Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Link in GMX-Mail angeklickt - Folgen???

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.03.2013, 18:39   #1
fitzceraldo
 
Link in GMX-Mail angeklickt - Folgen??? - Standard

Link in GMX-Mail angeklickt - Folgen???



Tja, nun ist es mir auch passiert...
Da kam eine Email über GMX rein, von einer Bekannten, die nur einen Link enthielt. Da mir der Absender bekannt war, war ich nicht so vorsichtig wie sonst und habe den Link geöffnet. Beim Klick auf den Link öffnete sich eine Werbeseite, die ich sofort wieder geschlossen habe.

Dummerweise erst danach habe ich bei der Bekannten nachgefragt, ob die Email wirklich von ihr kam, was natürlich nicht der Fall war.

Die Email mit dem Link habe ich noch. Gibt es eine Möglichkeit zu prüfen, ob der Link mit was infiziert war und ich mir was eingefangen habe?

Zur Vorwarnung: Ich bin älter, nicht mit PC aufgewachsen, reiner Anwender und habe wirklich NULL-Ahnung von den ganzen Programmen und Schritten, die ich hier in anderen Postings gelesen habe. Ich weiß also nicht, ob ich das alleine hinbekomme.

Ich habe hier Windows Vista drauf und AVG Anti Virus Free Edition. Ein Scan hat keine Ergebnisse gebracht. Aber ich habe jetzt Sorge, dass da trotzdem was sein könnte, da der GMX-Account der Bekannten offenbar unplanmäßig die Mail an ihre Kontaktdaten geschickt hat.

Ich hoffe, mir kann hier jemand weiterhelfen. Und bitte ganz simpel und für Dummies erklärt...

Alt 03.03.2013, 19:42   #2
markusg
/// Malware-holic
 
Link in GMX-Mail angeklickt - Folgen??? - Standard

Link in GMX-Mail angeklickt - Folgen???



Hi
die Bekannte sollte sich auch mal melden.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 03.03.2013, 21:59   #3
fitzceraldo
 
Link in GMX-Mail angeklickt - Folgen??? - Standard

Link in GMX-Mail angeklickt - Folgen???



Zitat:
Zitat von markusg Beitrag anzeigen
Hi
die Bekannte sollte sich auch mal melden.
Werde es ihr sagen!

Erstmal DANKE für die schnelle Rückmeldung!

Ich habe das mit dem Programm versucht. Hoffe, es ist so richtig. Hier die kopierten Texte, die mir rein gar nix sagen:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.03.2013 21:17:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\M***\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,20% Memory free
8,19 Gb Paging File | 6,18 Gb Available in Paging File | 75,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,52 Gb Total Space | 131,30 Gb Free Space | 22,58% Space Free | Partition Type: NTFS
 
Computer Name: M***-PC | User Name: M***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.03 20:59:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\M***\Downloads\OTL.exe
PRC - [2013.02.19 16:57:34 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013.02.19 16:57:34 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.11.03 16:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2008.09.18 10:13:00 | 000,099,896 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe
PRC - [2008.09.18 10:13:00 | 000,079,416 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe
PRC - [2008.07.07 16:26:28 | 001,038,136 | ---- | M] (Packard Bell BV) -- C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe
PRC - [2008.05.29 09:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) -- C:\Windows\SysWOW64\HidService.exe
PRC - [2008.04.28 16:16:06 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.19 16:57:35 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013.02.19 16:57:34 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011.11.03 16:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011.11.03 16:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011.11.03 16:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2008.05.29 09:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\SysNative\HidService.exe -- (GenericHidService)
SRV - [2013.02.20 21:15:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.19 16:57:34 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.28 16:10:48 | 000,088,888 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.20 22:31:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.07.16 13:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.05.29 09:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\SysWow64\HidService.exe -- (GenericHidService)
SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.19 16:57:35 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.01.20 22:30:38 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008.01.21 03:47:28 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008.01.21 03:46:57 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008.01.21 03:46:53 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2007.05.02 10:11:14 | 000,145,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2007.05.02 10:11:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bus.sys -- (ss_bus)
DRV:64bit: - [2007.05.02 10:11:14 | 000,019,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdfl.sys -- (ss_mdfl)
DRV - [2008.07.16 12:56:06 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_x4614_ge
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_x4614_ge
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_x4614_ge
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_x4614_ge
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_x4614_ge
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE347
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={EF8E6D64-B893-421A-912C-2035B1F1ED22}&mid=a4053ad6eaa147d0a7d4d16b2e876fbe-1234bd96338dc2ec69e8f8671ef3b96add73dbd6&lang=de&ds=AVG&pr=fr&d=2012-06-12 17:23:27&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:14.2.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/CCBPL: C:\Program Files (x86)\Canon\APU\npCCBPLFirefox.dll (Canon Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.19 16:57:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 21:15:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 21:15:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.20 20:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M***\AppData\Roaming\mozilla\Extensions
[2012.10.24 18:51:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M***\AppData\Roaming\mozilla\Firefox\Profiles\36xofyxm.default\extensions
[2013.02.20 21:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.19 16:57:44 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1
[2013.02.20 21:15:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.19 16:57:44 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\APU\npCCBPLFirefox.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Secure Search = C:\Users\M***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\M***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [FujiKeyboard] c:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe (Packard Bell BV)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - Startup: C:\Users\M***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\M***\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31351785-F72F-4DD6-B9BA-30659EB785AD}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\SysWOW64\ezShellStart.exe (EasyBits Software AS)
O24 - Desktop WallPaper: C:\Users\M***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\M***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.02 22:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2013.03.02 22:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2013.03.02 22:29:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2013.03.02 20:58:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.22 13:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaalDesignSoftware
[2013.02.20 21:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.18 14:27:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2013.02.18 14:27:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2013.02.18 14:27:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2013.02.18 14:27:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2013.02.18 14:27:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2013.02.18 14:27:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2013.02.12 16:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.03 21:06:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.03 21:00:10 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.03 21:00:10 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.03 20:51:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.03 20:06:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.03 19:07:41 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.03 19:07:41 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.03 19:07:41 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.03 19:07:41 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.03 19:07:41 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.03 19:00:54 | 000,002,417 | ---- | M] () -- C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
[2013.03.03 19:00:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2013.03.03 18:59:49 | 4293,054,464 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.02 22:34:11 | 000,389,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.02 22:28:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2013.03.02 22:28:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2013.03.02 21:33:45 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2013.03.02 21:33:45 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2013.03.02 21:33:45 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2013.03.02 21:33:45 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2013.03.02 21:33:22 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.02 21:33:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.25 13:55:56 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013.02.25 10:24:12 | 000,021,504 | ---- | M] () -- C:\Users\M***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.24 13:09:14 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.22 13:13:55 | 000,128,100 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.02.22 13:13:39 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\SaalDesignSoftware.lnk
[2013.02.19 16:57:35 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.02.12 16:47:14 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.02 22:28:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2013.03.02 22:28:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2013.03.02 21:40:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.03.02 21:40:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.03.02 21:33:22 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.02 21:33:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.22 13:13:39 | 000,000,896 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaalDesignSoftware.lnk
[2013.02.22 13:13:39 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\SaalDesignSoftware.lnk
[2012.10.25 20:00:43 | 000,128,100 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.10.22 14:32:43 | 065,630,764 | ---- | C] () -- C:\Users\M***\goldhochzeit danksagung.cpr
[2012.05.10 00:02:04 | 000,385,791 | ---- | C] () -- C:\Users\M***\bild.cpr
[2012.05.09 23:20:08 | 000,445,455 | ---- | C] () -- C:\Users\M***\Goldhochzeit Einladung.cpr
[2009.09.24 21:51:34 | 000,021,504 | ---- | C] () -- C:\Users\M***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.24 20:27:01 | 000,004,084 | ---- | C] () -- C:\Users\M***\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.06.12 16:52:51 | 000,000,000 | ---D | M] -- C:\Users\M***\AppData\Roaming\AVG
[2012.12.27 09:34:16 | 000,000,000 | ---D | M] -- C:\Users\M***\AppData\Roaming\AVG2013
[2013.01.19 22:57:19 | 000,000,000 | ---D | M] -- C:\Users\M***\AppData\Roaming\FRITZ!
[2012.06.23 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\M***\AppData\Roaming\IrfanView
[2012.05.07 14:57:56 | 000,000,000 | ---D | M] -- C:\Users\M***\AppData\Roaming\SaalDesignSoftware
[2009.11.26 12:06:26 | 000,000,000 | ---D | M] -- C:\Users\M***\AppData\Roaming\Template
[2012.12.27 09:30:35 | 000,000,000 | ---D | M] -- C:\Users\M***\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.01.21 20:47:30 | 000,000,000 | -H-D | M] -- C:\$AVG
[2009.09.24 20:25:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.09.24 20:24:45 | 000,000,000 | -H-D | M] -- C:\ACER
[2013.02.18 14:35:42 | 000,000,000 | -HSD | M] -- C:\Boot
[2013.03.02 22:33:06 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 16:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.09.24 20:20:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.01.20 22:23:30 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.03.02 22:30:01 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.03.02 22:30:01 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.01.21 21:54:23 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.09.24 20:20:04 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.03.03 21:18:28 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.05.29 09:36:56 | 000,000,000 | ---D | M] -- C:\USB_DRV
[2013.01.21 21:57:13 | 000,000,000 | R--D | M] -- C:\Users
[2013.03.02 22:30:56 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 16:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 16:42:03 | 000,032,510 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.01.31 16:10:29 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.01.31 16:10:31 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.05.10 00:02:05 | 000,385,791 | ---- | M] () -- C:\Users\M***\bild.cpr
[2013.03.03 20:52:03 | 000,095,177 | ---- | M] () -- C:\Users\M***\DesktopStCenter.txt
[2012.10.22 14:32:46 | 065,630,764 | ---- | M] () -- C:\Users\M***\goldhochzeit danksagung.cpr
[2012.05.09 23:24:40 | 000,445,455 | ---- | M] () -- C:\Users\M***\Goldhochzeit Einladung.cpr
[2013.03.03 21:16:57 | 003,932,160 | -HS- | M] () -- C:\Users\M***\ntuser.dat
[2013.03.03 21:16:57 | 000,262,144 | -H-- | M] () -- C:\Users\M***\ntuser.dat.LOG1
[2009.09.24 20:23:13 | 000,000,000 | -H-- | M] () -- C:\Users\M***\ntuser.dat.LOG2
[2013.03.03 18:58:15 | 000,065,536 | -HS- | M] () -- C:\Users\M***\ntuser.dat{8de3c777-1d25-11e1-93c9-00226863864d}.TM.blf
[2013.03.03 18:58:15 | 000,524,288 | -HS- | M] () -- C:\Users\M***\ntuser.dat{8de3c777-1d25-11e1-93c9-00226863864d}.TMContainer00000000000000000001.regtrans-ms
[2011.12.02 21:52:34 | 000,524,288 | -HS- | M] () -- C:\Users\M***\ntuser.dat{8de3c777-1d25-11e1-93c9-00226863864d}.TMContainer00000000000000000002.regtrans-ms
[2011.12.01 23:35:04 | 000,065,536 | -HS- | M] () -- C:\Users\M***\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2011.06.09 15:44:34 | 000,524,288 | -HS- | M] () -- C:\Users\M***\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2011.12.01 23:35:04 | 000,524,288 | -HS- | M] () -- C:\Users\M***\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2009.09.24 20:23:14 | 000,000,020 | -HS- | M] () -- C:\Users\M***\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.03.2013 21:17:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\M***\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,20% Memory free
8,19 Gb Paging File | 6,18 Gb Available in Paging File | 75,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,52 Gb Total Space | 131,30 Gb Free Space | 22,58% Space Free | Partition Type: NTFS
 
