Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: startfenster.com Windows 8 vcl player download

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.03.2013, 19:29   #1
dejin
 
startfenster.com Windows 8 vcl player download - Standard

startfenster.com Windows 8 vcl player download



Servus zusammen,

bin einer der vielen, die sich dummerweise das startfenster.com Problem zugezogen haben.

Hab mich durch 2 threads hier gelesen und schon mal die Anweisungen aus nem ähnlichen thread befolgt und würd mich sehr freuen, wenn mir jemand helfen könnte/ die Ergebnisse für mich analysieren könnte....

logfile von ADWcleaner
Zitat:
# AdwCleaner v2.113 - Datei am 04/03/2013 um 19:05:21 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : juerg_000 - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\juerg_000\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16384

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.1 (en-US)

Datei : C:\Users\juerg_000\AppData\Roaming\Mozilla\Firefox\Profiles\rnxhzc2u.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [903 octets] - [04/03/2013 19:05:21]

########## EOF - C:\AdwCleaner[S1].txt - [962 octets] ##########
Ergebnis von SecurityCheck:
Zitat:
Results of screen317's Security Check version 0.99.59
x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
McAfee Anti-Virus und Anti-Spyware
Windows Defender
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.70.0.1100
Adobe Flash Player 11.6.602.171
Adobe Reader XI
Mozilla Firefox (19.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
mcafee VIRUSS~1 mcvsshld.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Alt 04.03.2013, 19:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
startfenster.com Windows 8 vcl player download - Standard

startfenster.com Windows 8 vcl player download



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________

__________________

Alt 04.03.2013, 20:21   #3
dejin
 
startfenster.com Windows 8 vcl player download - Standard

startfenster.com Windows 8 vcl player download



Hey cosinus,

vielen Dank dir schonmal!

JRT scan:
Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.7 (03.03.2013:1)
OS: Windows 8 x64
Ran by juerg_000 on 04/03/2013 at 19:53:26.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\juerg_000\AppData\Roaming\mozilla\firefox\profiles\rnxhzc2u.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/03/2013 at 20:00:37.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL log:
Code:
ATTFilter
OTL logfile created on: 04/03/2013 20:05:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\juerg_000\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16420)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.89 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 66.00% Memory free
7.39 Gb Paging File | 5.64 Gb Available in Paging File | 76.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 133.56 Gb Free Space | 71.69% Space Free | Partition Type: NTFS
Drive D: | 258.15 Gb Total Space | 258.03 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive F: | 275.41 Gb Total Space | 53.54 Gb Free Space | 19.44% Space Free | Partition Type: NTFS
Drive G: | 22.66 Gb Total Space | 13.73 Gb Free Space | 60.57% Space Free | Partition Type: FAT32
 
Computer Name: *** | User Name: juerg_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\juerg_000\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (0123871362419113mcinstcleanup) -- C:\Windows\Temp\0123871362419113mcinst.exe (McAfee, Inc.)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS)
SRV - (McAWFwk) -- c:\PROGRA~1\mcafee\msc\mcawfwk.exe (McAfee, Inc.)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\Drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\Drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\Drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\Drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\Drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\Drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\Drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeelamk) -- C:\Windows\SysNative\Drivers\mfeelamk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\Drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\Drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\Drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (ATP) -- C:\Windows\SysNative\Drivers\AsusTP.sys (ASUS Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\Drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\Drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\Drivers\kbfiltr.sys ( )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\Drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\Drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\Drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\Drivers\e1i63x64.sys (Intel Corporation)
DRV:64bit: - (HIDSwitch) -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys (ASUS)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\Drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3435455976-2761992232-2573730619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3435455976-2761992232-2573730619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3435455976-2761992232-2573730619-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3435455976-2761992232-2573730619-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://de-de.facebook.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/04 11:46:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/04 18:50:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/03/04 11:04:36 | 000,000,000 | ---D | M]
 
[2013/03/04 11:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juerg_000\AppData\Roaming\mozilla\Extensions
[2013/03/04 13:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juerg_000\AppData\Roaming\mozilla\Firefox\Profiles\rnxhzc2u.default\extensions
[2013/03/04 13:02:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\juerg_000\AppData\Roaming\mozilla\firefox\profiles\rnxhzc2u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/04 11:46:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/02/27 06:10:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013/02/27 06:09:34 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/27 06:09:34 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.234.128.7 195.234.128.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DF84F21-D7C0-4CAD-B46D-D41FFD5FDD3E}: DhcpNameServer = 195.234.128.7 195.234.128.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8E7A823-7114-4CD8-B198-C7D8D85E3B2B}: DhcpNameServer = 40.53.1.201 40.53.1.203
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/04 19:53:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/03/04 19:52:39 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/04 19:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/03/04 19:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/03/04 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/03/04 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/03/04 18:21:40 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Malwarebytes
[2013/03/04 18:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/04 18:21:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/04 18:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/04 18:20:55 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Programs
[2013/03/04 18:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/03/04 17:01:45 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013/03/04 17:01:45 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2013/03/04 17:01:38 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2013/03/04 17:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2013/03/04 17:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013/03/04 17:01:29 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Winamp
[2013/03/04 17:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013/03/04 16:53:34 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\pixx
[2013/03/04 16:44:27 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\SILVER LININGS DVDRIP EDAW2013
[2013/03/04 16:43:44 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\momentane fav`s
[2013/03/04 16:42:44 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\Word
[2013/03/04 14:19:20 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Macromedia
[2013/03/04 13:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013/03/04 13:38:18 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Paint.NET
[2013/03/04 12:41:25 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\uTorrent
[2013/03/04 12:40:14 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\BitTorrent
[2013/03/04 12:19:49 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Avira
[2013/03/04 12:11:05 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Macromedia
[2013/03/04 12:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/03/04 12:01:25 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/04 12:01:25 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/04 12:01:25 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/03/04 12:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/03/04 12:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/03/04 11:57:55 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\fav programme
[2013/03/04 11:46:48 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Mozilla
[2013/03/04 11:46:48 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Mozilla
[2013/03/04 11:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/03/04 11:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/04 11:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/04 11:29:33 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Documents\ASUS
[2013/03/04 11:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2013/03/04 11:08:08 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\ASUS WebStorage
[2013/03/04 11:07:24 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/03/04 11:07:24 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Searches
[2013/03/04 11:07:24 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Contacts
[2013/03/04 11:07:24 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/03/04 11:06:38 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Adobe
[2013/03/04 11:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderView
[2013/03/04 11:04:29 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\VirtualStore
[2013/03/04 11:04:18 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Packages
[2013/03/04 11:04:15 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\ASUS
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Vorlagen
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\AppData\Local\Verlauf
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\AppData\Local\Temporary Internet Files
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Startmenü
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\SendTo
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Recent
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Netzwerkumgebung
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Lokale Einstellungen
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Documents\Eigene Videos
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Documents\Eigene Musik
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Eigene Dateien
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Documents\Eigene Bilder
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Druckumgebung
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Cookies
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\AppData\Local\Anwendungsdaten
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Anwendungsdaten
[2013/03/04 11:03:58 | 000,000,000 | --SD | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Videos
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Saved Games
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Pictures
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Music
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Links
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Favorites
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Downloads
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Documents
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Desktop
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/03/04 11:03:58 | 000,000,000 | -H-D | C] -- C:\Users\juerg_000\AppData
[2013/03/04 11:03:58 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Temp
[2013/03/04 11:03:58 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Microsoft
[2013/03/04 11:03:58 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/04 19:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/04 19:13:41 | 000,881,935 | ---- | M] () -- C:\Users\juerg_000\Desktop\SecurityCheck(1).exe
[2013/03/04 19:09:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/04 19:08:55 | 000,000,401 | ---- | M] () -- C:\Users\juerg_000\AppData\Roaming\sp_data.sys
[2013/03/04 19:07:35 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/03/04 19:07:32 | 3338,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/04 18:21:29 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/03/04 17:53:56 | 000,281,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/04 16:43:21 | 004,568,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/04 16:43:21 | 000,790,022 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/03/04 16:43:21 | 000,785,550 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013/03/04 16:43:21 | 000,780,976 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/03/04 16:43:21 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/03/04 16:43:21 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/04 16:43:21 | 000,158,586 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013/03/04 16:43:21 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/03/04 16:43:21 | 000,155,084 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/03/04 16:43:21 | 000,152,608 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/03/04 16:43:21 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/04 16:41:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/03/04 12:00:21 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/04 12:00:21 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/04 12:00:21 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/02/15 18:51:48 | 009,808,492 | ---- | M] () -- C:\Users\juerg_000\Desktop\Anlagen Jürgen Haberzett.pdf
[2013/02/03 15:09:00 | 000,009,075 | ---- | M] () -- C:\Users\juerg_000\Desktop\to do or think of (or not anymore;).odt
 
