03:51.0598 1020  [ E4693409D06785477A49FB34AFAE1B92 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
11:03:53.0869 1020  IconMan_R ( UnsignedFile.Multi.Generic ) - warning
11:03:53.0869 1020  IconMan_R - detected UnsignedFile.Multi.Generic (1)
11:03:53.0963 1020  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:03:54.0057 1020  idsvc - ok
11:03:54.0088 1020  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:03:54.0135 1020  iirsp - ok
11:03:54.0166 1020  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:03:54.0306 1020  IKEEXT - ok
11:03:54.0400 1020  [ 336C3A6BF14D5A9AF35AF07C6B6B29CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:03:54.0634 1020  IntcAzAudAddService - ok
11:03:54.0696 1020  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
11:03:54.0743 1020  intelide - ok
11:03:54.0790 1020  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
11:03:54.0852 1020  intelppm - ok
11:03:54.0899 1020  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:03:55.0008 1020  IPBusEnum - ok
11:03:55.0039 1020  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:03:55.0133 1020  IpFilterDriver - ok
11:03:55.0180 1020  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:03:55.0273 1020  iphlpsvc - ok
11:03:55.0305 1020  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:03:55.0351 1020  IPMIDRV - ok
11:03:55.0383 1020  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:03:55.0492 1020  IPNAT - ok
11:03:55.0523 1020  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:03:55.0570 1020  IRENUM - ok
11:03:55.0601 1020  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:03:55.0632 1020  isapnp - ok
11:03:55.0679 1020  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:03:55.0726 1020  iScsiPrt - ok
11:03:55.0757 1020  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:03:55.0788 1020  kbdclass - ok
11:03:55.0819 1020  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
11:03:55.0866 1020  kbdhid - ok
11:03:55.0882 1020  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
11:03:55.0913 1020  KeyIso - ok
11:03:55.0944 1020  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:03:55.0975 1020  KSecDD - ok
11:03:56.0007 1020  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:03:56.0038 1020  KSecPkg - ok
11:03:56.0069 1020  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:03:56.0163 1020  ksthunk - ok
11:03:56.0209 1020  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:03:56.0319 1020  KtmRm - ok
11:03:56.0381 1020  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:03:56.0490 1020  LanmanServer - ok
11:03:56.0537 1020  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:03:56.0646 1020  LanmanWorkstation - ok
11:03:56.0693 1020  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:03:56.0787 1020  lltdio - ok
11:03:56.0818 1020  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:03:56.0927 1020  lltdsvc - ok
11:03:56.0974 1020  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:03:57.0083 1020  lmhosts - ok
11:03:57.0114 1020  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:03:57.0161 1020  LSI_FC - ok
11:03:57.0223 1020  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:03:57.0270 1020  LSI_SAS - ok
11:03:57.0301 1020  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
11:03:57.0333 1020  LSI_SAS2 - ok
11:03:57.0364 1020  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:03:57.0395 1020  LSI_SCSI - ok
11:03:57.0442 1020  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:03:57.0551 1020  luafv - ok
11:03:57.0582 1020  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:03:57.0645 1020  Mcx2Svc - ok
11:03:57.0691 1020  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
11:03:57.0723 1020  megasas - ok
11:03:57.0754 1020  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
11:03:57.0801 1020  MegaSR - ok
11:03:57.0832 1020  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
11:03:57.0941 1020  MMCSS - ok
11:03:57.0972 1020  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
11:03:58.0066 1020  Modem - ok
11:03:58.0097 1020  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:03:58.0159 1020  monitor - ok
11:03:58.0206 1020  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:03:58.0237 1020  mouclass - ok
11:03:58.0269 1020  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:03:58.0331 1020  mouhid - ok
11:03:58.0347 1020  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:03:58.0378 1020  mountmgr - ok
11:03:58.0456 1020  [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:03:58.0503 1020  MozillaMaintenance - ok
11:03:58.0534 1020  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:03:58.0581 1020  mpio - ok
11:03:58.0627 1020  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:03:58.0737 1020  mpsdrv - ok
11:03:58.0799 1020  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:03:58.0939 1020  MpsSvc - ok
11:03:58.0971 1020  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:03:59.0033 1020  MRxDAV - ok
11:03:59.0080 1020  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:03:59.0173 1020  mrxsmb - ok
11:03:59.0205 1020  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:03:59.0251 1020  mrxsmb10 - ok
11:03:59.0283 1020  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:03:59.0345 1020  mrxsmb20 - ok
11:03:59.0376 1020  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:03:59.0407 1020  msahci - ok
11:03:59.0439 1020  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:03:59.0485 1020  msdsm - ok
11:03:59.0517 1020  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
11:03:59.0610 1020  MSDTC - ok
11:03:59.0673 1020  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:03:59.0766 1020  Msfs - ok
11:03:59.0813 1020  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:03:59.0891 1020  mshidkmdf - ok
11:03:59.0938 1020  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:03:59.0985 1020  msisadrv - ok
11:04:00.0016 1020  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:04:00.0203 1020  MSiSCSI - ok
11:04:00.0219 1020  msiserver - ok
11:04:00.0297 1020  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:04:00.0390 1020  MSKSSRV - ok
11:04:00.0421 1020  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:04:00.0531 1020  MSPCLOCK - ok
11:04:00.0546 1020  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:04:00.0624 1020  MSPQM - ok
11:04:00.0671 1020  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:04:00.0718 1020  MsRPC - ok
11:04:00.0796 1020  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:04:00.0811 1020  mssmbios - ok
11:04:00.0827 1020  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:04:00.0936 1020  MSTEE - ok
11:04:00.0967 1020  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
11:04:01.0014 1020  MTConfig - ok
11:04:01.0046 1020  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:04:01.0077 1020  Mup - ok
11:04:01.0124 1020  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
11:04:01.0217 1020  napagent - ok
11:04:01.0264 1020  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:04:01.0342 1020  NativeWifiP - ok
11:04:01.0404 1020  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:04:01.0451 1020  NDIS - ok
11:04:01.0498 1020  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:04:01.0592 1020  NdisCap - ok
11:04:01.0638 1020  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:04:01.0732 1020  NdisTapi - ok
11:04:01.0763 1020  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:04:01.0872 1020  Ndisuio - ok
11:04:01.0904 1020  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:04:01.0997 1020  NdisWan - ok
11:04:02.0013 1020  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:04:02.0091 1020  NDProxy - ok