Computer Name: M***-PC | User Name: M***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 2E 07 5C DF DC 0D CE 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{044C42F7-D6C3-4105-A4C4-27B70F249438}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{2189CECF-C105-4DE5-B118-6FD4AD565304}" = rport=138 | protocol=17 | dir=out | app=system | 
"{52737954-22DC-4647-AEFF-691FCCA3234A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{560AE39B-7EE8-4E13-9C72-7A1A82D4FBD4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5F881869-FED0-4B6C-B8AE-322B28EFC200}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7F73A7B8-1EE5-401A-9DFA-DD0B94CFFAD9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8F5FA61C-46B3-4843-B39E-53579876A8F9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A33B628A-2A5E-458D-9BC5-7B9B68415035}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D99EFF63-7D05-47FE-A92B-E0D89E89D357}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F6BC1D45-EC30-4052-889E-0124CCB3DAE9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F95A954D-3491-4336-BF47-57FE14E3ABBB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F9A8EBEE-EDCB-4FE8-B25A-9C8AB9F929EA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F9EFA409-7A48-4D89-AD7D-C1BCD7167A71}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B4A6705-E43D-4D53-AA55-10DE7F5FA945}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{1B22A208-5A9C-48C8-8564-738324C33AE8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{20D4BD3D-20E0-468E-9160-3AA1AB8D515B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{23F008E6-B762-45ED-99F8-0C7572A6833C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{282CB714-DD17-4801-9702-BFF6D9A0BE49}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{2A7073F3-AD5B-409E-BCCA-E500619F3D2D}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{4158D142-55C0-4F19-88B7-283C2A3BBAE5}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{49EA9684-3675-43FD-8EB2-98E060D1709E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{57F3061E-6050-4D2F-99B8-7F9B0276AE30}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5929140B-78E3-47D5-9C1E-9A1BDADBA8A0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5AD83EE9-65EA-466D-B18D-1B2E4AB7E9ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6D63FEE0-37BD-4E66-B672-D704B4B1DB14}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{6E768AAA-6ADF-42E2-B1DB-7DBAA598DA2E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{73EBC70A-8A04-44FF-A242-078CD36CBC48}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{7846CB16-F865-4469-9EBD-BF8C67EE1F9C}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\republic heroes\republic heroes.exe | 
"{7D506531-58F9-4C92-A723-BDA9718AE84D}" = protocol=6 | dir=in | app=c:\users\martina\videos\videoconverter_setup.exe | 
"{7DA5B639-B2F9-468C-8EC0-C1CF073D4902}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{7FA5136B-BABF-456F-9049-9C89411DD4AF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{89A6F7E8-5CA0-4A63-BA83-F5CF112267C6}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{8BC50950-E470-49B7-BD0C-9FF014B81195}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{8BF72D24-120F-4DC4-B790-F129E6BD07BB}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\republic heroes\republic heroes.exe | 
"{95079805-C655-4549-85D9-80F66AF7B0B8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{A2F8DBBF-4DD9-4EFB-9FA6-545597E37DCB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{ACFB6C97-B680-4FD5-BECA-C4390361B354}" = protocol=17 | dir=in | app=c:\users\m***\videos\videoconverter_setup.exe | 
"{C444EFE0-231A-4500-9D5C-87940A753506}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{CAE50B08-CF22-49DC-98A8-59D1BF7A0C11}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{CB7C461A-1D64-4AB8-AC03-C7B521D3ECE3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D14E93AE-65F9-4ADD-BAB9-5D3B88416C20}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{D3DDBC4D-A053-4711-BB0D-D164D2AF2667}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{D8050D3C-1797-430C-8B06-D4A76BE99C5C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{D97D1DA2-68AB-4E13-8723-40C1007F6DE0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{DC7DA785-D855-45C6-AD1A-8B523B2F3F28}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{DF6ABCE0-931A-44CE-8165-9B62BC22DEAC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{E5D9178B-27E5-40E3-9FD7-29058F31DFC2}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{E85FA4F5-38FA-4538-9B2F-7A1453BEEA9D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{F6766F9E-61CF-40D2-B7FE-38B2E6B14C3F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NIS2009" = Norton Internet Security 2009
"NVIDIA Drivers" = NVIDIA Drivers
"Office2007" = Microsoft Office Home and Student
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Works9se" = Microsoft Works 9.0 SE
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11AE6807-50D2-4F59-82B3-2C3E695E94C2}" = NVIDIA PhysX v8.05.26
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{398AB469-77FC-4935-820B-D419388C0A6A}" = LEGO® Batman™
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.0.1.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98C25937-BE36-D16A-F0F6-C66F6173CFA6}" = Saal Design Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8C2A0AE-FBF8-4B0D-A541-F434D80E55B2}" = Windows Vista Demo Screen Saver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"APU" = CANON iMAGE GATEWAY Album Plugin Utility
"AVG Secure Search" = AVG Security Toolbar
"Canon RAW Codec" = Canon RAW Codec
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"Google Chrome" = Google Chrome
"InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}" = LEGO® Batman™
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PremElem40" = Adobe Premiere Elements 4.0
"SaalDesignSoftware" = Saal Design Software
"Tales of Monkey Island" = Tales of Monkey Island
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.09.2011 11:12:09 | Computer Name = M***-PC | Source = Software Licensing Service | ID = 1020
Description = Fehler beim Laden des Proxyausführungsschlüssels. hr=0xC004D401  Proxyausführungsrichtlinie=WindowsSearchEngine-Licensing-SearchEnabled
 
Error - 05.09.2011 11:12:09 | Computer Name = M***-PC | Source = Software Licensing Service | ID = 1020
Description = Fehler beim Laden des Proxyausführungsschlüssels. hr=0xC004D401  Proxyausführungsrichtlinie=parentalcontrols-EnableFeature
 
Error - 05.09.2011 11:12:09 | Computer Name = M***-PC | Source = Software Licensing Service | ID = 1020
Description = Fehler beim Laden des Proxyausführungsschlüssels. hr=0xC004D401  Proxyausführungsrichtlinie=shell32-EnableProxyFeature
 
Error - 05.09.2011 11:12:17 | Computer Name = M***-PC | Source = Winlogon | ID = 4102
Description = Die Windows-Lizenz ist ungültig. Fehler 0xC004F027. Richtlinienwert
 0x00000000.
 
Error - 05.09.2011 11:12:31 | Computer Name = M***-PC | Source = Software Licensing Service | ID = 8193
Description = Der Lizenzaktivierungsplaner (SLUINotify.dll) ist mit folgendem Fehlercode
 fehlgeschlagen:  0xC004D401
 
Error - 05.09.2011 11:12:55 | Computer Name = M***-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
Error - 05.09.2011 11:15:37 | Computer Name = M***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.09.2011 15:11:47 | Computer Name = M***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.09.2011 15:11:48 | Computer Name = M***-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
 
Error - 05.09.2011 15:13:02 | Computer Name = M***-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 03.03.2013 05:31:07 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 03.03.2013 05:31:07 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.03.2013 06:02:26 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 03.03.2013 12:38:04 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 03.03.2013 12:38:04 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 03.03.2013 12:38:04 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.03.2013 13:58:25 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 03.03.2013 14:01:07 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 03.03.2013 14:01:07 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.03.2013 14:01:07 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7006
Description = 
 
 
< End of report >
         
--- --- ---


Ich habe versucht, persönliches, soweit ich es in dem Kauderwelsch_-Text gefunden habe zu *** . Ob es mir immer geglückt ist, weiß ich nicht, seufz!