========== Files Created - No Company Name ==========
 
[2013/03/04 19:13:40 | 000,881,935 | ---- | C] () -- C:\Users\juerg_000\Desktop\SecurityCheck(1).exe
[2013/03/04 18:50:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/04 18:21:29 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/03/04 17:53:46 | 000,281,088 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/04 16:57:49 | 000,009,075 | ---- | C] () -- C:\Users\juerg_000\Desktop\to do or think of (or not anymore;).odt
[2013/03/04 16:45:18 | 009,808,492 | ---- | C] () -- C:\Users\juerg_000\Desktop\Anlagen Jürgen Haberzett.pdf
[2013/03/04 16:41:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/03/04 14:18:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/04 13:39:42 | 000,001,302 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013/03/04 11:46:41 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/04 11:08:00 | 000,000,401 | ---- | C] () -- C:\Users\juerg_000\AppData\Roaming\sp_data.sys
[2013/03/04 11:06:38 | 000,001,444 | ---- | C] () -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/01/08 02:22:28 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/11/20 11:01:21 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/11/20 11:00:59 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/11/20 11:00:54 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/08/17 01:52:29 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/08/17 01:52:28 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/07/26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/09/20 07:32:51 | 019,775,488 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/09/20 06:54:47 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
extras log:
Code:
ATTFilter
OTL Extras logfile created on: 04/03/2013 20:05:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\juerg_000\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16420)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.89 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 66.00% Memory free
7.39 Gb Paging File | 5.64 Gb Available in Paging File | 76.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 133.56 Gb Free Space | 71.69% Space Free | Partition Type: NTFS
Drive D: | 258.15 Gb Total Space | 258.03 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive F: | 275.41 Gb Total Space | 53.54 Gb Free Space | 19.44% Space Free | Partition Type: NTFS
Drive G: | 22.66 Gb Total Space | 13.73 Gb Free Space | 60.57% Space Free | Partition Type: FAT32
 