11:04:02.0138 1020  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:04:02.0294 1020  NetBIOS - ok
11:04:02.0340 1020  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:04:02.0418 1020  NetBT - ok
11:04:02.0434 1020  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
11:04:02.0465 1020  Netlogon - ok
11:04:02.0512 1020  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
11:04:02.0606 1020  Netman - ok
11:04:02.0637 1020  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
11:04:02.0762 1020  netprofm - ok
11:04:02.0793 1020  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:04:02.0840 1020  NetTcpPortSharing - ok
11:04:02.0871 1020  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:04:02.0918 1020  nfrd960 - ok
11:04:02.0964 1020  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:04:03.0074 1020  NlaSvc - ok
11:04:03.0105 1020  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:04:03.0183 1020  Npfs - ok
11:04:03.0214 1020  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
11:04:03.0292 1020  nsi - ok
11:04:03.0308 1020  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:04:03.0370 1020  nsiproxy - ok
11:04:03.0448 1020  [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:04:03.0573 1020  Ntfs - ok
11:04:03.0620 1020  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
11:04:03.0682 1020  Null - ok
11:04:03.0713 1020  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
11:04:03.0776 1020  NVENETFD - ok
11:04:03.0822 1020  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:04:03.0869 1020  nvraid - ok
11:04:03.0885 1020  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:04:03.0932 1020  nvstor - ok
11:04:03.0963 1020  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:04:04.0010 1020  nv_agp - ok
11:04:04.0025 1020  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:04:04.0056 1020  ohci1394 - ok
11:04:04.0103 1020  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:04:04.0181 1020  p2pimsvc - ok
11:04:04.0244 1020  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:04:04.0322 1020  p2psvc - ok
11:04:04.0353 1020  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
11:04:04.0400 1020  Parport - ok
11:04:04.0431 1020  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:04:04.0462 1020  partmgr - ok
11:04:04.0493 1020  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:04:04.0571 1020  PcaSvc - ok
11:04:04.0602 1020  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
11:04:04.0649 1020  pci - ok
11:04:04.0665 1020  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
11:04:04.0696 1020  pciide - ok
11:04:04.0727 1020  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:04:04.0774 1020  pcmcia - ok
11:04:04.0805 1020  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:04:04.0836 1020  pcw - ok
11:04:04.0868 1020  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:04:04.0992 1020  PEAUTH - ok
11:04:05.0117 1020  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:04:05.0164 1020  PerfHost - ok
11:04:05.0242 1020  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
11:04:05.0382 1020  pla - ok
11:04:05.0445 1020  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:04:05.0507 1020  PlugPlay - ok
11:04:05.0538 1020  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:04:05.0601 1020  PNRPAutoReg - ok
11:04:05.0632 1020  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:04:05.0663 1020  PNRPsvc - ok
11:04:05.0710 1020  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:04:05.0819 1020  PolicyAgent - ok
11:04:05.0866 1020  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
11:04:05.0960 1020  Power - ok
11:04:05.0991 1020  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:04:06.0100 1020  PptpMiniport - ok
11:04:06.0116 1020  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
11:04:06.0162 1020  Processor - ok
11:04:06.0194 1020  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
11:04:06.0303 1020  ProfSvc - ok
11:04:06.0318 1020  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:04:06.0350 1020  ProtectedStorage - ok
11:04:06.0381 1020  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:04:06.0443 1020  Psched - ok
11:04:06.0521 1020  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:04:06.0615 1020  ql2300 - ok
11:04:06.0630 1020  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:04:06.0693 1020  ql40xx - ok
11:04:06.0755 1020  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
11:04:06.0818 1020  QWAVE - ok
11:04:06.0849 1020  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:04:06.0911 1020  QWAVEdrv - ok
11:04:06.0927 1020  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:04:07.0020 1020  RasAcd - ok
11:04:07.0052 1020  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:04:07.0145 1020  RasAgileVpn - ok
11:04:07.0176 1020  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
11:04:07.0270 1020  RasAuto - ok
11:04:07.0317 1020  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:04:07.0410 1020  Rasl2tp - ok
11:04:07.0457 1020  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
11:04:07.0551 1020  RasMan - ok
11:04:07.0582 1020  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:04:07.0691 1020  RasPppoe - ok
11:04:07.0707 1020  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:04:07.0816 1020  RasSstp - ok
11:04:07.0847 1020  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:04:07.0956 1020  rdbss - ok
11:04:07.0972 1020  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
11:04:08.0034 1020  rdpbus - ok
11:04:08.0066 1020  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:04:08.0128 1020  RDPCDD - ok
11:04:08.0144 1020  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:04:08.0237 1020  RDPENCDD - ok
11:04:08.0253 1020  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:04:08.0331 1020  RDPREFMP - ok
11:04:08.0362 1020  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:04:08.0440 1020  RDPWD - ok
11:04:08.0487 1020  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:04:08.0534 1020  rdyboost - ok
11:04:08.0565 1020  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:04:08.0658 1020  RemoteAccess - ok
11:04:08.0705 1020  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:04:08.0814 1020  RemoteRegistry - ok
11:04:08.0877 1020  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
11:04:08.0924 1020  RFCOMM - ok
11:04:08.0955 1020  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:04:09.0048 1020  RpcEptMapper - ok
11:04:09.0080 1020  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
11:04:09.0126 1020  RpcLocator - ok
11:04:09.0158 1020  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
11:04:09.0236 1020  RpcSs - ok
11:04:09.0282 1020  [ 546D7F426776090B90EF5F195B6AE662 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
11:04:09.0314 1020  RSPCIESTOR - ok
11:04:09.0360 1020  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:04:09.0438 1020  rspndr - ok
11:04:09.0485 1020  [ 3372196F61AF48503656EF6AA3E92D1B ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
11:04:09.0548 1020  RTL8167 - ok
11:04:09.0563 1020  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
11:04:09.0594 1020  SamSs - ok
11:04:09.0610 1020  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:04:09.0657 1020  sbp2port - ok
11:04:09.0688 1020  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:04:09.0782 1020  SCardSvr - ok
11:04:09.0797 1020  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:04:09.0906 1020  scfilter - ok
11:04:09.0953 1020  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
11:04:10.0109 1020  Schedule - ok
11:04:10.0140 1020  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:04:10.0203 1020  SCPolicySvc - ok
11:04:10.0250 1020  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