War das so ok? Wie geht es nun weiter?
__________________

Alt 04.03.2013, 20:09   #4
markusg
/// Malware-holic
 
Link in GMX-Mail angeklickt - Folgen??? - Standard

Link in GMX-Mail angeklickt - Folgen???



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O4 - HKLM..\Run: [eRecoveryService]  File not found
O8:64bit: - Extra context menu item: An OneNote senden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote senden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.03.2013, 22:06   #5
fitzceraldo
 
Link in GMX-Mail angeklickt - Folgen??? - Standard

Link in GMX-Mail angeklickt - Folgen???



Hallo Markus,

ich habe das wie von dir beschrieben versucht, aber hinter OTL stand immer wieder (Keine Rückmeldung), der Kringel drehte sich ewig und es tat sich nichts. Ach ja, beim Druck auf Fix-Button verschwand bis auf den letzten Klammerbegriff der von mir in die Textbox kopierte Text komplett. Ist das so normal? Soll ich es nochmal versuchen? Habe ich was falsch gemacht? Habe trotzdem Neustart gemacht und das Textdokument unter C ist leer.

Was soll ich nun machen?


Alt 04.03.2013, 22:07   #6
markusg
/// Malware-holic
 
Link in GMX-Mail angeklickt - Folgen??? - Standard

Link in GMX-Mail angeklickt - Folgen???



ok erst mal:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Link in GMX-Mail angeklickt - Folgen???

Alt 04.03.2013, 22:20   #7
fitzceraldo
 
Link in GMX-Mail angeklickt - Folgen??? - Standard

Link in GMX-Mail angeklickt - Folgen???



Ich hoffe das ist der richtige Text, den du brauchst:

22:10:31.0653 3676 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:10:31.0980 3676 ============================================================
22:10:31.0980 3676 Current date / time: 2013/03/04 22:10:31.0980
22:10:31.0980 3676 SystemInfo:
22:10:31.0980 3676
22:10:31.0980 3676 OS Version: 6.0.6002 ServicePack: 2.0
22:10:31.0980 3676 Product type: Workstation
22:10:31.0980 3676 ComputerName: ***-PC
22:10:31.0980 3676 UserName: ***
22:10:31.0980 3676 Windows directory: C:\Windows
22:10:31.0980 3676 System windows directory: C:\Windows
22:10:31.0980 3676 Running under WOW64
22:10:31.0980 3676 Processor architecture: Intel x64
22:10:31.0980 3676 Number of processors: 4
22:10:31.0980 3676 Page size: 0x1000
22:10:31.0980 3676 Boot type: Normal boot
22:10:31.0980 3676 ============================================================
22:10:32.0667 3676 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:10:32.0682 3676 ============================================================
22:10:32.0682 3676 \Device\Harddisk0\DR0:
22:10:32.0682 3676 MBR partitions:
22:10:32.0682 3676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4F800, BlocksNum 0x48B08000
22:10:32.0682 3676 ============================================================
22:10:32.0713 3676 C: <-> \Device\Harddisk0\DR0\Partition1
22:10:32.0713 3676 ============================================================
22:10:32.0713 3676 Initialize success
22:10:32.0713 3676 ============================================================
22:13:17.0888 2640 ============================================================
22:13:17.0888 2640 Scan started
22:13:17.0888 2640 Mode: Manual; SigCheck; TDLFS;
22:13:17.0888 2640 ============================================================
22:13:19.0526 2640 ================ Scan system memory ========================
22:13:19.0526 2640 System memory - ok
22:13:19.0526 2640 ================ Scan services =============================
22:13:19.0854 2640 [ 78E902FB660BD5003FE726B9BEF300B6 ] 61883 C:\Windows\system32\DRIVERS\61883.sys
22:13:20.0213 2640 61883 - ok
22:13:20.0306 2640 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:13:20.0322 2640 ACPI - ok
22:13:20.0415 2640 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
22:13:20.0447 2640 AdobeActiveFileMonitor6.0 - ok
22:13:20.0525 2640 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:13:20.0540 2640 AdobeARMservice - ok
22:13:20.0649 2640 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:13:20.0712 2640 adp94xx - ok
22:13:20.0759 2640 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:13:20.0774 2640 adpahci - ok
22:13:20.0821 2640 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:13:20.0837 2640 adpu160m - ok
22:13:20.0899 2640 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:13:20.0915 2640 adpu320 - ok
22:13:20.0946 2640 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:13:21.0086 2640 AeLookupSvc - ok
22:13:21.0133 2640 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
22:13:21.0242 2640 AFD - ok
22:13:21.0273 2640 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:13:21.0289 2640 agp440 - ok
22:13:21.0320 2640 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:13:21.0336 2640 aic78xx - ok
22:13:21.0351 2640 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
22:13:21.0414 2640 ALG - ok
22:13:21.0429 2640 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
22:13:21.0445 2640 aliide - ok
22:13:21.0476 2640 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
22:13:21.0492 2640 amdide - ok
22:13:21.0507 2640 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:13:21.0570 2640 AmdK8 - ok
22:13:21.0632 2640 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
22:13:21.0710 2640 Appinfo - ok
22:13:21.0741 2640 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
22:13:21.0757 2640 arc - ok
22:13:21.0757 2640 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:13:21.0773 2640 arcsas - ok
22:13:21.0804 2640 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:13:21.0851 2640 AsyncMac - ok
22:13:21.0913 2640 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
22:13:21.0929 2640 atapi - ok
22:13:21.0975 2640 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:13:22.0100 2640 AudioEndpointBuilder - ok
22:13:22.0100 2640 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:13:22.0131 2640 AudioSrv - ok
22:13:22.0194 2640 [ 295FA2878FF499C0EDFA0EBCC8C6EC66 ] Avc C:\Windows\system32\DRIVERS\avc.sys
22:13:22.0272 2640 Avc - ok
22:13:22.0459 2640 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
22:13:23.0021 2640 AVGIDSAgent - ok
22:13:23.0067 2640 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
22:13:23.0145 2640 AVGIDSDriver - ok
22:13:23.0161 2640 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
22:13:23.0177 2640 AVGIDSHA - ok
22:13:23.0208 2640 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
22:13:23.0223 2640 Avgldx64 - ok
22:13:23.0270 2640 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
22:13:23.0286 2640 Avgloga - ok
22:13:23.0348 2640 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
22:13:23.0364 2640 Avgmfx64 - ok
22:13:23.0395 2640 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
22:13:23.0442 2640 Avgrkx64 - ok
22:13:23.0457 2640 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
22:13:23.0473 2640 Avgtdia - ok
22:13:23.0535 2640 [ 4C05242DC361A217223E9B8EC2B3A76B ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
22:13:23.0551 2640 avgtp - ok
22:13:23.0598 2640 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
22:13:23.0613 2640 avgwd - ok
22:13:23.0676 2640 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
22:13:23.0785 2640 BFE - ok
22:13:23.0832 2640 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
22:13:23.0910 2640 BITS - ok
22:13:23.0957 2640 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:13:24.0019 2640 blbdrive - ok
22:13:24.0066 2640 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:13:24.0144 2640 bowser - ok
22:13:24.0175 2640 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:13:24.0206 2640 BrFiltLo - ok
22:13:24.0222 2640 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:13:24.0269 2640 BrFiltUp - ok
22:13:24.0300 2640 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
22:13:24.0378 2640 Browser - ok
22:13:24.0409 2640 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
22:13:24.0565 2640 Brserid - ok
22:13:24.0581 2640 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:13:24.0659 2640 BrSerWdm - ok
22:13:24.0674 2640 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:13:24.0752 2640 BrUsbMdm - ok
22:13:24.0783 2640 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:13:24.0877 2640 BrUsbSer - ok
22:13:24.0908 2640 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:13:24.0986 2640 BTHMODEM - ok
22:13:25.0002 2640 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:13:25.0080 2640 cdfs - ok
22:13:25.0142 2640 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:13:25.0205 2640 cdrom - ok
22:13:25.0251 2640 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
22:13:25.0298 2640 CertPropSvc - ok
22:13:25.0329 2640 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
22:13:25.0376 2640 circlass - ok
22:13:25.0423 2640 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
22:13:25.0673 2640 CLFS - ok
22:13:25.0860 2640 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:13:25.0907 2640 clr_optimization_v2.0.50727_32 - ok
22:13:25.0953 2640 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:13:25.0985 2640 clr_optimization_v2.0.50727_64 - ok
22:13:26.0141 2640 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:13:26.0172 2640 clr_optimization_v4.0.30319_32 - ok
22:13:26.0375 2640 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:13:26.0390 2640 clr_optimization_v4.0.30319_64 - ok
22:13:26.0453 2640 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:13:26.0468 2640 cmdide - ok
22:13:26.0499 2640 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:13:26.0515 2640 Compbatt - ok
22:13:26.0515 2640 COMSysApp - ok
22:13:26.0531 2640 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:13:26.0546 2640 crcdisk - ok
22:13:26.0577 2640 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:13:26.0671 2640 CryptSvc - ok
22:13:26.0718 2640 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:13:26.0796 2640 DcomLaunch - ok
22:13:26.0843 2640 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:13:26.0921 2640 DfsC - ok
22:13:27.0061 2640 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
22:13:27.0279 2640 DFSR - ok
22:13:27.0311 2640 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:13:27.0357 2640 Dhcp - ok
22:13:27.0420 2640 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
22:13:27.0435 2640 disk - ok
22:13:27.0513 2640 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:13:27.0576 2640 Dnscache - ok
22:13:27.0591 2640 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
22:13:27.0654 2640 dot3svc - ok
22:13:27.0685 2640 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
22:13:27.0716 2640 DPS - ok
22:13:27.0763 2640 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:13:27.0794 2640 drmkaud - ok
22:13:28.0013 2640 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:13:28.0059 2640 DXGKrnl - ok
22:13:28.0106 2640 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
22:13:28.0137 2640 E1G60 - ok
22:13:28.0169 2640 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
22:13:28.0231 2640 EapHost - ok
22:13:28.0278 2640 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
22:13:28.0293 2640 Ecache - ok
22:13:28.0325 2640 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:13:28.0418 2640 ehRecvr - ok
22:13:28.0434 2640 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
22:13:28.0449 2640 ehSched - ok
22:13:28.0481 2640 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
22:13:28.0559 2640 ehstart - ok
22:13:28.0590 2640 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:13:28.0637 2640 elxstor - ok
22:13:28.0683 2640 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:13:28.0871 2640 EMDMgmt - ok
22:13:28.0980 2640 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:13:29.0058 2640 ErrDev - ok
22:13:29.0136 2640 [ 23112102BC2A8FE44B8AC44A05BDF4C3 ] ETService C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
22:13:29.0183 2640 ETService ( UnsignedFile.Multi.Generic ) - warning
22:13:29.0183 2640 ETService - detected UnsignedFile.Multi.Generic (1)
22:13:29.0229 2640 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
22:13:29.0292 2640 EventSystem - ok
22:13:29.0339 2640 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
22:13:29.0432 2640 exfat - ok
22:13:29.0448 2640 ezSharedSvc - ok
22:13:29.0495 2640 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:13:29.0604 2640 fastfat - ok
22:13:29.0651 2640 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:13:29.0682 2640 fdc - ok
22:13:29.0713 2640 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
22:13:29.0822 2640 fdPHost - ok
22:13:29.0853 2640 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
22:13:29.0963 2640 FDResPub - ok
22:13:29.0978 2640 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:13:30.0072 2640 FileInfo - ok
22:13:30.0119 2640 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:13:30.0150 2640 Filetrace - ok
22:13:30.0368 2640 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:13:30.0524 2640 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:13:30.0524 2640 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:13:30.0587 2640 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:13:30.0618 2640 flpydisk - ok
22:13:30.0789 2640 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:13:30.0836 2640 FltMgr - ok
22:13:31.0195 2640 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
22:13:31.0460 2640 FontCache - ok
22:13:31.0507 2640 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:13:31.0523 2640 FontCache3.0.0.0 - ok
22:13:31.0647 2640 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:13:31.0741 2640 Fs_Rec - ok
22:13:31.0772 2640 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:13:31.0788 2640 gagp30kx - ok
22:13:31.0819 2640 GenericHidService - ok
22:13:31.0913 2640 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
22:13:31.0959 2640 gpsvc - ok
22:13:32.0022 2640 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:13:32.0037 2640 gupdate - ok
22:13:32.0053 2640 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:13:32.0053 2640 gupdatem - ok
22:13:32.0084 2640 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:13:32.0100 2640 gusvc - ok
22:13:32.0147 2640 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:13:32.0225 2640 HdAudAddService - ok
22:13:32.0318 2640 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:13:32.0443 2640 HDAudBus - ok
22:13:32.0474 2640 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:13:32.0552 2640 HidBth - ok
22:13:32.0568 2640 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:13:32.0661 2640 HidIr - ok
22:13:32.0693 2640 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
22:13:32.0786 2640 hidserv - ok
22:13:32.0802 2640 [ D02C82CB3A20F391C8AEFF94E8E0BAA1 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:13:32.0849 2640 HidUsb - ok
22:13:32.0880 2640 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
22:13:33.0005 2640 hkmsvc - ok
22:13:33.0051 2640 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:13:33.0114 2640 HpCISSs - ok
22:13:33.0161 2640 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:13:33.0285 2640 HTTP - ok
22:13:33.0332 2640 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:13:33.0348 2640 i2omp - ok
22:13:33.0363 2640 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:13:33.0395 2640 i8042prt - ok
22:13:33.0426 2640 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:13:33.0519 2640 iaStorV - ok
22:13:33.0644 2640 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:13:33.0675 2640 idsvc - ok
22:13:33.0738 2640 [ AC9EBDE25DB39A35E1CEB0441BA7A464 ] IGDCTRL C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
22:13:33.0769 2640 IGDCTRL - ok
22:13:33.0800 2640 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:13:33.0816 2640 iirsp - ok
22:13:33.0847 2640 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
22:13:33.0894 2640 IKEEXT - ok
22:13:33.0972 2640 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys
22:13:33.0987 2640 int15 - ok
22:13:34.0065 2640 [ 504EAA8A5A61B051AD5B26205FC00E12 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:13:34.0128 2640 IntcAzAudAddService - ok
22:13:34.0175 2640 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
22:13:34.0190 2640 intelide - ok
22:13:34.0221 2640 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:13:34.0268 2640 intelppm - ok
22:13:34.0284 2640 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:13:34.0331 2640 IPBusEnum - ok
22:13:34.0346 2640 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:13:34.0393 2640 IpFilterDriver - ok
22:13:34.0424 2640 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:13:34.0487 2640 iphlpsvc - ok
22:13:34.0487 2640 IpInIp - ok
22:13:34.0502 2640 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:13:34.0549 2640 IPMIDRV - ok
22:13:34.0565 2640 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:13:34.0596 2640 IPNAT - ok
22:13:34.0611 2640 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:13:34.0674 2640 IRENUM - ok
22:13:34.0721 2640 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:13:34.0736 2640 isapnp - ok
22:13:34.0939 2640 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:13:34.0955 2640 iScsiPrt - ok
22:13:34.0970 2640 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:13:34.0986 2640 iteatapi - ok
22:13:35.0017 2640 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:13:35.0033 2640 iteraid - ok
22:13:35.0064 2640 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:13:35.0079 2640 kbdclass - ok
22:13:35.0095 2640 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:13:35.0126 2640 kbdhid - ok
22:13:35.0204 2640 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
22:13:35.0251 2640 KeyIso - ok
22:13:35.0267 2640 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:13:35.0298 2640 KSecDD - ok
22:13:35.0313 2640 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:13:35.0360 2640 ksthunk - ok
22:13:35.0454 2640 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
22:13:35.0501 2640 KtmRm - ok
22:13:35.0547 2640 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:13:35.0625 2640 LanmanServer - ok
22:13:35.0703 2640 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:13:35.0766 2640 LanmanWorkstation - ok
22:13:35.0781 2640 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:13:35.0844 2640 lltdio - ok
22:13:35.0984 2640 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:13:36.0015 2640 lltdsvc - ok
22:13:36.0047 2640 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:13:36.0093 2640 lmhosts - ok
22:13:36.0140 2640 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:13:36.0156 2640 LSI_FC - ok
22:13:36.0171 2640 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:13:36.0187 2640 LSI_SAS - ok
22:13:36.0249 2640 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:13:36.0265 2640 LSI_SCSI - ok
22:13:36.0296 2640 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
22:13:36.0343 2640 luafv - ok
22:13:36.0359 2640 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:13:36.0374 2640 Mcx2Svc - ok
22:13:36.0421 2640 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
22:13:36.0437 2640 megasas - ok
22:13:36.0483 2640 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:13:36.0515 2640 MegaSR - ok
22:13:36.0561 2640 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
22:13:36.0624 2640 MMCSS - ok
22:13:36.0639 2640 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
22:13:36.0717 2640 Modem - ok
22:13:36.0733 2640 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:13:36.0780 2640 monitor - ok
22:13:36.0811 2640 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:13:36.0827 2640 mouclass - ok
22:13:36.0842 2640 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:13:36.0889 2640 mouhid - ok
22:13:36.0936 2640 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:13:36.0951 2640 MountMgr - ok
22:13:37.0029 2640 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:13:37.0045 2640 MozillaMaintenance - ok
22:13:37.0076 2640 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
22:13:37.0092 2640 mpio - ok
22:13:37.0107 2640 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:13:37.0170 2640 mpsdrv - ok
22:13:37.0201 2640 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
22:13:37.0263 2640 MpsSvc - ok
22:13:37.0279 2640 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:13:37.0295 2640 Mraid35x - ok
22:13:37.0326 2640 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:13:37.0357 2640 MRxDAV - ok
22:13:37.0388 2640 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:13:37.0435 2640 mrxsmb - ok
22:13:37.0451 2640 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:13:37.0482 2640 mrxsmb10 - ok
22:13:37.0497 2640 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:13:37.0513 2640 mrxsmb20 - ok
22:13:37.0560 2640 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
22:13:37.0575 2640 msahci - ok
22:13:37.0607 2640 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:13:37.0622 2640 msdsm - ok
22:13:37.0653 2640 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
22:13:37.0700 2640 MSDTC - ok
22:13:37.0778 2640 [ DF674BA7DA5A4753D839A905B66D2FD9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
22:13:37.0825 2640 MSDV - ok
22:13:37.0856 2640 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:13:37.0934 2640 Msfs - ok
22:13:37.0950 2640 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:13:37.0965 2640 msisadrv - ok
22:13:38.0028 2640 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:13:38.0059 2640 MSiSCSI - ok
22:13:38.0059 2640 msiserver - ok
22:13:38.0121 2640 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:13:38.0168 2640 MSKSSRV - ok
22:13:38.0199 2640 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:13:38.0246 2640 MSPCLOCK - ok
22:13:38.0262 2640 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:13:38.0324 2640 MSPQM - ok
22:13:38.0355 2640 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:13:38.0387 2640 MsRPC - ok
22:13:38.0402 2640 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:13:38.0402 2640 mssmbios - ok
22:13:38.0433 2640 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:13:38.0480 2640 MSTEE - ok
22:13:38.0496 2640 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
22:13:38.0511 2640 Mup - ok
22:13:38.0589 2640 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
22:13:38.0652 2640 napagent - ok
22:13:38.0699 2640 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:13:38.0714 2640 NativeWifiP - ok
22:13:38.0808 2640 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:13:38.0839 2640 NDIS - ok
22:13:38.0870 2640 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:13:38.0917 2640 NdisTapi - ok
22:13:39.0011 2640 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:13:39.0073 2640 Ndisuio - ok
22:13:39.0104 2640 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:13:39.0135 2640 NdisWan - ok
22:13:39.0151 2640 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:13:39.0198 2640 NDProxy - ok
22:13:39.0338 2640 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
22:13:39.0479 2640 Nero BackItUp Scheduler 3 - ok
22:13:39.0525 2640 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:13:39.0588 2640 NetBIOS - ok
22:13:39.0603 2640 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:13:39.0635 2640 netbt - ok
22:13:39.0650 2640 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
22:13:39.0666 2640 Netlogon - ok
22:13:39.0697 2640 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
22:13:39.0759 2640 Netman - ok
22:13:39.0775 2640 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
22:13:39.0822 2640 netprofm - ok
22:13:39.0837 2640 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:13:40.0212 2640 NetTcpPortSharing - ok
22:13:40.0274 2640 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:13:40.0321 2640 nfrd960 - ok
22:13:40.0524 2640 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
22:13:40.0571 2640 NlaSvc - ok
22:13:40.0649 2640 [ CD4326BC339F98DE21AA07B208A305AE ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
22:13:40.0695 2640 NMIndexingService - ok
22:13:40.0742 2640 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:13:40.0789 2640 Npfs - ok
22:13:40.0820 2640 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
22:13:40.0914 2640 nsi - ok
22:13:40.0945 2640 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:13:41.0007 2640 nsiproxy - ok
22:13:41.0054 2640 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:13:41.0117 2640 Ntfs - ok
22:13:41.0148 2640 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
22:13:41.0226 2640 Null - ok
22:13:41.0288 2640 [ AE17AAE41FC47ADA0B989D1FA6FBA60B ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
22:13:41.0366 2640 NVENETFD - ok
22:13:41.0850 2640 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:13:42.0708 2640 nvlddmkm - ok
22:13:42.0739 2640 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:13:42.0755 2640 nvraid - ok
22:13:42.0786 2640 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:13:42.0817 2640 nvstor - ok
22:13:42.0879 2640 [ D1F5DCF8D5A55C0FBBFB49C0ED1F2F5D ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
22:13:42.0879 2640 nvstor64 - ok
22:13:42.0926 2640 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
22:13:42.0957 2640 nvsvc - ok
22:13:43.0020 2640 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:13:43.0098 2640 nvUpdatusService - ok
22:13:43.0145 2640 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:13:43.0160 2640 nv_agp - ok
22:13:43.0176 2640 NwlnkFlt - ok
22:13:43.0176 2640 NwlnkFwd - ok
22:13:43.0223 2640 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:13:43.0254 2640 ohci1394 - ok
22:13:43.0316 2640 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:13:43.0332 2640 ose - ok
22:13:43.0566 2640 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:13:43.0722 2640 osppsvc - ok
22:13:43.0769 2640 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:13:43.0893 2640 p2pimsvc - ok
22:13:43.0925 2640 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
22:13:43.0940 2640 p2psvc - ok
22:13:44.0003 2640 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
22:13:44.0065 2640 Parport - ok
22:13:44.0096 2640 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:13:44.0112 2640 partmgr - ok
22:13:44.0127 2640 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
22:13:44.0205 2640 PcaSvc - ok
22:13:44.0252 2640 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
22:13:44.0268 2640 pci - ok
22:13:44.0361 2640 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
22:13:44.0377 2640 pciide - ok
22:13:44.0393 2640 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:13:44.0408 2640 pcmcia - ok
22:13:44.0471 2640 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:13:44.0783 2640 PEAUTH - ok
22:13:44.0907 2640 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:13:44.0985 2640 PerfHost - ok
22:13:45.0048 2640 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
22:13:45.0126 2640 pla - ok
22:13:45.0157 2640 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
22:13:45.0188 2640 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
22:13:45.0188 2640 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
22:13:45.0251 2640 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:13:45.0282 2640 PlugPlay - ok
22:13:45.0313 2640 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:13:45.0344 2640 PNRPAutoReg - ok
22:13:45.0391 2640 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:13:45.0438 2640 PNRPsvc - ok
22:13:45.0563 2640 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:13:45.0594 2640 PolicyAgent - ok
22:13:45.0625 2640 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:13:45.0656 2640 PptpMiniport - ok
22:13:45.0703 2640 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
22:13:45.0750 2640 Processor - ok
22:13:45.0781 2640 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
22:13:45.0828 2640 ProfSvc - ok
22:13:45.0859 2640 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
22:13:45.0906 2640 ProtectedStorage - ok
22:13:45.0999 2640 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:13:46.0031 2640 PSched - ok
22:13:46.0062 2640 [ A6BF0A9B5A30D743623CA0D3BE35DF05 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:13:46.0077 2640 PxHlpa64 - ok
22:13:46.0124 2640 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:13:46.0187 2640 ql2300 - ok
22:13:46.0202 2640 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:13:46.0218 2640 ql40xx - ok
22:13:46.0249 2640 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
22:13:46.0280 2640 QWAVE - ok
22:13:46.0327 2640 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:13:46.0343 2640 QWAVEdrv - ok
22:13:46.0374 2640 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:13:46.0421 2640 RasAcd - ok
22:13:46.0436 2640 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
22:13:46.0483 2640 RasAuto - ok
22:13:46.0499 2640 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:13:46.0530 2640 Rasl2tp - ok
22:13:46.0545 2640 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
22:13:46.0577 2640 RasMan - ok
22:13:46.0623 2640 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:13:46.0670 2640 RasPppoe - ok
22:13:46.0701 2640 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:13:46.0733 2640 RasSstp - ok
22:13:46.0779 2640 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:13:46.0811 2640 rdbss - ok
22:13:46.0826 2640 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:13:46.0857 2640 RDPCDD - ok
22:13:46.0889 2640 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
22:13:46.0935 2640 rdpdr - ok
22:13:46.0951 2640 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:13:46.0982 2640 RDPENCDD - ok
22:13:47.0029 2640 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:13:47.0107 2640 RDPWD - ok
22:13:47.0138 2640 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:13:47.0185 2640 RemoteAccess - ok
22:13:47.0216 2640 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:13:47.0263 2640 RemoteRegistry - ok
22:13:47.0294 2640 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
22:13:47.0372 2640 RpcLocator - ok
22:13:47.0419 2640 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
22:13:47.0466 2640 RpcSs - ok