Computer Name: *** | User Name: juerg_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3435455976-2761992232-2573730619-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B3CACB-AE81-4952-88AD-2F9A6AAF1C2C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{171A8D83-DE4E-467A-858B-CF9262C2033F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1DD7A109-AA81-4605-81F5-757B10A4A942}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2A9F92BC-BC08-47AB-A0BA-D1B7D607E11B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{32AD0ED7-6020-4B5B-94E2-DF23637048B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{365E73B6-EAF5-40CD-B80B-94736574301A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{380AE527-6E53-4141-A57E-D7B6D66B47E6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4ADEBB8E-4DAB-4D33-9299-DA2609F8EE1B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{593C6697-A1E5-4459-BC31-AA072A5B80D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6AE593F5-D13B-4371-A496-8EA0E2CA964C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7E4C71B7-50B0-49FB-A9EB-F47F1955B785}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8746CAB6-9CFC-44A6-9847-48761CFA3318}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8E6A0F74-98CE-43F8-9D09-D4573CB9AB6C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{991A54D4-39C6-46BC-B84A-8A3FD27F2E94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9BC61B2C-868E-4BD4-9339-7C7527E7C567}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A8BDD9E4-36C9-428A-A7EC-28BECDFD6F5A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AA7900C5-27B6-4F11-A532-0D0A90E49159}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B42565A7-D24A-4A2C-A0E0-BFE2E24890E3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D4BD7778-E439-4A3C-A875-056035527348}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EA296D4F-F717-4AD7-9D7A-4E1AD319132A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ECAB1CF0-995C-4810-8AB4-8AEA7817A8B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0101C7F2-27FF-44BD-9C20-F3661EC351B2}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{0316779F-9120-436F-9697-C8CAE00ABB4F}" = dir=out | name=fresh paint | 
"{07D088F5-0DE1-4936-9C51-E18FEC45D90A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0FA1BEBF-1D69-4431-9597-2C77A39B631B}" = protocol=6 | dir=out | app=system | 
"{17F605DA-83DD-4418-912A-666D62F36140}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{18A23013-6DE7-4529-9E49-4B69B9B3A3C7}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{1BB53BB9-9C39-4D0C-B092-3BD764320193}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1D7876A6-B641-4B7C-9751-16B651392115}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{2385AB9F-471A-4F81-8A03-72C9FDD292B4}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{28B55B69-8861-4957-B834-D78D96440926}" = dir=in | name=skype | 
"{2DF4F3C0-F263-475D-BEE0-FAB18BCBC44E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{311AAF25-6FA9-49D3-A26A-FDABAA901DE6}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{3D32ACCB-9242-49EF-B10F-7EDC84A1CE1A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{426C781B-8732-4CF9-BEF0-6C49C59987F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{49ECF422-BBDD-4135-BF16-35E1C3F5CDCC}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{5243CE6A-49C0-45A8-A96A-1D60A95A6F9E}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{59D1251B-F7B0-4002-9533-67D4E3F32DA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5D2DA09A-38C7-43FB-B3B4-84C7E7B235AF}" = protocol=6 | dir=in | app=c:\users\juerg_000\appdata\roaming\utorrent\utorrent.exe | 
"{5DEEDAB3-D39D-4494-BFE3-ACDAFC614631}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{64C35042-3087-4371-A832-F80C2568091F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65D8CB08-9F33-4C96-81F1-A484912979CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{66F92256-6BCE-442A-A599-976AA735F60A}" = dir=out | name=taptiles | 
"{77F63092-00A9-432C-A949-4D28CE3CCF1E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7C836E75-49A0-42FD-BBBF-0EFB2E20121A}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{7E968864-3F53-4805-B18F-BA4D6CE3F226}" = protocol=17 | dir=in | app=c:\users\juerg_000\appdata\roaming\utorrent\utorrent.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8094E3E9-6767-453A-B33E-448BDB8CAC4B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{81AF5E57-FB24-4213-81A4-73D3F42929BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89477E4A-807C-4213-9B20-1A2093F417C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8FB06FA1-66B6-4A2B-9900-A9C7EC4ED927}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{8FEEE7F3-3E43-42B1-AFC5-8C37B0C77520}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{99E19A73-8E57-4B15-84D8-91182892DF90}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{9C64FBDE-E582-4A0D-8A7A-786073DB463A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9DE533CB-D42F-4891-BE96-6956D4B97C35}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A0BEB4B6-6138-4E07-BE57-BFE0E95B8169}" = dir=out | name=windows_ie_ac_001 | 
"{A60C517B-B392-4EBC-ABF4-3BCFAB10AACD}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{AD97A3AC-A81F-4BF9-8463-3C83949A79B5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AF244168-5CAD-4AE8-AA0F-CF7078A00C3F}" = dir=out | name=wordament | 
"{B6BAA601-0FEE-4859-8113-E1CCCA171C5E}" = dir=out | name=skype | 
"{C36D5AF6-C0BF-46EE-99C4-B51388B91752}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{C9BB49B8-95C5-4055-B4B9-69A3FBCA4E8A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CFBDE754-F8E2-41AE-9831-85456D7B1270}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D7E89D3A-4AAD-4931-B64D-66A149FE6386}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{D7FA004F-15EA-40B9-BF88-1C5E17B93623}" = dir=out | name=adera | 
"{DFF40C64-5898-4605-82C6-023481B9B0AD}" = dir=out | name=microsoft solitaire collection | 
"{E2F9527E-5BC6-4A14-B824-59E5FC46BC68}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EB6DEE6B-E0A2-4AF6-85D8-97706E4296B0}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{F0C8D715-119A-4B96-863D-99518AF92B1F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{F22BD3BC-15A5-4871-AB6A-D39888B39859}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{F3A05029-E637-4FF3-A5E0-127163E18237}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FAFA0F3D-BD79-4EAF-8A45-DCE966E22D14}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FB27EE7C-6A8C-43A1-A31A-F9D870CE64A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FCF3071B-D02B-486D-B30E-1F1A7B0EEB91}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"C01F56FBD9B141017E63E2A1A141E59934D4DC67" = Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69CC4B1E-0ADB-48E7-83D5-B45DA8CD1320}" = Alcor Micro USB Card Reader
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.1 (x86 en-US)" = Mozilla Firefox 19.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security
"uTorrent" = µTorrent
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3435455976-2761992232-2573730619-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04/03/2013 15:04:21 | Computer Name = raxfei | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\juerg_000\Downloads\esetsmartinstaller_enu.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
 
 
< End of report >
         
__________________

Alt 04.03.2013, 20:23   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
startfenster.com Windows 8 vcl player download - Standard

startfenster.com Windows 8 vcl player download



Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.03.2013, 21:01   #5
dejin
 
startfenster.com Windows 8 vcl player download - Standard

startfenster.com Windows 8 vcl player download



GMER wollte wirklich nich so recht ohne zu haken.
Bei MBAR stand nach dem Scan: No malware found, no clean Up necessary=)

dennoch:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.04.09

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16384
juerg_000 :: *** [administrator]

04/03/2013 20:57:14
mbar-log-2013-03-04 (20-57-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 6900
Time elapsed: 15 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         


Alt 04.03.2013, 21:13   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
startfenster.com Windows 8 vcl player download - Standard

startfenster.com Windows 8 vcl player download



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> startfenster.com Windows 8 vcl player download

Alt 04.03.2013, 21:32   #7
dejin
 
startfenster.com Windows 8 vcl player download - Standard

startfenster.com Windows 8 vcl player download



awsMBR txt:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-04 21:17:59
-----------------------------
21:17:59.293    OS Version: Windows x64 6.2.9200 
21:17:59.293    Number of processors: 4 586 0x2A07
21:17:59.308    ComputerName: ***  UserName: 
21:17:59.371    Initialze error 1 
21:22:08.856    AVAST engine defs: 13030400
21:24:16.753    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
21:24:16.753    Disk 0 Vendor: TOSHIBA_MQ01ABD050 AX002J Size: 476940MB BusType: 11
21:24:16.784    Disk 0 MBR read successfully
21:24:16.784    Disk 0 MBR scan
21:24:16.784    Disk 0 unknown MBR code
21:24:16.784    Disk 0 Partition 1 00     EE          GPT            476940 MB offset 1
21:24:16.800    Disk 0 scanning C:\Windows\system32\drivers
21:24:16.800    Service scanning
21:24:17.409    Modules scanning
21:24:17.409    Disk 0 trace - called modules:
21:24:17.409    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
21:24:17.409    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005cba060]
21:24:17.425    3 CLASSPNP.SYS[fffff88001a578aa] -> nt!IofCallDriver -> [0xfffffa8004405320]
21:24:17.425    5 ACPI.sys[fffff88001159a91] -> nt!IofCallDriver -> \Device\00000038[0xfffffa80044057f0]
21:24:17.425    AVAST engine scan C:\Windows
21:24:17.425    AVAST engine scan C:\Windows\system32
21:24:17.441    AVAST engine scan C:\Windows\system32\drivers
21:24:17.441    AVAST engine scan C:\Users\juerg_000
21:24:17.441    AVAST engine scan C:\ProgramData
21:24:17.441    Scan finished successfully
21:24:38.395    Disk 0 MBR has been saved successfully to "C:\Users\juerg_000\Desktop\MBR.dat"
21:24:38.411    The log file has been saved successfully to "C:\Users\juerg_000\Desktop\aswMBR.txt"
         