11:04:10.0312 1020  sdbus - ok
11:04:10.0359 1020  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:04:10.0452 1020  SDRSVC - ok
11:04:10.0484 1020  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:04:10.0577 1020  secdrv - ok
11:04:10.0608 1020  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
11:04:10.0686 1020  seclogon - ok
11:04:10.0718 1020  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
11:04:10.0811 1020  SENS - ok
11:04:10.0842 1020  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:04:10.0920 1020  SensrSvc - ok
11:04:10.0952 1020  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
11:04:10.0998 1020  Serenum - ok
11:04:11.0030 1020  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
11:04:11.0076 1020  Serial - ok
11:04:11.0123 1020  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:04:11.0154 1020  sermouse - ok
11:04:11.0217 1020  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:04:11.0310 1020  SessionEnv - ok
11:04:11.0342 1020  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:04:11.0373 1020  sffdisk - ok
11:04:11.0404 1020  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:04:11.0451 1020  sffp_mmc - ok
11:04:11.0466 1020  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:04:11.0513 1020  sffp_sd - ok
11:04:11.0560 1020  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:04:11.0607 1020  sfloppy - ok
11:04:11.0654 1020  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:04:11.0794 1020  SharedAccess - ok
11:04:11.0841 1020  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:04:11.0950 1020  ShellHWDetection - ok
11:04:11.0981 1020  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
11:04:12.0012 1020  SiSRaid2 - ok
11:04:12.0044 1020  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:04:12.0075 1020  SiSRaid4 - ok
11:04:12.0137 1020  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:04:12.0231 1020  Smb - ok
11:04:12.0293 1020  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:04:12.0340 1020  SNMPTRAP - ok
11:04:12.0356 1020  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:04:12.0387 1020  spldr - ok
11:04:12.0418 1020  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
11:04:12.0527 1020  Spooler - ok
11:04:12.0621 1020  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
11:04:12.0824 1020  sppsvc - ok
11:04:12.0855 1020  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:04:12.0933 1020  sppuinotify - ok
11:04:12.0980 1020  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:04:13.0058 1020  srv - ok
11:04:13.0089 1020  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:04:13.0167 1020  srv2 - ok
11:04:13.0198 1020  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:04:13.0245 1020  SrvHsfHDA - ok
11:04:13.0292 1020  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:04:13.0401 1020  SrvHsfV92 - ok
11:04:13.0432 1020  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:04:13.0494 1020  SrvHsfWinac - ok
11:04:13.0526 1020  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:04:13.0572 1020  srvnet - ok
11:04:13.0604 1020  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:04:13.0697 1020  SSDPSRV - ok
11:04:13.0713 1020  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:04:13.0806 1020  SstpSvc - ok
11:04:13.0838 1020  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
11:04:13.0869 1020  stexstor - ok
11:04:13.0931 1020  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
11:04:14.0009 1020  stisvc - ok
11:04:14.0040 1020  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:04:14.0072 1020  swenum - ok
11:04:14.0118 1020  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
11:04:14.0228 1020  swprv - ok
11:04:14.0306 1020  [ EC4DCA6539EB97376F1A1743D209D842 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
11:04:14.0399 1020  SynTP - ok
11:04:14.0462 1020  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
11:04:14.0602 1020  SysMain - ok
11:04:14.0633 1020  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:04:14.0696 1020  TabletInputService - ok
11:04:14.0711 1020  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:04:14.0805 1020  TapiSrv - ok
11:04:14.0820 1020  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
11:04:14.0898 1020  TBS - ok
11:04:14.0992 1020  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:04:15.0164 1020  Tcpip - ok
11:04:15.0226 1020  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:04:15.0288 1020  TCPIP6 - ok
11:04:15.0335 1020  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:04:15.0429 1020  tcpipreg - ok
11:04:15.0444 1020  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:04:15.0507 1020  TDPIPE - ok
11:04:15.0538 1020  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:04:15.0569 1020  TDTCP - ok
11:04:15.0600 1020  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:04:15.0694 1020  tdx - ok
11:04:15.0725 1020  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:04:15.0772 1020  TermDD - ok
11:04:15.0819 1020  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
11:04:15.0944 1020  TermService - ok
11:04:15.0959 1020  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
11:04:16.0006 1020  Themes - ok
11:04:16.0022 1020  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
11:04:16.0100 1020  THREADORDER - ok
11:04:16.0115 1020  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
11:04:16.0224 1020  TrkWks - ok
11:04:16.0287 1020  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:04:16.0365 1020  TrustedInstaller - ok
11:04:16.0412 1020  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:04:16.0505 1020  tssecsrv - ok
11:04:16.0552 1020  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:04:16.0614 1020  TsUsbFlt - ok
11:04:16.0630 1020  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
11:04:16.0677 1020  TsUsbGD - ok
11:04:16.0739 1020  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:04:16.0848 1020  tunnel - ok
11:04:16.0880 1020  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:04:16.0926 1020  uagp35 - ok
11:04:16.0958 1020  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:04:17.0067 1020  udfs - ok
11:04:17.0098 1020  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:04:17.0145 1020  UI0Detect - ok
11:04:17.0176 1020  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:04:17.0223 1020  uliagpkx - ok
11:04:17.0254 1020  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:04:17.0332 1020  umbus - ok
11:04:17.0363 1020  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
11:04:17.0410 1020  UmPass - ok
11:04:17.0457 1020  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
11:04:17.0550 1020  upnphost - ok
11:04:17.0582 1020  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
11:04:17.0613 1020  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
11:04:17.0613 1020  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
11:04:17.0644 1020  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:04:17.0691 1020  usbccgp - ok
11:04:17.0738 1020  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:04:17.0784 1020  usbcir - ok
11:04:17.0831 1020  [ 74EE782B1D9C241EFE425565854C661C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:04:17.0878 1020  usbehci - ok
11:04:17.0909 1020  [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
11:04:17.0940 1020  usbfilter - ok
11:04:17.0972 1020  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:04:18.0050 1020  usbhub - ok
11:04:18.0081 1020  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
11:04:18.0112 1020  usbohci - ok
11:04:18.0143 1020  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:04:18.0190 1020  usbprint - ok
11:04:18.0237 1020  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:04:18.0284 1020  usbscan - ok