22:13:47.0497 2640 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:13:47.0528 2640 rspndr - ok
22:13:47.0544 2640 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
22:13:47.0559 2640 SamSs - ok
22:13:47.0575 2640 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:13:47.0591 2640 sbp2port - ok
22:13:47.0622 2640 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:13:47.0653 2640 SCardSvr - ok
22:13:47.0700 2640 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
22:13:47.0825 2640 Schedule - ok
22:13:47.0856 2640 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:13:47.0871 2640 SCPolicySvc - ok
22:13:47.0903 2640 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:13:48.0027 2640 SDRSVC - ok
22:13:48.0043 2640 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:13:48.0090 2640 secdrv - ok
22:13:48.0105 2640 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
22:13:48.0152 2640 seclogon - ok
22:13:48.0183 2640 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
22:13:48.0230 2640 SENS - ok
22:13:48.0261 2640 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
22:13:48.0339 2640 Serenum - ok
22:13:48.0371 2640 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
22:13:48.0433 2640 Serial - ok
22:13:48.0464 2640 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:13:48.0527 2640 sermouse - ok
22:13:48.0558 2640 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
22:13:48.0589 2640 SessionEnv - ok
22:13:48.0620 2640 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:13:48.0683 2640 sffdisk - ok
22:13:48.0683 2640 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:13:48.0729 2640 sffp_mmc - ok
22:13:48.0745 2640 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:13:48.0823 2640 sffp_sd - ok
22:13:48.0839 2640 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:13:48.0885 2640 sfloppy - ok
22:13:48.0932 2640 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:13:48.0995 2640 SharedAccess - ok
22:13:49.0041 2640 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:13:49.0135 2640 ShellHWDetection - ok
22:13:49.0166 2640 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:13:49.0182 2640 SiSRaid2 - ok
22:13:49.0213 2640 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:13:49.0229 2640 SiSRaid4 - ok
22:13:49.0338 2640 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:13:49.0353 2640 SkypeUpdate - ok
22:13:49.0400 2640 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
22:13:49.0525 2640 slsvc - ok
22:13:49.0572 2640 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:13:49.0603 2640 SLUINotify - ok
22:13:49.0619 2640 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:13:49.0665 2640 Smb - ok
22:13:49.0712 2640 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:13:49.0743 2640 SNMPTRAP - ok
22:13:49.0821 2640 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
22:13:49.0837 2640 spldr - ok
22:13:50.0087 2640 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
22:13:50.0165 2640 Spooler - ok
22:13:50.0243 2640 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
22:13:50.0336 2640 srv - ok
22:13:50.0352 2640 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:13:50.0399 2640 srv2 - ok
22:13:50.0445 2640 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:13:50.0492 2640 srvnet - ok
22:13:50.0523 2640 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:13:50.0570 2640 SSDPSRV - ok
22:13:50.0601 2640 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:13:50.0633 2640 SstpSvc - ok
22:13:50.0664 2640 [ F5CB1651A046370739995015122C0B7E ] ss_bus C:\Windows\system32\DRIVERS\ss_bus.sys
22:13:50.0679 2640 ss_bus - ok
22:13:50.0711 2640 [ 7E08AE04093BCE4AC93EA179B58526F9 ] ss_mdfl C:\Windows\system32\DRIVERS\ss_mdfl.sys
22:13:50.0711 2640 ss_mdfl - ok
22:13:50.0742 2640 [ 052BF246422B007D3B827ED2A306C859 ] ss_mdm C:\Windows\system32\DRIVERS\ss_mdm.sys
22:13:50.0757 2640 ss_mdm - ok
22:13:50.0804 2640 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:13:50.0835 2640 Stereo Service - ok
22:13:50.0867 2640 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
22:13:50.0898 2640 stisvc - ok
22:13:50.0929 2640 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:13:50.0929 2640 swenum - ok
22:13:50.0976 2640 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
22:13:51.0038 2640 swprv - ok
22:13:51.0054 2640 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:13:51.0069 2640 Symc8xx - ok
22:13:51.0085 2640 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:13:51.0101 2640 Sym_hi - ok
22:13:51.0101 2640 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:13:51.0116 2640 Sym_u3 - ok
22:13:51.0163 2640 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
22:13:51.0257 2640 SysMain - ok
22:13:51.0303 2640 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:13:51.0366 2640 TabletInputService - ok
22:13:51.0397 2640 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:13:51.0444 2640 TapiSrv - ok
22:13:51.0491 2640 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
22:13:51.0522 2640 TBS - ok
22:13:51.0569 2640 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:13:51.0631 2640 Tcpip - ok
22:13:51.0725 2640 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:13:51.0787 2640 Tcpip6 - ok
22:13:51.0834 2640 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:13:51.0881 2640 tcpipreg - ok
22:13:51.0912 2640 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:13:51.0959 2640 TDPIPE - ok
22:13:51.0974 2640 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:13:52.0021 2640 TDTCP - ok
22:13:52.0052 2640 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:13:52.0099 2640 tdx - ok
22:13:52.0146 2640 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:13:52.0161 2640 TermDD - ok
22:13:52.0224 2640 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
22:13:52.0271 2640 TermService - ok
22:13:52.0286 2640 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
22:13:52.0302 2640 Themes - ok
22:13:52.0333 2640 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
22:13:52.0364 2640 THREADORDER - ok
22:13:52.0395 2640 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
22:13:52.0442 2640 TrkWks - ok
22:13:52.0473 2640 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:13:52.0536 2640 TrustedInstaller - ok
22:13:52.0567 2640 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:13:52.0629 2640 tssecsrv - ok
22:13:52.0676 2640 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:13:52.0754 2640 tunmp - ok
22:13:52.0785 2640 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:13:52.0863 2640 tunnel - ok
22:13:52.0879 2640 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:13:52.0895 2640 uagp35 - ok
22:13:52.0957 2640 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:13:53.0019 2640 udfs - ok
22:13:53.0051 2640 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:13:53.0082 2640 UI0Detect - ok
22:13:53.0113 2640 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:13:53.0129 2640 uliagpkx - ok
22:13:53.0191 2640 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:13:53.0222 2640 uliahci - ok
22:13:53.0253 2640 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:13:53.0285 2640 UlSata - ok
22:13:53.0300 2640 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:13:53.0316 2640 ulsata2 - ok
22:13:53.0347 2640 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:13:53.0378 2640 umbus - ok
22:13:53.0394 2640 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
22:13:53.0456 2640 upnphost - ok
22:13:53.0534 2640 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:13:53.0581 2640 usbaudio - ok
22:13:53.0628 2640 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:13:53.0659 2640 usbccgp - ok
22:13:53.0690 2640 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:13:53.0768 2640 usbcir - ok
22:13:53.0846 2640 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:13:53.0924 2640 usbehci - ok
22:13:53.0971 2640 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:13:54.0049 2640 usbhub - ok
22:13:54.0080 2640 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:13:54.0096 2640 usbohci - ok
22:13:54.0127 2640 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:13:54.0158 2640 usbprint - ok
22:13:54.0174 2640 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:13:54.0236 2640 USBSTOR - ok
22:13:54.0252 2640 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:13:54.0283 2640 usbuhci - ok
22:13:54.0314 2640 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
22:13:54.0330 2640 UxSms - ok
22:13:54.0361 2640 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
22:13:54.0392 2640 vds - ok
22:13:54.0423 2640 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:13:54.0486 2640 vga - ok
22:13:54.0501 2640 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:13:54.0533 2640 VgaSave - ok
22:13:54.0548 2640 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
22:13:54.0564 2640 viaide - ok
22:13:54.0595 2640 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:13:54.0611 2640 volmgr - ok
22:13:54.0626 2640 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:13:54.0657 2640 volmgrx - ok
22:13:54.0720 2640 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:13:54.0798 2640 volsnap - ok
22:13:54.0829 2640 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:13:54.0845 2640 vsmraid - ok
22:13:54.0938 2640 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
22:13:55.0125 2640 VSS - ok
22:13:55.0235 2640 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
22:13:55.0375 2640 vToolbarUpdater14.2.0 - ok
22:13:55.0422 2640 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
22:13:55.0531 2640 W32Time - ok
22:13:55.0547 2640 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:13:55.0609 2640 WacomPen - ok
22:13:55.0640 2640 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:13:55.0687 2640 Wanarp - ok
22:13:55.0687 2640 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:13:55.0703 2640 Wanarpv6 - ok
22:13:55.0749 2640 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:13:55.0827 2640 wcncsvc - ok
22:13:55.0843 2640 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:13:55.0874 2640 WcsPlugInService - ok
22:13:55.0874 2640 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
22:13:55.0890 2640 Wd - ok
22:13:55.0999 2640 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:13:56.0171 2640 Wdf01000 - ok
22:13:56.0233 2640 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:13:56.0280 2640 WdiServiceHost - ok
22:13:56.0295 2640 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:13:56.0327 2640 WdiSystemHost - ok
22:13:56.0358 2640 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
22:13:56.0436 2640 WebClient - ok
22:13:56.0529 2640 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:13:56.0592 2640 Wecsvc - ok
22:13:56.0592 2640 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:13:56.0623 2640 wercplsupport - ok
22:13:56.0639 2640 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
22:13:56.0685 2640 WerSvc - ok
22:13:56.0717 2640 WinDefend - ok
22:13:56.0732 2640 WinHttpAutoProxySvc - ok
22:13:56.0779 2640 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:13:56.0888 2640 Winmgmt - ok
22:13:56.0982 2640 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
22:13:57.0107 2640 WinRM - ok
22:13:57.0185 2640 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:13:57.0309 2640 Wlansvc - ok
22:13:57.0497 2640 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:13:57.0575 2640 wlidsvc - ok
22:13:57.0606 2640 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:13:57.0653 2640 WmiAcpi - ok
22:13:57.0731 2640 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:13:57.0762 2640 wmiApSrv - ok
22:13:57.0793 2640 WMPNetworkSvc - ok
22:13:57.0871 2640 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:13:57.0980 2640 WPCSvc - ok
22:13:58.0043 2640 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:13:58.0074 2640 WPDBusEnum - ok
22:13:58.0105 2640 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
22:13:58.0245 2640 WpdUsb - ok
22:13:58.0682 2640 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:13:58.0745 2640 WPFFontCache_v0400 - ok
22:13:58.0791 2640 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:13:58.0854 2640 ws2ifsl - ok
22:13:58.0916 2640 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
22:13:58.0932 2640 wscsvc - ok
22:13:58.0932 2640 WSearch - ok
22:13:59.0010 2640 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:13:59.0103 2640 wuauserv - ok
22:13:59.0135 2640 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:13:59.0244 2640 WudfPf - ok
22:13:59.0259 2640 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:13:59.0291 2640 WUDFRd - ok
22:13:59.0322 2640 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:13:59.0369 2640 wudfsvc - ok
22:13:59.0369 2640 ================ Scan global ===============================
22:13:59.0400 2640 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
22:13:59.0478 2640 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
22:13:59.0509 2640 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
22:13:59.0540 2640 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
22:13:59.0540 2640 [Global] - ok
22:13:59.0540 2640 ================ Scan MBR ==================================
22:13:59.0556 2640 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:13:59.0852 2640 \Device\Harddisk0\DR0 - ok
22:13:59.0852 2640 ================ Scan VBR ==================================
22:13:59.0852 2640 [ 1F80C5809282401AF3A76F84EF9E91C9 ] \Device\Harddisk0\DR0\Partition1
22:13:59.0868 2640 \Device\Harddisk0\DR0\Partition1 - ok
22:13:59.0868 2640 ============================================================
22:13:59.0868 2640 Scan finished
22:13:59.0868 2640 ============================================================
22:13:59.0883 4888 Detected object count: 3
22:13:59.0883 4888 Actual detected object count: 3
22:14:38.0447 4888 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
22:14:38.0447 4888 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:14:38.0447 4888 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:14:38.0447 4888 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:14:38.0447 4888 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:14:38.0447 4888 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 04.03.2013, 22:22   #8
markusg
/// Malware-holic
 