TDSS Killer (hat soweit nichts gefunden laut Endtext) :

Code:
ATTFilter
21:27:10.0736 3332  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:27:10.0736 3332  UEFI system
21:27:10.0939 3332  ============================================================
21:27:10.0939 3332  Current date / time: 2013/03/04 21:27:10.0939
21:27:10.0939 3332  SystemInfo:
21:27:10.0939 3332  
21:27:10.0939 3332  OS Version: 6.2.9200 ServicePack: 0.0
21:27:10.0939 3332  Product type: Workstation
21:27:10.0939 3332  ComputerName: ***
21:27:10.0939 3332  UserName: juerg_000
21:27:10.0939 3332  Windows directory: C:\Windows
21:27:10.0939 3332  System windows directory: C:\Windows
21:27:10.0939 3332  Running under WOW64
21:27:10.0939 3332  Processor architecture: Intel x64
21:27:10.0939 3332  Number of processors: 4
21:27:10.0939 3332  Page size: 0x1000
21:27:10.0939 3332  Boot type: Normal boot
21:27:10.0939 3332  ============================================================
21:27:11.0596 3332  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:27:11.0596 3332  ============================================================
21:27:11.0596 3332  \Device\Harddisk0\DR0:
21:27:11.0596 3332  GPT partitions:
21:27:11.0596 3332  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {2825BE3C-A830-413A-B913-334F17389C83}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
21:27:11.0596 3332  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5975917D-3891-4E85-83F2-FC6400BC7ED7}, Name: Basic data partition, StartLBA 0x96800, BlocksNum 0x1C2000
21:27:11.0596 3332  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {AA7229B7-5630-4FE3-8774-19B93251FF33}, Name: Microsoft reserved partition, StartLBA 0x258800, BlocksNum 0x40000
21:27:11.0596 3332  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {89794D6E-B731-4E38-A031-27B0734916FC}, Name: Basic data partition, StartLBA 0x298800, BlocksNum 0x1749C000
21:27:11.0596 3332  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {52B90836-DC99-4C81-911A-540B85A280FD}, Name: Basic data partition, StartLBA 0x17734800, BlocksNum 0x2044C800
21:27:11.0596 3332  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {3E8FC2A2-1158-442D-BC49-1EF339F1F09C}, Name: Basic data partition, StartLBA 0x37B81000, BlocksNum 0x2805000
21:27:11.0596 3332  MBR partitions:
21:27:11.0596 3332  ============================================================
21:27:11.0611 3332  C: <-> \Device\Harddisk0\DR0\Partition4
21:27:11.0643 3332  D: <-> \Device\Harddisk0\DR0\Partition5
21:27:11.0643 3332  ============================================================
21:27:11.0643 3332  Initialize success
21:27:11.0643 3332  ============================================================
21:27:29.0628 5272  ============================================================
21:27:29.0628 5272  Scan started
21:27:29.0628 5272  Mode: Manual; SigCheck; TDLFS; 
21:27:29.0628 5272  ============================================================
21:27:30.0315 5272  ================ Scan system memory ========================
21:27:30.0315 5272  System memory - ok
21:27:30.0315 5272  ================ Scan services =============================
21:27:30.0378 5272  0123871362419113mcinstcleanup - ok
21:27:30.0456 5272  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
21:27:30.0612 5272  1394ohci - ok
21:27:30.0612 5272  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\Windows\system32\drivers\3ware.sys
21:27:30.0628 5272  3ware - ok
21:27:30.0659 5272  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:27:30.0690 5272  ACPI - ok
21:27:30.0706 5272  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
21:27:30.0722 5272  acpiex - ok
21:27:30.0722 5272  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
21:27:30.0753 5272  acpipagr - ok
21:27:30.0753 5272  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
21:27:30.0815 5272  AcpiPmi - ok
21:27:30.0815 5272  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
21:27:30.0847 5272  acpitime - ok
21:27:30.0894 5272  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:27:30.0909 5272  AdobeARMservice - ok
21:27:31.0003 5272  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:27:31.0019 5272  AdobeFlashPlayerUpdateSvc - ok
21:27:31.0034 5272  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:27:31.0065 5272  adp94xx - ok
21:27:31.0081 5272  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:27:31.0112 5272  adpahci - ok
21:27:31.0112 5272  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:27:31.0128 5272  adpu320 - ok
21:27:31.0159 5272  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:27:31.0206 5272  AeLookupSvc - ok
21:27:31.0237 5272  [ 9E975BDC89C83900B2C534C4E1B018F8 ] AFD             C:\Windows\system32\drivers\afd.sys
21:27:31.0300 5272  AFD - ok
21:27:31.0331 5272  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
21:27:31.0394 5272  AgereSoftModem - ok
21:27:31.0409 5272  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:27:31.0425 5272  agp440 - ok
21:27:31.0456 5272  [ 16F6F6B7903B913AB41AB848C8BB5658 ] AiCharger       C:\Windows\system32\DRIVERS\AiCharger.sys
21:27:31.0472 5272  AiCharger - ok
21:27:31.0487 5272  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\Windows\System32\alg.exe
21:27:31.0612 5272  ALG - ok
21:27:31.0644 5272  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
21:27:31.0706 5272  AllUserInstallAgent - ok
21:27:31.0737 5272  [ FB88D16B55F788EEB7590584FE2D8F1A ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
21:27:31.0784 5272  AmdK8 - ok
21:27:31.0784 5272  [ 81402FF3373CE4DF77D5C874E369A985 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
21:27:31.0816 5272  AmdPPM - ok
21:27:31.0831 5272  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:27:31.0831 5272  amdsata - ok
21:27:31.0862 5272  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:27:31.0878 5272  amdsbs - ok
21:27:31.0878 5272  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:27:31.0894 5272  amdxata - ok
21:27:32.0034 5272  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:27:32.0050 5272  AntiVirSchedulerService - ok
21:27:32.0066 5272  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:27:32.0081 5272  AntiVirService - ok
21:27:32.0097 5272  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\Windows\system32\drivers\appid.sys
21:27:32.0175 5272  AppID - ok
21:27:32.0222 5272  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:27:32.0253 5272  AppIDSvc - ok
21:27:32.0253 5272  [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo         C:\Windows\System32\appinfo.dll
21:27:32.0284 5272  Appinfo - ok
21:27:32.0300 5272  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\Windows\system32\drivers\arc.sys
21:27:32.0316 5272  arc - ok
21:27:32.0316 5272  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:27:32.0331 5272  arcsas - ok
21:27:32.0394 5272  [ D01D1B40EEF27F64B45165CE0ACDE6CD ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
21:27:32.0409 5272  ASLDRService - ok
21:27:32.0409 5272  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