11:04:18.0299 1020  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:04:18.0346 1020  USBSTOR - ok
11:04:18.0362 1020  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:04:18.0408 1020  usbuhci - ok
11:04:18.0440 1020  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
11:04:18.0502 1020  usbvideo - ok
11:04:18.0533 1020  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
11:04:18.0627 1020  UxSms - ok
11:04:18.0642 1020  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
11:04:18.0674 1020  VaultSvc - ok
11:04:18.0705 1020  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:04:18.0736 1020  vdrvroot - ok
11:04:18.0783 1020  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
11:04:18.0892 1020  vds - ok
11:04:18.0939 1020  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:04:18.0986 1020  vga - ok
11:04:19.0001 1020  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:04:19.0095 1020  VgaSave - ok
11:04:19.0142 1020  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:04:19.0173 1020  vhdmp - ok
11:04:19.0204 1020  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:04:19.0235 1020  viaide - ok
11:04:19.0266 1020  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:04:19.0313 1020  volmgr - ok
11:04:19.0360 1020  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:04:19.0407 1020  volmgrx - ok
11:04:19.0422 1020  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:04:19.0469 1020  volsnap - ok
11:04:19.0500 1020  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:04:19.0547 1020  vsmraid - ok
11:04:19.0625 1020  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
11:04:19.0812 1020  VSS - ok
11:04:19.0859 1020  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:04:19.0937 1020  vwifibus - ok
11:04:19.0968 1020  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:04:20.0031 1020  vwififlt - ok
11:04:20.0062 1020  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
11:04:20.0156 1020  W32Time - ok
11:04:20.0187 1020  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:04:20.0249 1020  WacomPen - ok
11:04:20.0280 1020  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:04:20.0390 1020  WANARP - ok
11:04:20.0405 1020  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:04:20.0483 1020  Wanarpv6 - ok
11:04:20.0546 1020  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:04:20.0655 1020  WatAdminSvc - ok
11:04:20.0733 1020  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
11:04:20.0889 1020  wbengine - ok
11:04:20.0904 1020  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:04:20.0967 1020  WbioSrvc - ok
11:04:21.0014 1020  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:04:21.0076 1020  wcncsvc - ok
11:04:21.0107 1020  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:04:21.0170 1020  WcsPlugInService - ok
11:04:21.0185 1020  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
11:04:21.0216 1020  Wd - ok
11:04:21.0279 1020  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:04:21.0357 1020  Wdf01000 - ok
11:04:21.0372 1020  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:04:21.0544 1020  WdiServiceHost - ok
11:04:21.0544 1020  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:04:21.0591 1020  WdiSystemHost - ok
11:04:21.0606 1020  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
11:04:21.0731 1020  WebClient - ok
11:04:21.0794 1020  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:04:21.0918 1020  Wecsvc - ok
11:04:21.0934 1020  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:04:22.0012 1020  wercplsupport - ok
11:04:22.0059 1020  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:04:22.0137 1020  WerSvc - ok
11:04:22.0184 1020  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:04:22.0246 1020  WfpLwf - ok
11:04:22.0277 1020  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:04:22.0308 1020  WIMMount - ok
11:04:22.0340 1020  WinDefend - ok
11:04:22.0355 1020  WinHttpAutoProxySvc - ok
11:04:22.0433 1020  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:04:22.0527 1020  Winmgmt - ok
11:04:22.0620 1020  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
11:04:22.0839 1020  WinRM - ok
11:04:22.0901 1020  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:04:22.0964 1020  WinUsb - ok
11:04:23.0026 1020  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:04:23.0104 1020  Wlansvc - ok
11:04:23.0276 1020  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:04:23.0416 1020  wlidsvc - ok
11:04:23.0463 1020  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:04:23.0494 1020  WmiAcpi - ok
11:04:23.0541 1020  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:04:23.0603 1020  wmiApSrv - ok
11:04:23.0634 1020  WMPNetworkSvc - ok
11:04:23.0681 1020  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:04:23.0744 1020  WPCSvc - ok
11:04:23.0759 1020  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:04:23.0837 1020  WPDBusEnum - ok
11:04:23.0884 1020  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:04:23.0978 1020  ws2ifsl - ok
11:04:24.0009 1020  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
11:04:24.0071 1020  wscsvc - ok
11:04:24.0087 1020  WSearch - ok
11:04:24.0180 1020  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:04:24.0305 1020  wuauserv - ok
11:04:24.0336 1020  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:04:24.0414 1020  WudfPf - ok
11:04:24.0477 1020  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:04:24.0586 1020  WUDFRd - ok
11:04:24.0617 1020  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:04:24.0695 1020  wudfsvc - ok
11:04:24.0726 1020  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:04:24.0789 1020  WwanSvc - ok
11:04:24.0820 1020  ================ Scan global ===============================
11:04:24.0836 1020  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:04:24.0882 1020  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
11:04:24.0914 1020  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
11:04:24.0945 1020  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:04:24.0976 1020  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:04:25.0007 1020  [Global] - ok
11:04:25.0007 1020  ================ Scan MBR ==================================
11:04:25.0023 1020  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:04:25.0569 1020  \Device\Harddisk0\DR0 - ok
11:04:25.0569 1020  ================ Scan VBR ==================================
11:04:25.0584 1020  [ CC19002F1A2549251F24115F36038378 ] \Device\Harddisk0\DR0\Partition1
11:04:25.0584 1020  \Device\Harddisk0\DR0\Partition1 - ok
11:04:25.0616 1020  [ 098F8FD3AFDE6FB790CDB0319490B21D ] \Device\Harddisk0\DR0\Partition2
11:04:25.0616 1020  \Device\Harddisk0\DR0\Partition2 - ok
11:04:25.0662 1020  [ E6678DEA60319DCB04F22FF5B0FAED69 ] \Device\Harddisk0\DR0\Partition3
11:04:25.0662 1020  \Device\Harddisk0\DR0\Partition3 - ok
11:04:25.0694 1020  [ 8C5F7B331DCCB8A00D4AF4C1A8C82F01 ] \Device\Harddisk0\DR0\Partition4
11:04:25.0694 1020  \Device\Harddisk0\DR0\Partition4 - ok
11:04:25.0694 1020  ============================================================
11:04:25.0694 1020  Scan finished
11:04:25.0694 1020  ============================================================
11:04:25.0725 3296  Detected object count: 3
11:04:25.0725 3296  Actual detected object count: 3
11:15:19.0090 3296  FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - skipped by user
11:15:19.0090 3296  FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:15:19.0090 3296  IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
11:15:19.0090 3296  IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:15:19.0100 3296  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
11:15:19.0100 3296  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