Link in GMX-Mail angeklickt - Folgen??? - Standard

Link in GMX-Mail angeklickt - Folgen???



passt
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.03.2013, 22:27   #9
fitzceraldo
 
Link in GMX-Mail angeklickt - Folgen??? - Standard

Link in GMX-Mail angeklickt - Folgen???



Speichere Combofix auf deinem Desktop.

Wenn ich etwas downloade liegt das automatisch unter Downloads, von wo ich es per Doppelklick öffnen kann. Muss das auf den Desktop gespeichert werden? Weiß nämlich nicht, wie das geht. Sag ja... Anwender-Dummie *schäm

Alt 04.03.2013, 22:28   #10
markusg
/// Malware-holic
 
Link in GMX-Mail angeklickt - Folgen??? - Standard

Link in GMX-Mail angeklickt - Folgen???



markieren, rechtsklick, ausschneiden, rechtsklick auf destkop, einfügen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.03.2013, 22:40   #11
fitzceraldo
 
Link in GMX-Mail angeklickt - Folgen??? - Standard

Link in GMX-Mail angeklickt - Folgen???



Danke. Liegt nun auf dem Desktop. Und wie poste ich in CODE-Tags?

Nein, ich stell mich nicht dumm, ich bin so unwissend!

Habe aber gerade gegoogelt. Das sind diese eckigen Klammern oder?

Nur ganz kurz (da von meinem Arbeitsplatz) eine Rückmeldung:

Habe Combofix gestern durchlaufen lassen nach Anleitung. Danach wurde der Computer neugestartet. Das Hochfahren dauerte sehr lange und zwischendurch steht längere Zeit ein ganz schwarzer Bildschirm, aber irgendwann geht es dann weiter.

Es kamen Meldungen, dass zu Windows-Diensten keine Rückmeldung möglich ist, außerdem irgendeine Meldung rund um Netzwerkzugehörigkeit.

Ich wollte dir dann die Logdatei hier posten, aber musste dann feststellen, dass der PC keine Internetverbindung mehr hinbekommt. Auch nach zweifachem Neustart änderte sich nichts daran.

Ich versuche heute abend mal, ob ich mit dem Laptop meines Kindes Verbindung bekommen kann, damit ich dir die Daten hier posten kann.

Bin schon völlig verzweifelt, da ich nicht weiß, ob ich den Internetanschluss selber wieder hinbekomme.

Hmm, weiss jetzt nicht, warum meine letzte Meldung von gestern abend und meine Nachricht aus dem Büro in einem Posting gelandet sind.

Also, mit dem Laptop meines Kindes komme ich noch ins Internet, wie man sieht. Irgendeine Einstellung scheint das letzte Programm geändert/gelöscht zu haben, dass es von meinem PC aus nicht mehr geht.

Die Fehlermeldungen dort waren:
Es kann keine Verbindung zu einem Windowsdienst (Benachrichtigungsdienst fr Systemereignisse) hergestellt werden.

Außerdem:
Verbindungsstatus: unbekannt
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.

Und die Fritzzbox-Fehlerdiagnose sagt: Fehler beim Initialisieren der Windows-Sockets.

Und mir sagt das alles rein gar nix

Wie krieg ich das nun wieder ans Laufen? Was kann da passiert sein?

Und noch eine Frage: Wenn ich jetzt z.B. die Logdatei per Stick auf diesen Laptop hole, um sie von hier zu senden, kann ich diesen Laptop auf dem Weg mit etwas infizieren?

Und kann ich von diesem Laptop gefahrlos auf mein Postfach zugreifen oder könnte ich damit etwas einschleppen?

Warum erscheint das jetzt alles als ein Posting und nicht als neue Beiträge? Hilfe...

Alt 05.03.2013, 19:46   #12
markusg
/// Malware-holic
 
Link in GMX-Mail angeklickt - Folgen??? - Standard

Link in GMX-Mail angeklickt - Folgen???



hi
autorun aus:
http://www.trojaner-board.de/83238-a...sschalten.html
dann kannst du es kopieren.
bitte mal anleitung zum netzwerk verbindung reparieren lesen:
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
evtl. treiber neu instalieren.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.03.2013, 21:55   #13
fitzceraldo
 
Link in GMX-Mail angeklickt - Folgen??? - Standard

Link in GMX-Mail angeklickt - Folgen???



Internet kann ich nach der Anleitung nicht reparieren. Bei mir gibt es da zwar irgendwo einen Diagose und Reparaturpunkt (nur reparieren finde ich nicht), aber damit funktioniert es nicht.

Autorun habe ich rausgenommen und die Datei per Stick rübergeholt. Hier ist sie (hoffe, ich habe das mit den code-tags richtig hinbekommen):