21:27:32.0425 5272  ASMMAP64 - ok
21:27:32.0456 5272  [ 6A122B4F0E5293CACFA8A5F2CBA9B356 ] ASUS InstantOn  C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
21:27:32.0456 5272  ASUS InstantOn - ok
21:27:32.0472 5272  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:27:32.0519 5272  AsyncMac - ok
21:27:32.0519 5272  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:27:32.0534 5272  atapi - ok
21:27:32.0675 5272  [ D55EBCD80CA519020338F75E420FDF3F ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
21:27:32.0831 5272  athr - ok
21:27:32.0847 5272  [ DBC598E47E7A382E60E2A4745D41FEF9 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
21:27:32.0847 5272  ATKGFNEXSrv - ok
21:27:32.0878 5272  [ 41CEAFFCF3550785E59E3EC9BEE8D97A ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
21:27:32.0894 5272  ATKWMIACPIIO - ok
21:27:32.0925 5272  [ 437EB91CB20144375DDE145149778405 ] ATP             C:\Windows\System32\drivers\AsusTP.sys
21:27:32.0925 5272  ATP - ok
21:27:32.0956 5272  [ 8A814F4CBF6AA28A8F0212592824C927 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
21:27:33.0003 5272  AudioEndpointBuilder - ok
21:27:33.0034 5272  [ 01E8E96251900BCEFAB34FBC1FCEB552 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:27:33.0081 5272  Audiosrv - ok
21:27:33.0097 5272  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:27:33.0112 5272  avgntflt - ok
21:27:33.0144 5272  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:27:33.0159 5272  avipbb - ok
21:27:33.0175 5272  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:27:33.0175 5272  avkmgr - ok
21:27:33.0222 5272  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:27:33.0284 5272  AxInstSV - ok
21:27:33.0300 5272  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:27:33.0347 5272  b06bdrv - ok
21:27:33.0378 5272  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
21:27:33.0456 5272  BasicDisplay - ok
21:27:33.0456 5272  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
21:27:33.0487 5272  BasicRender - ok
21:27:33.0519 5272  [ 558F6EEF46EC2642C8F72D34CBB5612E ] BDESVC          C:\Windows\System32\bdesvc.dll
21:27:33.0581 5272  BDESVC - ok
21:27:33.0613 5272  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:27:33.0675 5272  Beep - ok
21:27:33.0722 5272  [ 407F85D5387EDBB665A7969DF4D4712B ] BFE             C:\Windows\System32\bfe.dll
21:27:33.0769 5272  BFE - ok
21:27:33.0800 5272  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\Windows\System32\qmgr.dll
21:27:33.0894 5272  BITS - ok
21:27:33.0909 5272  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:27:33.0988 5272  bowser - ok
21:27:34.0034 5272  [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
21:27:34.0097 5272  BrokerInfrastructure - ok
21:27:34.0128 5272  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\Windows\System32\browser.dll
21:27:34.0191 5272  Browser - ok
21:27:34.0206 5272  [ FC79BE6D8FBC8699E9980F657D281BE9 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
21:27:34.0269 5272  BthAvrcpTg - ok
21:27:34.0284 5272  [ 8DE53C3B497D58C7D3E52F54D28E7D86 ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
21:27:34.0316 5272  BthEnum - ok
21:27:34.0331 5272  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
21:27:34.0456 5272  BthHFEnum - ok
21:27:34.0488 5272  [ 6F7368071FCDDB96C0527A6E5D7C1906 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
21:27:34.0519 5272  bthhfhid - ok
21:27:34.0550 5272  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
21:27:34.0597 5272  BTHMODEM - ok
21:27:34.0597 5272  [ 091BB978E9504D0AD14586929431A957 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:27:34.0659 5272  BthPan - ok
21:27:34.0691 5272  [ 427510B95603B24A0E1DDB47EFC4BA44 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
21:27:34.0753 5272  BTHPORT - ok
21:27:34.0800 5272  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\Windows\system32\bthserv.dll
21:27:34.0816 5272  bthserv - ok
21:27:34.0831 5272  [ 0BB16201253AA87015EFFECAF157225F ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
21:27:34.0847 5272  BTHUSB - ok
21:27:34.0878 5272  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:27:34.0941 5272  cdfs - ok
21:27:34.0941 5272  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\Windows\System32\drivers\cdrom.sys
21:27:34.0956 5272  cdrom - ok
21:27:34.0988 5272  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:27:35.0019 5272  CertPropSvc - ok
21:27:35.0066 5272  [ A73276435F75025DA6E67B2470E1FE16 ] cfwids          C:\Windows\system32\drivers\cfwids.sys
21:27:35.0081 5272  cfwids - ok
21:27:35.0097 5272  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\Windows\System32\drivers\circlass.sys
21:27:35.0144 5272  circlass - ok
21:27:35.0175 5272  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
21:27:35.0191 5272  CLFS - ok
21:27:35.0206 5272  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
21:27:35.0269 5272  CmBatt - ok
21:27:35.0300 5272  [ 1894FD2D5966A81D3B07A7C4D8724D59 ] CNG             C:\Windows\system32\Drivers\cng.sys
21:27:35.0331 5272  CNG - ok
21:27:35.0347 5272  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
21:27:35.0378 5272  CompositeBus - ok
21:27:35.0378 5272  COMSysApp - ok
21:27:35.0394 5272  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\Windows\system32\drivers\condrv.sys
21:27:35.0409 5272  condrv - ok
21:27:35.0472 5272  [ 9F5AFC3EE57412798B1A559B620386A0 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:27:35.0488 5272  cphs - ok
21:27:35.0519 5272  [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:27:35.0550 5272  CryptSvc - ok
21:27:35.0581 5272  [ A4CCA7289C1A6223D61FD27BF2FC413F ] dam             C:\Windows\system32\drivers\dam.sys
21:27:35.0597 5272  dam - ok
21:27:35.0628 5272  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:27:35.0706 5272  DcomLaunch - ok
21:27:35.0738 5272  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:27:35.0816 5272  defragsvc - ok
21:27:35.0847 5272  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
21:27:35.0878 5272  DeviceAssociationService - ok
21:27:35.0909 5272  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
21:27:35.0941 5272  DeviceInstall - ok
21:27:35.0972 5272  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
21:27:35.0988 5272  Dfsc - ok
21:27:36.0035 5272  [ CFB72DF4B2364AF6D4D685DCD310E942 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:27:36.0113 5272  Dhcp - ok
21:27:36.0128 5272  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\Windows\system32\drivers\discache.sys
21:27:36.0144 5272  discache - ok
21:27:36.0160 5272  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\Windows\system32\drivers\disk.sys
21:27:36.0175 5272  disk - ok
21:27:36.0175 5272  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
21:27:36.0238 5272  dmvsc - ok
21:27:36.0253 5272  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:27:36.0300 5272  Dnscache - ok
21:27:36.0331 5272  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\Windows\System32\dot3svc.dll