wegen den vielen errors...liegt das daran das ich mal (weil ich einen work pc hab) per internetanleitung einige angeblich unnötige sachen deaktiviert hab, wodurch er anscheinend schneller werden soll ?

DANKE schonmal!
liebe grüsleins
__________________

Alt 18.01.2013, 17:14   #4
markusg
/// Malware-holic
 
browse to save virus - Standard

browse to save virus



Hi
das man fehlermeldungen hatt, in der event anzeige ist normal.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.01.2013, 19:46   #5
siskat
 
browse to save virus - Standard

browse to save virus



Code:
ATTFilter
ComboFix 13-01-17.04 - grinsekathze 18.01.2013  20:21:22.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.1643.893 [GMT 1:00]
ausgeführt von:: c:\users\grinsekathze\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Codecv
c:\programdata\Codecv\background.html
c:\programdata\Codecv\content.js
c:\programdata\Codecv\cpbmkibemaidoekhhilpbncccjlanopj.crx
c:\programdata\Codecv\data\content.js
c:\programdata\Codecv\data\jsondb.js
c:\programdata\Codecv\settings.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-18 bis 2013-01-18  ))))))))))))))))))))))))))))))
.
.
2013-01-18 19:30 . 2013-01-18 19:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-18 09:52 . 2013-01-08 05:32	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F51BAE48-AE8A-402E-955C-A431863DC46C}\mpengine.dll
2013-01-17 10:22 . 2013-01-17 10:22	--------	d-----w-	c:\users\grinsekathze\.thumbnails
2013-01-17 10:19 . 2013-01-17 10:19	--------	d-----w-	c:\users\grinsekathze\AppData\Local\fontconfig
2013-01-17 10:19 . 2013-01-17 11:00	--------	d-----w-	c:\users\grinsekathze\.gimp-2.8
2013-01-17 10:19 . 2013-01-17 10:19	--------	d-----w-	c:\users\grinsekathze\AppData\Local\gegl-0.2
2013-01-17 10:13 . 2013-01-17 10:15	--------	d-----w-	c:\program files\GIMP 2
2013-01-10 14:05 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-01-10 14:05 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-10 14:05 . 2012-11-01 05:43	2002432	----a-w-	c:\windows\system32\msxml6.dll
2013-01-10 14:05 . 2012-11-01 05:43	1882624	----a-w-	c:\windows\system32\msxml3.dll
2013-01-10 14:05 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\SysWow64\msxml6.dll
2013-01-10 14:05 . 2012-11-01 04:47	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2013-01-10 14:05 . 2012-11-20 05:48	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-10 14:05 . 2012-11-20 04:51	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-01-10 14:04 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-01-10 14:04 . 2012-11-23 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 15:05 . 2013-01-09 15:05	--------	d-----w-	c:\users\grinsekathze\AppData\Roaming\Funmoods
2013-01-09 15:04 . 2013-01-09 15:04	--------	d-----w-	c:\users\grinsekathze\AppData\Local\PutLockerDownloader
2013-01-06 11:19 . 2013-01-06 11:19	--------	d-----w-	c:\users\grinsekathze\AppData\Roaming\iScreensaver
2013-01-05 13:36 . 2013-01-05 13:36	--------	d-----w-	c:\users\grinsekathze\AppData\Local\WinZip
2012-12-21 20:42 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 20:42 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 20:42 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 20:42 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 07:06 . 2012-12-12 23:58	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 23:58	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 23:59	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 23:59	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 23:59	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 23:59	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 23:59	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 23:59	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 23:59	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 23:59	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 23:59	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 23:59	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 23:59	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 23:59	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 23:59	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 23:59	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 23:59	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 23:59	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 23:59	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 23:59	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 23:59	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 23:59	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 09:43	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 09:43	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 09:42	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 09:42	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\grinsekathze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-06 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-06 298144]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-06 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-06 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-06 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-06 279200]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-26 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-12 77952]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-12 37504]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-04 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-12 86224]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-06 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-06 53920]
S2 FreemiumSystemStoreService;Freemium System Store Service;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe  -displayname Freemium System Store Service -servicename:FreemiumSystemStoreService [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-01 115216]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-06 28832]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-02-09 31088]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-06 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-06 379040]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.at/
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0B0FtDyD0C0C0E0FtBzytN0D0Tzu0CtAyByDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1302105681
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0B0FtDyD0C0C0E0FtBzytN0D0Tzu0CtAyByDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1302105681
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0B0FtDyD0C0C0E0FtBzytN0D0Tzu0CtAyByDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1302105681&q=
FF - user.js: extensions.funmoods.id - D0DF9ABF05CCEF29
FF - user.js: extensions.funmoods.instlDay - 15714
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2216:4:42
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{2D588057-BD3F-075B-B569-0C8FC43F046B} - c:\programdata\Codecv\bhoclass.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-1ClickDownload - c:\program files (x86)\Movie2KDownloader.com\uninst.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FreemiumSystemStoreService]
"ImagePath"="\"c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe\"  -displayname \"Freemium System Store Service\" -servicename:FreemiumSystemStoreService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-118737067-2683697216-1242472475-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:76,d1,19,14,b5,30,fd,69,cd,83,74,41,da,e3,ac,7d,ee,c9,d9,d9,8a,c8,b2,
   f6,17,19,92,75,e5,fd,cb,8b,a6,4a,92,8f,bc,bb,b1,be,f4,5a,d3,8e,a9,09,f9,0a,\
"??"=hex:f7,a7,5b,65,81,72,06,82,12,46,31,47,31,e1,b6,f8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-18  20:40:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-18 19:40
.
Vor Suchlauf: 8 Verzeichnis(se), 193.322.848.256 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 195.542.134.784 Bytes frei
.
- - End Of File - - 168E2C9F4172BF5CE777795C92D16A99
         


hatte keine fehlermeldung beim neustart

browse to save is noch da =(

mir fällt grad ein..mal ned wichtige frage...

was is das genau? trojaner oder was? was richtet es an auf meinem laptop?
spioniert das alles aus was ich mache?
d.h. sollt ich mir sorgen machen wegen passwörtern, netbanking etc?
wie gefährlich is das ding?

danke und lg


Alt 19.01.2013, 17:15   #6
markusg
/// Malware-holic
 
browse to save virus - Standard

browse to save virus



Hi
das ist adware, sorgen musst du dir keine machen.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
--> browse to save virus

Alt 20.01.2013, 12:19   #7
siskat
 
browse to save virus - Standard

browse to save virus



hier das log von malwarebytes

leider ist browse to save noch immmer da

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.20.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
grinsekathze :: GRINSEKATHZE-PC [Administrator]

20.01.2013 10:39:25
mbam-log-2013-01-20 (10-39-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 322813
Laufzeit: 1 Stunde(n), 44 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 11
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\ProgramData\Codec\Codec.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\grinsekathze\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\grinsekathze\AppData\Local\funmoods.crx (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\grinsekathze\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\grinsekathze\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\grinsekathze\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

lg

Alt 20.01.2013, 19:06   #8
markusg
/// Malware-holic
 
browse to save virus - Standard

browse to save virus



Hi
dafür aber einige anderen Toolbars, wir kommen voran.
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 11:11   #9
siskat
 