Code:
ATTFilter
ComboFix 13-03-04.01 - ***04.03.2013  22:51:22.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4093.2688 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\98\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\ME\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\VISTAXP2K\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\VISTAXP2K\amd64\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\VISTAXP2K\x86\_desktop.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-04 bis 2013-03-04  ))))))))))))))))))))))))))))))
.
.
2013-03-04 22:02 . 2013-03-04 22:02	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-04 22:02 . 2013-03-04 22:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-04 20:38 . 2013-03-04 20:38	--------	d-----w-	C:\_OTL
2013-03-03 17:56 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-03-03 17:56 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2013-03-03 17:55 . 2012-02-29 14:06	1556480	----a-w-	c:\windows\system32\DWrite.dll
2013-03-03 17:55 . 2012-02-29 13:41	1069056	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-03-03 17:55 . 2012-03-01 15:39	327680	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-03-03 17:55 . 2012-03-01 15:39	196096	----a-w-	c:\windows\system32\d3d10_1.dll
2013-03-03 17:55 . 2012-03-01 14:46	219648	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-03-03 17:55 . 2012-03-01 14:46	160768	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2013-03-03 17:55 . 2012-02-29 14:40	2002944	----a-w-	c:\windows\system32\d3d10warp.dll
2013-03-03 17:55 . 2012-02-29 14:09	834048	----a-w-	c:\windows\system32\d2d1.dll
2013-03-03 17:55 . 2012-02-29 14:08	1172480	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-03-03 17:55 . 2012-02-29 13:44	683008	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-03-03 17:55 . 2011-03-12 22:52	1653760	----a-w-	c:\windows\system32\XpsPrint.dll
2013-03-03 17:55 . 2011-03-12 21:55	876032	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-03-02 21:30 . 2013-03-02 21:30	--------	d-----w-	c:\program files\Windows Portable Devices
2013-03-02 21:30 . 2013-03-02 21:30	--------	d-----w-	c:\program files (x86)\Windows Portable Devices
2013-03-02 21:29 . 2013-03-02 21:29	--------	d-----w-	c:\windows\SysWow64\spool
2013-03-02 20:40 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-03-02 20:40 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-03-02 20:40 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2013-03-02 20:40 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2013-03-02 20:40 . 2009-07-14 12:19	20480	----a-w-	c:\windows\system32\winusb.dll
2013-03-02 20:40 . 2009-07-14 12:12	16896	----a-w-	c:\windows\SysWow64\winusb.dll
2013-03-02 20:40 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-03-02 20:40 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-03-02 20:40 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2013-03-02 20:40 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2013-03-02 20:40 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2013-03-02 20:40 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2013-03-02 20:40 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2013-03-02 20:31 . 2013-03-02 20:31	979456	----a-w-	c:\windows\SysWow64\MFH264Dec.dll
2013-03-02 20:29 . 2013-03-02 20:29	3584	----a-w-	c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui
2013-03-02 20:04 . 2009-09-10 02:05	103424	----a-w-	c:\windows\system32\UIAnimation.dll
2013-03-02 20:04 . 2009-09-10 02:00	92672	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-03-02 20:04 . 2009-09-10 02:07	3815424	----a-w-	c:\windows\system32\UIRibbon.dll
2013-03-02 20:04 . 2009-09-10 02:06	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2013-03-02 20:04 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\SysWow64\UIRibbon.dll
2013-03-02 20:04 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\SysWow64\UIRibbonRes.dll
2013-03-02 20:04 . 2012-02-29 15:37	5632	----a-w-	c:\windows\system32\wmi.dll
2013-03-02 20:04 . 2012-02-29 15:35	78848	----a-w-	c:\windows\system32\imagehlp.dll
2013-03-02 20:04 . 2012-02-29 15:11	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2013-03-02 20:04 . 2012-02-29 15:09	157696	----a-w-	c:\windows\SysWow64\imagehlp.dll
2013-03-02 20:04 . 2012-02-29 13:52	16384	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2013-03-02 19:48 . 2012-12-16 13:31	48128	----a-w-	c:\windows\system32\atmlib.dll
2013-03-02 19:48 . 2012-12-16 13:12	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2013-03-02 19:48 . 2012-12-16 11:08	368128	----a-w-	c:\windows\system32\atmfd.dll
2013-03-02 19:48 . 2012-12-16 10:50	293376	----a-w-	c:\windows\SysWow64\atmfd.dll
2013-03-02 19:42 . 2011-08-25 16:20	735744	----a-w-	c:\windows\system32\UIAutomationCore.dll
2013-03-02 19:42 . 2011-08-25 16:19	332288	----a-w-	c:\windows\system32\oleacc.dll
2013-03-02 19:42 . 2011-08-25 16:15	555520	----a-w-	c:\windows\SysWow64\UIAutomationCore.dll
2013-03-02 19:42 . 2011-08-25 16:14	238080	----a-w-	c:\windows\SysWow64\oleacc.dll
2013-03-02 19:42 . 2011-08-25 13:54	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2013-03-02 19:42 . 2011-08-25 13:31	4096	----a-w-	c:\windows\SysWow64\oleaccrc.dll
2013-03-02 19:42 . 2011-08-25 16:19	847360	----a-w-	c:\windows\system32\oleaut32.dll
2013-03-02 19:42 . 2011-08-25 16:14	563712	----a-w-	c:\windows\SysWow64\oleaut32.dll
2013-03-02 19:42 . 2011-02-22 14:47	479744	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-03-02 19:42 . 2011-02-22 14:13	288768	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-02 19:42 . 2011-02-22 13:53	1149440	----a-w-	c:\windows\system32\FntCache.dll
2013-03-02 19:40 . 2012-06-05 16:47	708608	----a-w-	c:\program files (x86)\Common Files\System\ado\msado15.dll
2013-03-02 19:40 . 2012-06-05 16:22	974848	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2013-03-02 19:39 . 2011-10-25 16:13	352256	----a-w-	c:\windows\system32\qdvd.dll
2013-03-02 19:39 . 2011-10-25 15:58	497152	----a-w-	c:\windows\SysWow64\qdvd.dll
2013-03-02 19:39 . 2012-06-08 17:59	12899840	----a-w-	c:\windows\system32\shell32.dll
2013-03-02 19:39 . 2012-05-11 16:34	788480	----a-w-	c:\windows\system32\localspl.dll
2013-03-02 19:39 . 2012-05-11 15:57	623616	----a-w-	c:\windows\SysWow64\localspl.dll
2013-03-02 19:37 . 2011-07-29 16:08	375808	----a-w-	c:\windows\system32\psisdecd.dll
2013-03-02 19:35 . 2013-01-04 01:59	2773504	----a-w-	c:\windows\system32\win32k.sys
2013-03-02 19:25 . 2012-11-02 10:45	477696	----a-w-	c:\windows\system32\dpnet.dll
2013-03-02 19:25 . 2012-11-02 10:45	68096	----a-w-	c:\windows\system32\dpnathlp.dll
2013-03-02 19:25 . 2012-11-02 10:18	376320	----a-w-	c:\windows\SysWow64\dpnet.dll
2013-03-02 19:25 . 2012-11-02 08:59	26112	----a-w-	c:\windows\system32\dpnsvr.exe
2013-03-02 19:25 . 2012-11-02 08:26	23040	----a-w-	c:\windows\SysWow64\dpnsvr.exe
2013-03-02 19:25 . 2011-11-18 18:07	76800	----a-w-	c:\windows\system32\packager.dll
2013-03-02 19:25 . 2011-11-18 17:47	66560	----a-w-	c:\windows\SysWow64\packager.dll
2013-02-22 12:13 . 2013-02-22 12:13	--------	d-----w-	c:\program files (x86)\SaalDesignSoftware
2013-02-18 13:27 . 2013-02-18 13:28	--------	d-----w-	c:\windows\SysWow64\ca-ES
2013-02-18 13:27 . 2013-02-18 13:28	--------	d-----w-	c:\windows\SysWow64\vi-VN
2013-02-18 13:27 . 2013-02-18 13:28	--------	d-----w-	c:\windows\SysWow64\eu-ES
2013-02-18 13:27 . 2013-02-18 13:28	--------	d-----w-	c:\windows\system32\ca-ES
2013-02-18 13:27 . 2013-02-18 13:28	--------	d-----w-	c:\windows\system32\eu-ES
2013-02-18 13:27 . 2013-02-18 13:28	--------	d-----w-	c:\windows\system32\vi-VN
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-20 19:36 . 2012-05-28 20:17	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-20 19:36 . 2012-02-14 21:13	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-19 15:57 . 2012-09-04 15:59	39768	----a-w-	c:\windows\system32\drivers\avgtpx64.sys
2013-02-17 15:13 . 2006-11-02 12:35	70004024	----a-w-	c:\windows\system32\mrt.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-19 15:57	1929392	----a-w-	c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-19 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-24 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-19 1151152]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\users\***\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe [2012-10-28 80896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-24 12:06	1629648	----a-w-	c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 15:10]
.
2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 15:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-24 6242816]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"FujiKeyboard"="c:\acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe" [2008-09-18 79416]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_x4614_ge
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_x4614_ge
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\36xofyxm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-Tales of Monkey Island - i:\monkey island\Tales of Monkey Island\UNINSTALL_MonkeyIsland100.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe
c:\windows\system32\HidService.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
c:\acer\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe
c:\windows\SysWOW64\conime.exe
c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-04  23:14:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-04 22:14
.
Vor Suchlauf: 8 Verzeichnis(se), 133.434.798.080 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 134.182.576.128 Bytes frei
.
- - End Of File - - 01ADC9DD7418571055A04737788763D6
         
Tut mir leid, dass es so lange dauert und mit mir so umständlich ist, aber ich habe echt keine Ahnung von dem, was ich hier machen muss.

Alt 06.03.2013, 17:47   #14
markusg
/// Malware-holic
 
Link in GMX-Mail angeklickt - Folgen??? - Standard

Link in GMX-Mail angeklickt - Folgen???



Hi
hast du mal versucht über einen anderen pc die Treiber für dein gerät zu laden und neu zu instalieren?
gerätebezeichnung steht entweder auf dem gerät selbst oder im kaufvertrag
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.03.2013, 08:01   #15
fitzceraldo
 
Link in GMX-Mail angeklickt - Folgen??? - Standard

Link in GMX-Mail angeklickt - Folgen???



Ich werde es heute Abend versuchen.

Antwort

Themen zu Link in GMX-Mail angeklickt - Folgen???
absender, anderen, anti, avg, daten, eingefangen, email, ergebnisse, folge, free, gen, geschlossen, gmx, infiziert, klick, link, programme, prüfen, scan, virus, vista, werbeseite, windows, windows vista, wirklich



Ähnliche Themen: Link in GMX-Mail angeklickt - Folgen???


  1. DHL Mail Link angeklickt
    Log-Analyse und Auswertung - 27.05.2015 (18)
  2. DHL-Paketankündigung Mail - versehentlich Link angeklickt
    Plagegeister aller Art und deren Bekämpfung - 10.05.2015 (9)
  3. DHL E-mail geöffnet und link angeklickt
    Log-Analyse und Auswertung - 08.05.2015 (14)
  4. Phishing Mail DHL Link angeklickt
    Log-Analyse und Auswertung - 26.03.2015 (13)
  5. Mail DHL Link angeklickt
    Log-Analyse und Auswertung - 26.03.2015 (9)
  6. DHL Phishing Mail Link angeklickt
    Plagegeister aller Art und deren Bekämpfung - 15.03.2015 (7)
  7. DHL Mail bekommen und den Link angeklickt / geöffnet :(
    Log-Analyse und Auswertung - 05.03.2015 (13)
  8. Amazon Phishing Mail Link angeklickt
    Plagegeister aller Art und deren Bekämpfung - 24.06.2014 (11)
  9. Link in E-mail angeklickt
    Log-Analyse und Auswertung - 15.04.2014 (8)
  10. Link in Pishing Mail angeklickt
    Plagegeister aller Art und deren Bekämpfung - 16.03.2014 (7)
  11. Link in E-Mail angeklickt, infizierte Dateien gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.03.2014 (9)
  12. Spam Mail Link angeklickt
    Log-Analyse und Auswertung - 05.03.2014 (10)
  13. Windows 7: Amazon Phishing-Mail Link angeklickt
    Log-Analyse und Auswertung - 16.02.2014 (11)
  14. Phishing Mail von WoW Link angeklickt!
    Plagegeister aller Art und deren Bekämpfung - 07.07.2013 (4)
  15. Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?
    Plagegeister aller Art und deren Bekämpfung - 10.05.2013 (20)
  16. In Phishing-Mail den Link angeklickt :( Panik
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (34)
  17. Phishing-Mail gelesen ohne Link zu folgen
    Plagegeister aller Art und deren Bekämpfung - 02.02.2013 (22)

Zum Thema Link in GMX-Mail angeklickt - Folgen??? - Tja, nun ist es mir auch passiert... Da kam eine Email über GMX rein, von einer Bekannten, die nur einen Link enthielt. Da mir der Absender bekannt war, war ich - Link in GMX-Mail angeklickt - Folgen???...
Archiv
Du betrachtest: Link in GMX-Mail angeklickt - Folgen??? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.