21:27:36.0363 5272  dot3svc - ok
21:27:36.0378 5272  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\Windows\system32\dps.dll
21:27:36.0410 5272  DPS - ok
21:27:36.0425 5272  [ 84D07E4E4FBE72DA3EC1C1E77C49B53C ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:27:36.0488 5272  drmkaud - ok
21:27:36.0519 5272  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
21:27:36.0613 5272  DsmSvc - ok
21:27:36.0660 5272  [ 898BF1647BBF012B38EF45C7F9F7A67E ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:27:36.0722 5272  DXGKrnl - ok
21:27:36.0738 5272  [ 651FBD69A9713D623D456A240F96179C ] e1iexpress      C:\Windows\system32\DRIVERS\e1i63x64.sys
21:27:36.0785 5272  e1iexpress - ok
21:27:36.0831 5272  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\Windows\System32\eapsvc.dll
21:27:36.0863 5272  Eaphost - ok
21:27:36.0941 5272  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:27:37.0050 5272  ebdrv - ok
21:27:37.0066 5272  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\Windows\System32\lsass.exe
21:27:37.0144 5272  EFS - ok
21:27:37.0160 5272  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
21:27:37.0175 5272  EhStorClass - ok
21:27:37.0175 5272  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
21:27:37.0191 5272  EhStorTcgDrv - ok
21:27:37.0206 5272  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\Windows\System32\drivers\errdev.sys
21:27:37.0206 5272  ErrDev - ok
21:27:37.0269 5272  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\Windows\system32\es.dll
21:27:37.0331 5272  EventSystem - ok
21:27:37.0363 5272  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:27:37.0394 5272  exfat - ok
21:27:37.0394 5272  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:27:37.0410 5272  fastfat - ok
21:27:37.0456 5272  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\Windows\system32\fxssvc.exe
21:27:37.0519 5272  Fax - ok
21:27:37.0535 5272  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\Windows\System32\drivers\fdc.sys
21:27:37.0566 5272  fdc - ok
21:27:37.0581 5272  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\Windows\system32\fdPHost.dll
21:27:37.0613 5272  fdPHost - ok
21:27:37.0628 5272  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\Windows\system32\fdrespub.dll
21:27:37.0644 5272  FDResPub - ok
21:27:37.0691 5272  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\Windows\system32\fhsvc.dll
21:27:37.0722 5272  fhsvc - ok
21:27:37.0753 5272  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:27:37.0769 5272  FileInfo - ok
21:27:37.0769 5272  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:27:37.0800 5272  Filetrace - ok
21:27:37.0800 5272  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
21:27:37.0831 5272  flpydisk - ok
21:27:37.0847 5272  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:27:37.0863 5272  FltMgr - ok
21:27:37.0910 5272  [ 305CB1E16576F436BC8797E629A3D46D ] FontCache       C:\Windows\system32\FntCache.dll
21:27:38.0019 5272  FontCache - ok
21:27:38.0066 5272  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:27:38.0081 5272  FontCache3.0.0.0 - ok
21:27:38.0113 5272  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:27:38.0128 5272  FsDepends - ok
21:27:38.0128 5272  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:27:38.0144 5272  Fs_Rec - ok
21:27:38.0175 5272  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:27:38.0191 5272  fvevol - ok
21:27:38.0207 5272  [ 3EF3FCCC0E70EEC5C2AD996F32BBA642 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
21:27:38.0238 5272  FxPPM - ok
21:27:38.0238 5272  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:27:38.0253 5272  gagp30kx - ok
21:27:38.0269 5272  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
21:27:38.0285 5272  gencounter - ok
21:27:38.0316 5272  [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
21:27:38.0331 5272  GPIOClx0101 - ok
21:27:38.0378 5272  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:27:38.0441 5272  gpsvc - ok
21:27:38.0472 5272  [ 9FC1F11D4D19F61DFE5CC878B4557D3A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:27:38.0519 5272  HdAudAddService - ok
21:27:38.0550 5272  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
21:27:38.0581 5272  HDAudBus - ok
21:27:38.0581 5272  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
21:27:38.0597 5272  HidBatt - ok
21:27:38.0628 5272  [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth          C:\Windows\System32\drivers\hidbth.sys
21:27:38.0660 5272  HidBth - ok
21:27:38.0675 5272  [ AC0526C4E3A7954F750B8F8D95EFB340 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
21:27:38.0707 5272  hidi2c - ok
21:27:38.0722 5272  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\Windows\System32\drivers\hidir.sys
21:27:38.0753 5272  HidIr - ok
21:27:38.0832 5272  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\Windows\system32\hidserv.dll
21:27:38.0847 5272  hidserv - ok
21:27:38.0878 5272  [ A9F2301B8D28BB4D887F5AEBB55ACB3A ] HIDSwitch       C:\Windows\System32\drivers\AsHIDSwitch64.sys
21:27:38.0894 5272  HIDSwitch - ok
21:27:38.0910 5272  [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
21:27:38.0941 5272  HidUsb - ok
21:27:38.0941 5272  [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
21:27:38.0957 5272  HipShieldK - ok
21:27:38.0988 5272  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:27:39.0019 5272  hkmsvc - ok
21:27:39.0035 5272  [ 6CC1AD7B0E071C317B7FB8FC6AEF0EDA ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:27:39.0113 5272  HomeGroupListener - ok
21:27:39.0128 5272  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:27:39.0160 5272  HomeGroupProvider - ok
21:27:39.0175 5272  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:27:39.0191 5272  HpSAMD - ok
21:27:39.0207 5272  [ 47DBBF38E00C3F7404B71F6509241EF1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:27:39.0300 5272  HTTP - ok
21:27:39.0316 5272  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:27:39.0316 5272  hwpolicy - ok
21:27:39.0332 5272  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
21:27:39.0363 5272  hyperkbd - ok
21:27:39.0363 5272  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
21:27:39.0378 5272  HyperVideo - ok
21:27:39.0378 5272  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
21:27:39.0394 5272  i8042prt - ok
21:27:39.0441 5272  [ 0FE66A51D81A25AACEAAE4C26308121D ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
21:27:39.0457 5272  iaStorA - ok
21:27:39.0535 5272  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:27:39.0582 5272  iaStorV - ok
21:27:39.0847 5272  [ 11A31FC2481BFE69B0507ED8C80215F4 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:27:40.0097 5272  igfx - ok
21:27:40.0128 5272  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:27:40.0144 5272  iirsp - ok
21:27:40.0175 5272  [ 45EACE8D94B9CEC746A85154892C4FDC ] IKEEXT          C:\Windows\System32\ikeext.dll
21:27:40.0222 5272  IKEEXT - ok
21:27:40.0238 5272  [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
21:27:40.0285 5272  IntcDAud - ok