browse to save virus - Standard

browse to save virus



Code:
ATTFilter
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	17.01.2013	6,00MB	11.4.402.278	UNNÖTIG BZW UNBEKANNT weiß nicht wie wichtig und für was es gut ist
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	17.01.2013	6,00MB	11.4.402.287	UNNÖTIG BZW UNBEKANNT weiß nicht wie wichtig und für was es gut ist
Adobe Reader XI (11.0.01) - Deutsch	Adobe Systems Incorporated	13.01.2013	133MB	11.0.01	NOTWENDIG
Atheros Driver Installation Program	Atheros	16.08.2011		9.2			UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
ATI Catalyst Install Manager	ATI Technologies, Inc.	16.08.2011	22,4MB	3.0.808.0	NOTWENDIG ?? ati = grafikkarte?
Avira Free Antivirus	Avira	17.01.2013	105MB	12.1.9.1236			UNNÖTIG
Bluetooth Win7 Suite (64)	Atheros Communications	16.08.2011	59,4MB	7.02.000.55	UNNÖTIG
Bonjour	Apple Inc.	26.12.2011	2,04MB	3.0.0.10					UNNÖTIG BZW UNBEKANNT weiß nicht wie wichtig und für was es gut ist
CCleaner	Piriform	19.12.2012		3.26					NOTWENDIG
Cisco EAP-FAST Module	Cisco Systems, Inc.	16.08.2011	1,55MB	2.2.14	UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Cisco LEAP Module	Cisco Systems, Inc.	16.08.2011	644KB	1.0.19		UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Cisco PEAP Module	Cisco Systems, Inc.	16.08.2011	1,23MB	1.1.6	UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
CyberLink YouCam	CyberLink Corp.	16.08.2011	102MB	3.2.1.3726		UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Energy Star Digital Logo	Hewlett-Packard	16.08.2011	300KB	1.0.1		UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
FreeRIP 3.92	GreenTree Applications SRL	17.01.2013		3.92		UNNÖTIG
GIMP 2.8.2	The GIMP Team	17.01.2013	244MB	2.8.2			UNNÖTIG
HP Documentation	Hewlett-Packard	10.05.2011	304MB	1.1.0.0				 UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind
HP On Screen Display	Hewlett-Packard Company	10.05.2011	1,43MB	1.0.7		 UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind
HP Power Manager	Hewlett-Packard Company	16.08.2011	3,61MB	1.2.1		UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind
HP Quick Launch	Hewlett-Packard Company	10.05.2011	7,14MB	2.3.6			UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind
HP Setup	Hewlett-Packard Company	10.05.2011		8.5.4526.3645		UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind
HP Software Framework	Hewlett-Packard Company	10.05.2011	2,80MB	4.0.108.1	UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind
HP Support Assistant	Hewlett-Packard Company	10.05.2011	62,9MB	5.1.11.1		UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind
HP Wireless Assistant	Hewlett-Packard	10.05.2011	5,60MB	4.0.10.0			NOTWENDIG - wlan
Java(TM) 6 Update 22	Oracle	10.05.2011	97,0MB	6.0.220				UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Java(TM) 6 Update 22 (64-bit)	Oracle	10.05.2011	90,6MB	6.0.220			UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
JDownloader 0.9	AppWork GmbH	19.01.2013		0.9			UNNÖTIG
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	20.01.2013	18,4MB	1.70.0.1100	NOTWENDIG sollt ich ev. behalten?
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	12.09.2012	90,8MB	12.0.4518.1014	NOTWENDIG
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	10.05.2011	1,69MB	3.1.0000	UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	03.03.2012	338KB	8.0.59193		UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	16.08.2011	620KB	8.0.59192	UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2005 Redistributable - KB2467175	Microsoft Corporation	03.03.2012	308KB	8.0.51011		UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	10.05.2011	788KB	9.0.30729	UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	16.08.2011	788KB	9.0.30729.4148	UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	08.11.2012	788KB	9.0.30729.6161	UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	16.08.2011	592KB	9.0.30729.4148	UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	08.11.2012	600KB	9.0.30729.6161	UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	16.08.2011	13,6MB	10.0.30319	UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	24.11.2011	11,1MB	10.0.40219	UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Microsoft_VC90_CRT_x86	Microsoft Corporation	10.05.2011	1,37MB	1.0.0							UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Mozilla Firefox 18.0.1 (x86 de)	Mozilla	19.01.2013	52,1MB	18.0.1					NOTWENDIG
Mozilla Maintenance Service	Mozilla	19.01.2013	330KB	18.0.1						UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
OpenOffice.org 3.4.1	Apache Software Foundation	08.11.2012	331MB	3.41.9593		NOTWENDIG
Realtek Ethernet Controller Driver	Realtek	16.08.2011		7.42.304.2011				UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist (router???)
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	16.08.2011		6.0.1.6287	UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Realtek PCIE Card Reader	Realtek Semiconductor Corp.	16.08.2011		6.1.7600.77		UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Sandboxie 3.76 (64-bit)	SANDBOXIE L.T.D	20.01.2013		3.76				NOTWENDIG
Skype™ 5.1	Skype Technologies S.A.	10.05.2011	22,5MB	5.1.104					UNNÖTIG
Synaptics Pointing Device Driver	Synaptics Incorporated	16.08.2011	46,4MB	15.2.4.3			UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
VLC media player 2.0.4	VideoLAN	08.11.2012		2.0.4						NOTWENGIG
Windows Live Essentials	Microsoft Corporation	10.05.2011		15.4.3508.1109			UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist
Windows Media Player Firefox Plugin	Microsoft Corp	21.01.2012	296KB	1.0.0.8				UNNÖTIG
WinRAR 4.10 beta 2 (64-bit)	win.rar GmbH	14.12.2011		4.10.2				UNNÖTIG
WinZip 14.5	WinZip Computing, S.L. 	24.11.2011	19,9MB	14.5.9095				UNNÖTIG
µTorrent		17.01.2013		3.0.0								UNNÖTIG
         


....bei den meisten blinkt zwar ein lamperl in meinem kopf wenn ichs les, weiß aber einfach nicht wozu es gut ist ..sorry

hab auch schon überlegt neu aufzusetzen aber das hab ich noch nie gemacht und hab davor bisschen schiss, zumal die recovery auf laufwerk D is und ich keine cd hab --> null plan^^

sandboxie hat mir mein bruder empfohlen und benutz ich jez auch seit samstag

aja, mein laptop is übrigens seit dem herumgelösche etc um einiges langsamer geworden bzw er reagiertt irgendwie langsamer ...

grüsleins

edit
mir fällt grad ein dass ich ja vor einigen tagen in der msconfig die meisten "nicht-microsoft-dienste" deaktiviert hab...auf anraten mit begründung dass er dann schneller läuft....hmm...läuft er deshalb jetzt vielleicht langsamer??

Geändert von siskat (21.01.2013 um 11:33 Uhr)

Alt 21.01.2013, 12:01   #10
markusg
/// Malware-holic
 
browse to save virus - Standard

browse to save virus



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader download - All versions
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
CyberLink
FreeRIP
GIMP
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
JDownloader
Windows Live : für dich unnötige.
µTorrent

Öffne mal malwarebytes, und gucke, ob der Hintergrund wächter aktiv ist, falls ja, deaktivieren, neustarten und testen.
öffne CCleaner, extras, autostart liste, pals txt speichern inhalt posten.
warum konfigurierst du irgendwas an dem gerät, frag doch einfach mal vorher...
macht mir die arbeit nicht unbedingt einfacher.
Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 12:36   #11
siskat
 
browse to save virus - Standard

browse to save virus



bei freerip:

error: 2 - das system kann die angegebene datei nicht finden.

bei jdownloader steht
no JVM could be found on your system.
please define EXEJ_JAVA_HOME
to point to an installed 32-bit JDK or JRE or download a JRE from www.java.com


mc afee security scan plus hats trotzdem installiert obwohl ich den haken weggeklickt habe..