21:27:40.0347 5272  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:27:40.0378 5272  Intel(R) Capability Licensing Service Interface - ok
21:27:40.0457 5272  [ 9656F8E29F6C3161A3E99BCD3A472FF9 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
21:27:40.0472 5272  Intel(R) ME Service - ok
21:27:40.0488 5272  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:27:40.0488 5272  intelide - ok
21:27:40.0519 5272  [ F9E126AA767E2E6E3128434A43C9F713 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
21:27:40.0535 5272  intelppm - ok
21:27:40.0535 5272  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:27:40.0566 5272  IpFilterDriver - ok
21:27:40.0597 5272  [ CAC5202757EF68C4849B0DFFA75F6D3C ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:27:40.0660 5272  iphlpsvc - ok
21:27:40.0691 5272  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
21:27:40.0738 5272  IPMIDRV - ok
21:27:40.0738 5272  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:27:40.0769 5272  IPNAT - ok
21:27:40.0785 5272  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:27:40.0832 5272  IRENUM - ok
21:27:40.0847 5272  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:27:40.0863 5272  isapnp - ok
21:27:40.0894 5272  [ F5F0DE1B7F256997501EECECE9648108 ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
21:27:40.0910 5272  iScsiPrt - ok
21:27:40.0941 5272  [ 78ABBE558F57144047F10A0F50FE4B2F ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:27:40.0957 5272  jhi_service - ok
21:27:40.0957 5272  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
21:27:40.0972 5272  kbdclass - ok
21:27:40.0972 5272  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
21:27:41.0003 5272  kbdhid - ok
21:27:41.0035 5272  [ A8080BEBCDB7A16495CE1205921DCAC5 ] kbfiltr         C:\Windows\System32\drivers\kbfiltr.sys
21:27:41.0035 5272  kbfiltr - ok
21:27:41.0066 5272  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
21:27:41.0144 5272  kdnic - ok
21:27:41.0160 5272  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\Windows\system32\lsass.exe
21:27:41.0175 5272  KeyIso - ok
21:27:41.0207 5272  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:27:41.0207 5272  KSecDD - ok
21:27:41.0238 5272  [ E427D299CFE267A2465D3AAF81440ED9 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:27:41.0254 5272  KSecPkg - ok
21:27:41.0269 5272  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:27:41.0285 5272  ksthunk - ok
21:27:41.0332 5272  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:27:41.0363 5272  KtmRm - ok
21:27:41.0394 5272  [ CBD16721541EE334F6D623CE0B4003BF ] L1C             C:\Windows\system32\DRIVERS\L1C63x64.sys
21:27:41.0394 5272  L1C - ok
21:27:41.0425 5272  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:27:41.0457 5272  LanmanServer - ok
21:27:41.0472 5272  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:27:41.0504 5272  LanmanWorkstation - ok
21:27:41.0535 5272  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:27:41.0550 5272  lltdio - ok
21:27:41.0582 5272  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:27:41.0644 5272  lltdsvc - ok
21:27:41.0644 5272  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:27:41.0722 5272  lmhosts - ok
21:27:41.0754 5272  [ 2C24DC448DBE8DB9BE1441B824C57E79 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:27:41.0754 5272  LMS - ok
21:27:41.0785 5272  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:27:41.0800 5272  LSI_SAS - ok
21:27:41.0816 5272  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:27:41.0832 5272  LSI_SAS2 - ok
21:27:41.0832 5272  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:27:41.0847 5272  LSI_SCSI - ok
21:27:41.0847 5272  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
21:27:41.0863 5272  LSI_SSS - ok
21:27:41.0894 5272  [ 8FEFDCEE40B75FD23B4BC60DA6576113 ] LSM             C:\Windows\System32\lsm.dll
21:27:41.0941 5272  LSM - ok
21:27:41.0941 5272  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:27:41.0972 5272  luafv - ok
21:27:42.0050 5272  [ 1E3AF124A3405EEE594BB9FFD4640F48 ] McAWFwk         c:\PROGRA~1\mcafee\msc\mcawfwk.exe
21:27:42.0066 5272  McAWFwk - ok
21:27:42.0129 5272  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:27:42.0144 5272  McMPFSvc - ok
21:27:42.0144 5272  [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
21:27:42.0160 5272  mcmscsvc - ok
21:27:42.0160 5272  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
21:27:42.0160 5272  McNaiAnn - ok
21:27:42.0175 5272  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
21:27:42.0175 5272  McNASvc - ok
21:27:42.0222 5272  [ B26B99CE6218CC586B727CBA7C923233 ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
21:27:42.0238 5272  McODS - ok
21:27:42.0238 5272  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
21:27:42.0254 5272  McOobeSv - ok
21:27:42.0254 5272  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
21:27:42.0269 5272  McProxy - ok
21:27:42.0316 5272  [ 23EA22ACADD66D7F1E18A4AA72BE6158 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
21:27:42.0332 5272  McShield - ok
21:27:42.0347 5272  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\Windows\system32\drivers\megasas.sys
21:27:42.0363 5272  megasas - ok
21:27:42.0379 5272  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:27:42.0394 5272  MegaSR - ok
21:27:42.0410 5272  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
21:27:42.0425 5272  MEIx64 - ok
21:27:42.0457 5272  [ 19323081FA4018C9C1AEBF08114BEA11 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
21:27:42.0472 5272  mfeapfk - ok
21:27:42.0488 5272  [ EF1D39A70CAD1B7BEDC220480F26815C ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
21:27:42.0488 5272  mfeavfk - ok
21:27:42.0519 5272  mfeavfk01 - ok
21:27:42.0535 5272  [ 9DBA574C2189A32BF484F6EC2322C5CA ] mfeelamk        C:\Windows\system32\drivers\mfeelamk.sys
21:27:42.0535 5272  mfeelamk - ok
21:27:42.0566 5272  [ 3CBBB569730EFD069B4BD253DDD4AD58 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
21:27:42.0582 5272  mfefire - ok
21:27:42.0613 5272  [ 67972BFC8F23054BD23E1DE1450E40BD ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
21:27:42.0629 5272  mfefirek - ok
21:27:42.0660 5272  [ 5C0EE849C03C37071FABDAA6B58D3D94 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
21:27:42.0691 5272  mfehidk - ok
21:27:42.0691 5272  [ 450B77CAC7384A9C1BAF476AC302CD4C ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
21:27:42.0707 5272  mferkdet - ok
21:27:42.0738 5272  [ 74CE2EBE64AB78904E33DD4C5F21611F ] mfevtp          C:\windows\system32\mfevtps.exe
21:27:42.0738 5272  mfevtp - ok
21:27:42.0769 5272  [ F55F9742BFA88D02F96516B80AB400EC ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
21:27:42.0769 5272  mfewfpk - ok
21:27:42.0800 5272  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\Windows\system32\mmcss.dll
21:27:42.0832 5272  MMCSS - ok
21:27:42.0863 5272  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\Windows\system32\drivers\modem.sys
21:27:42.0894 5272  Modem - ok