Geändert von siskat (21.01.2013 um 13:04 Uhr)

Alt 21.01.2013, 12:42   #12
markusg
/// Malware-holic
 
browse to save virus - Standard

browse to save virus



hi
die Deinstalation mal hiermit versuchen:
http://www.hijackthis-forum.de/tipps...installer.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 14:02   #13
siskat
 
browse to save virus - Standard

browse to save virus



adw cleaner nach neustart

Code:
ATTFilter
# AdwCleaner v2.106 - Datei am 21/01/2013 um 14:52:26 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : grinsekathze - GRINSEKATHZE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\grinsekathze\Desktop\adwcleaner06.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\funmoods.xml
Datei Gefunden : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\SweetIm.xml
Datei Gefunden : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\Web Search.xml
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\ProgramData\FreeRIP
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Premium
Ordner Gefunden : C:\Users\grinsekathze\AppData\Local\Conduit
Ordner Gefunden : C:\Users\grinsekathze\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\grinsekathze\AppData\Roaming\Funmoods
Ordner Gefunden : C:\Users\grinsekathze\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\grinsekathze\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\1ClickDownload
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\Software\InstallCore
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Schlüssel Gefunden : HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\prefs.js

Gefunden : user_pref("extensions.501e6fa18eea5.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gefunden : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Gefunden : user_pref("extensions.enabledAddons", "501e6fa18edf8%40501e6fa18ee31.info:1.0,DivXWebPlayer%40divx.c[...]
Gefunden : user_pref("extensions.ffxtlbr@funmoods.com.install-event-fired", true);
Gefunden : user_pref("extensions.ffxtlbra@softonic.com.install-event-fired", true);
Gefunden : user_pref("extensions.funmoods.aflt", "nv1");
Gefunden : user_pref("extensions.funmoods.autoRvrt", false);
Gefunden : user_pref("extensions.funmoods.cntry", "AT");
Gefunden : user_pref("extensions.funmoods.cv", "cv5");
Gefunden : user_pref("extensions.funmoods.dfltLng", "");
Gefunden : user_pref("extensions.funmoods.dfltSrch", true);
Gefunden : user_pref("extensions.funmoods.dnsErr", true);
Gefunden : user_pref("extensions.funmoods.envrmnt", "production");
Gefunden : user_pref("extensions.funmoods.excTlbr", false);
Gefunden : user_pref("extensions.funmoods.hdrMd5", "95A62F3E1104E70F6B5ADABB17E13675");
Gefunden : user_pref("extensions.funmoods.hmpg", true);
Gefunden : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1[...]
Gefunden : user_pref("extensions.funmoods.id", "D0DF9ABF05CCEF29");
Gefunden : user_pref("extensions.funmoods.instlDay", "15714");
Gefunden : user_pref("extensions.funmoods.instlRef", "nv1");
Gefunden : user_pref("extensions.funmoods.isdcmntcmplt", true);
Gefunden : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2216:4:42");
Gefunden : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Gefunden : user_pref("extensions.funmoods.newTab", true);
Gefunden : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2[...]
Gefunden : user_pref("extensions.funmoods.prdct", "funmoods");
Gefunden : user_pref("extensions.funmoods.prtnrId", "funmoods");
Gefunden : user_pref("extensions.funmoods.sg", "none");
Gefunden : user_pref("extensions.funmoods.smplGrp", "none");
Gefunden : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Gefunden : user_pref("extensions.funmoods.tlbrId", "base");
Gefunden : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEt[...]
Gefunden : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Gefunden : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2216:4:42");
Gefunden : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Gefunden : user_pref("extensions.funmoods_i.newTab", true);
Gefunden : user_pref("extensions.funmoods_i.smplGrp", "none");
Gefunden : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:4:42");
Gefunden : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gefunden : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gefunden : user_pref("extensions.softonic_i.aflt", "SD");
Gefunden : user_pref("extensions.softonic_i.dfltLng", "de");
Gefunden : user_pref("extensions.softonic_i.excTlbr", false);
Gefunden : user_pref("extensions.softonic_i.id", "6eacef29000000000000d0df9abf4704");
Gefunden : user_pref("extensions.softonic_i.instlDay", "15395");
Gefunden : user_pref("extensions.softonic_i.instlRef", "MON00016");
Gefunden : user_pref("extensions.softonic_i.newTab", false);
Gefunden : user_pref("extensions.softonic_i.prdct", "softonic");
Gefunden : user_pref("extensions.softonic_i.prtnrId", "softonic");
Gefunden : user_pref("extensions.softonic_i.smplGrp", "eng7");
Gefunden : user_pref("extensions.softonic_i.tlbrId", "de12JANdefault_chrome");
Gefunden : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00016/tb_v1?SearchSour[...]
Gefunden : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Gefunden : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.521:56:21");
Gefunden : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
Gefunden : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&[...]

*************************

AdwCleaner[R1].txt - [10860 octets] - [20/01/2013 18:38:10]
AdwCleaner[R2].txt - [10663 octets] - [21/01/2013 14:52:26]

########## EOF - C:\AdwCleaner[R2].txt - [10724 octets] ##########
         

ccleaner autostartliste nach neustart

Code:
ATTFilter
Ja	HKCU:Run	SandboxieControl	SANDBOXIE L.T.D	"C:\Program Files\Sandboxie\SbieCtrl.exe"
Ja	HKLM:Run	Adobe ARM	Adobe Systems Incorporated	"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja	HKLM:Run	AthBtTray	Atheros Commnucations	"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
Ja	HKLM:Run	AtherosBtStack	Atheros Communications	"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
Ja	HKLM:Run	avgnt	Avira Operations GmbH & Co. KG	"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Ja	HKLM:Run	HP Quick Launch	Hewlett-Packard Development Company, L.P.	C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
Ja	HKLM:Run	HPOSD	Hewlett-Packard Development Company, L.P.	C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
Ja	HKLM:Run	HPWirelessAssistant		C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
Ja	HKLM:Run	RTHDVCPL	Realtek Semiconductor	C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
Ja	HKLM:Run	SynTPEnh	Synaptics Incorporated	%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Ja	Startup User	OpenOffice.org 3.4.1.lnk		C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
         

jdownloader entfernen hat funktioniert mit revo
freerip is aus der deinstal liste bei CCleaner verschwunden, wurde aba nicht deinstalliert...finde freerip auch mit revo nichtmehr

soll ich die quarantäneliste von Malwarebytes löschen?

achja hab auch gleich mit revo den mc afee sec scan gelöscht

hintergrundwächter find ich nicht bei malwarebytes

thx

Alt 21.01.2013, 14:11   #14
markusg
/// Malware-holic
 
browse to save virus - Standard

browse to save virus



ccleaner Autostart, alle Haken raus, außer:
SandboxieControl
avgnt
HPWirelessAssistant
SynTPEnh
und den haken bei startup raus.
neustarten.


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)


neustarten, teste, wie der PC läuft + Programme wie browser.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 16:22   #15
siskat
 
browse to save virus - Standard

browse to save virus



ja, mein lappi is definitiv wieder schneller

log nach 1xneustart

Code:
ATTFilter
# AdwCleaner v2.106 - Datei am 21/01/2013 um 17:04:18 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : grinsekathze - GRINSEKATHZE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\grinsekathze\Desktop\adwcleaner06.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\funmoods.xml
Datei Gelöscht : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\FreeRIP
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\grinsekathze\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\grinsekathze\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\grinsekathze\AppData\Roaming\Funmoods
Ordner Gelöscht : C:\Users\grinsekathze\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\grinsekathze\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\prefs.js

C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.501e6fa18eea5.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gelöscht : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Gelöscht : user_pref("extensions.enabledAddons", "501e6fa18edf8%40501e6fa18ee31.info:1.0,DivXWebPlayer%40divx.c[...]
Gelöscht : user_pref("extensions.ffxtlbr@funmoods.com.install-event-fired", true);
Gelöscht : user_pref("extensions.ffxtlbra@softonic.com.install-event-fired", true);
Gelöscht : user_pref("extensions.funmoods.aflt", "nv1");
Gelöscht : user_pref("extensions.funmoods.autoRvrt", false);
Gelöscht : user_pref("extensions.funmoods.cntry", "AT");
Gelöscht : user_pref("extensions.funmoods.cv", "cv5");
Gelöscht : user_pref("extensions.funmoods.dfltLng", "");
Gelöscht : user_pref("extensions.funmoods.dfltSrch", true);
Gelöscht : user_pref("extensions.funmoods.dnsErr", true);
Gelöscht : user_pref("extensions.funmoods.envrmnt", "production");
Gelöscht : user_pref("extensions.funmoods.excTlbr", false);
Gelöscht : user_pref("extensions.funmoods.hdrMd5", "95A62F3E1104E70F6B5ADABB17E13675");
Gelöscht : user_pref("extensions.funmoods.hmpg", true);
Gelöscht : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1[...]
Gelöscht : user_pref("extensions.funmoods.id", "D0DF9ABF05CCEF29");
Gelöscht : user_pref("extensions.funmoods.instlDay", "15714");
Gelöscht : user_pref("extensions.funmoods.instlRef", "nv1");
Gelöscht : user_pref("extensions.funmoods.isdcmntcmplt", true);
Gelöscht : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2216:4:42");
Gelöscht : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.funmoods.newTab", true);
Gelöscht : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2[...]
Gelöscht : user_pref("extensions.funmoods.prdct", "funmoods");
Gelöscht : user_pref("extensions.funmoods.prtnrId", "funmoods");
Gelöscht : user_pref("extensions.funmoods.sg", "none");
Gelöscht : user_pref("extensions.funmoods.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Gelöscht : user_pref("extensions.funmoods.tlbrId", "base");
Gelöscht : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEt[...]
Gelöscht : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2216:4:42");
Gelöscht : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods_i.newTab", true);
Gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:4:42");
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("extensions.softonic_i.aflt", "SD");
Gelöscht : user_pref("extensions.softonic_i.dfltLng", "de");
Gelöscht : user_pref("extensions.softonic_i.excTlbr", false);
Gelöscht : user_pref("extensions.softonic_i.id", "6eacef29000000000000d0df9abf4704");
Gelöscht : user_pref("extensions.softonic_i.instlDay", "15395");
Gelöscht : user_pref("extensions.softonic_i.instlRef", "MON00016");
Gelöscht : user_pref("extensions.softonic_i.newTab", false);
Gelöscht : user_pref("extensions.softonic_i.prdct", "softonic");
Gelöscht : user_pref("extensions.softonic_i.prtnrId", "softonic");
Gelöscht : user_pref("extensions.softonic_i.smplGrp", "eng7");
Gelöscht : user_pref("extensions.softonic_i.tlbrId", "de12JANdefault_chrome");
Gelöscht : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00016/tb_v1?SearchSour[...]
Gelöscht : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Gelöscht : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.521:56:21");
Gelöscht : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
Gelöscht : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&[...]

*************************

AdwCleaner[R1].txt - [10860 octets] - [20/01/2013 18:38:10]
AdwCleaner[R2].txt - [10768 octets] - [21/01/2013 14:52:26]
AdwCleaner[S2].txt - [10690 octets] - [21/01/2013 17:04:18]

########## EOF - C:\AdwCleaner[S2].txt - [10751 octets] ##########
         

browse to safe noch da ..is ja schräg

edit
browser startet zwar schneller aber switch zwischen den tabs ir ur zach

Antwort

Themen zu browse to save virus
1clickdownload, adobe reader xi, antivir, bonjour, browse to save, desktop, error, failed, firefox, flash player, freemium, icreinstall, install.exe, installation, launch, logfile, mozilla, msiexec.exe, msiinstaller, problem, realtek, registry, scan, security, software, starten, starten des servers fehlgeschlagen (0x80080005), svchost.exe, windows



Ähnliche Themen: browse to save virus


  1. "Browse to save" Virus
    Log-Analyse und Auswertung - 05.08.2014 (2)
  2. "Browse to save" Virus
    Log-Analyse und Auswertung - 25.01.2014 (7)
  3. ads by browse to save was nun?
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (11)
  4. Browse to Save - Virus
    Log-Analyse und Auswertung - 24.04.2013 (7)
  5. Browse to save
    Log-Analyse und Auswertung - 17.04.2013 (15)
  6. Browse to save...
    Plagegeister aller Art und deren Bekämpfung - 01.04.2013 (20)
  7. Ads by Browse to Save Virus
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (27)
  8. Virus - ads by browse to save
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (33)
  9. Ads by browse to save
    Plagegeister aller Art und deren Bekämpfung - 20.02.2013 (11)
  10. Ads by browse to save
    Plagegeister aller Art und deren Bekämpfung - 17.02.2013 (13)
  11. "Adds to Browse to save" Virus
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (19)
  12. Unbekannter Virus-> "Ads by Browse to Save"
    Log-Analyse und Auswertung - 06.02.2013 (11)
  13. Add by Browse to save Malware
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (40)
  14. Ads by Browse to Save
    Plagegeister aller Art und deren Bekämpfung - 02.02.2013 (21)
  15. Ads by Browse to Save - Virus? Wie Entfernen?
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (13)
  16. Werbebanner by Browse to Save - Virus
    Plagegeister aller Art und deren Bekämpfung - 18.01.2013 (13)
  17. Ads by Browse to Save - Virus
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (15)

Zum Thema browse to save virus - halihalo hab auch dieses problem und schon mal otl runtergeladen und laufen lassen. hab zwar schon so einen thread gelesenn aber ich hab das so verstanden dass das bei jedem - browse to save virus...
Archiv
Du betrachtest: browse to save virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.