21:27:42.0894 5272  [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:27:42.0957 5272  monitor - ok
21:27:42.0957 5272  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\Windows\System32\drivers\mouclass.sys
21:27:42.0972 5272  mouclass - ok
21:27:42.0972 5272  [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
21:27:43.0004 5272  mouhid - ok
21:27:43.0019 5272  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:27:43.0019 5272  mountmgr - ok
21:27:43.0066 5272  [ 46C379299D0C831463162C473C2D5927 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:27:43.0066 5272  MozillaMaintenance - ok
21:27:43.0082 5272  [ 36BF4D86F166ACBC14F0B8B8F90CBCEA ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:27:43.0113 5272  mpsdrv - ok
21:27:43.0144 5272  [ 411EA973A1961C287927DF13891EB41E ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:27:43.0175 5272  MpsSvc - ok
21:27:43.0207 5272  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:27:43.0222 5272  MRxDAV - ok
21:27:43.0269 5272  [ 1EEAA5A62E8C49DDF58798F06F78BFFA ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:27:43.0300 5272  mrxsmb - ok
21:27:43.0300 5272  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:27:43.0332 5272  mrxsmb10 - ok
21:27:43.0332 5272  [ BFBE1EA55ECC15733933D429E384BCA4 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:27:43.0363 5272  mrxsmb20 - ok
21:27:43.0394 5272  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
21:27:43.0425 5272  MsBridge - ok
21:27:43.0441 5272  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\Windows\System32\msdtc.exe
21:27:43.0457 5272  MSDTC - ok
21:27:43.0472 5272  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:27:43.0504 5272  Msfs - ok
21:27:43.0519 5272  [ C9BFB0353099B071E70299549C18C8AE ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
21:27:43.0535 5272  msgpiowin32 - ok
21:27:43.0551 5272  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:27:43.0582 5272  mshidkmdf - ok
21:27:43.0597 5272  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
21:27:43.0613 5272  mshidumdf - ok
21:27:43.0613 5272  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:27:43.0629 5272  msisadrv - ok
21:27:43.0676 5272  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:27:43.0707 5272  MSiSCSI - ok
21:27:43.0707 5272  msiserver - ok
21:27:43.0738 5272  [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:27:43.0754 5272  MSK80Service - ok
21:27:43.0769 5272  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:27:43.0785 5272  MSKSSRV - ok
21:27:43.0801 5272  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
21:27:43.0816 5272  MsLldp - ok
21:27:43.0816 5272  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:27:43.0847 5272  MSPCLOCK - ok
21:27:43.0863 5272  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:27:43.0894 5272  MSPQM - ok
21:27:43.0910 5272  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:27:43.0926 5272  MsRPC - ok
21:27:43.0926 5272  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
21:27:43.0941 5272  mssmbios - ok
21:27:43.0941 5272  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:27:43.0957 5272  MSTEE - ok
21:27:43.0957 5272  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
21:27:43.0988 5272  MTConfig - ok
21:27:44.0004 5272  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\Windows\system32\Drivers\mup.sys
21:27:44.0004 5272  Mup - ok
21:27:44.0019 5272  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
21:27:44.0019 5272  mvumis - ok
21:27:44.0066 5272  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\Windows\system32\qagentRT.dll
21:27:44.0097 5272  napagent - ok
21:27:44.0129 5272  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:27:44.0160 5272  NativeWifiP - ok
21:27:44.0207 5272  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\Windows\System32\ncasvc.dll
21:27:44.0238 5272  NcaSvc - ok
21:27:44.0238 5272  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
21:27:44.0316 5272  NcdAutoSetup - ok
21:27:44.0347 5272  [ FE6463C1574610E26ED8DE2054DF59A4 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:27:44.0394 5272  NDIS - ok
21:27:44.0426 5272  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:27:44.0457 5272  NdisCap - ok
21:27:44.0457 5272  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
21:27:44.0472 5272  NdisImPlatform - ok
21:27:44.0504 5272  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:27:44.0566 5272  NdisTapi - ok
21:27:44.0597 5272  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:27:44.0629 5272  Ndisuio - ok
21:27:44.0629 5272  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:27:44.0660 5272  NdisWan - ok
21:27:44.0660 5272  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
21:27:44.0691 5272  NDISWANLEGACY - ok
21:27:44.0707 5272  [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:27:44.0722 5272  NDProxy - ok
21:27:44.0738 5272  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
21:27:44.0754 5272  Ndu - ok
21:27:44.0769 5272  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:27:44.0801 5272  NetBIOS - ok
21:27:44.0832 5272  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:27:44.0894 5272  NetBT - ok
21:27:44.0926 5272  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\Windows\system32\lsass.exe
21:27:44.0941 5272  Netlogon - ok
21:27:44.0972 5272  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\Windows\System32\netman.dll
21:27:45.0004 5272  Netman - ok
21:27:45.0035 5272  [ 20F6FD63E6D456114BC8056D62792786 ] netprofm        C:\Windows\System32\netprofmsvc.dll
21:27:45.0066 5272  netprofm - ok
21:27:45.0129 5272  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:27:45.0144 5272  NetTcpPortSharing - ok
21:27:45.0285 5272  [ 57B9C04D673F236D41FAB03842C8640B ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
21:27:45.0472 5272  NETwNs64 - ok
21:27:45.0488 5272  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:27:45.0504 5272  nfrd960 - ok
21:27:45.0519 5272  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:27:45.0582 5272  NlaSvc - ok
21:27:45.0582 5272  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:27:45.0613 5272  Npfs - ok
21:27:45.0644 5272  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
21:27:45.0676 5272  npsvctrig - ok
21:27:45.0707 5272  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\Windows\system32\nsisvc.dll
21:27:45.0738 5272  nsi - ok
21:27:45.0754 5272  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:27:45.0785 5272  nsiproxy - ok
21:27:45.0832 5272  [ 4A7EEA9C4AD5CBFDA3C0E5B821C99CAD ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:27:45.0879 5272  Ntfs - ok
21:27:45.0894 5272  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\Windows\system32\drivers\Null.sys
21:27:45.0910 5272  Null - ok
21:27:45.0926 5272  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:27:45.0926 5272  nvraid - ok
21:27:45.0941 5272  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:27:45.0957 5272  nvstor - ok
21:27:45.0957 5272  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:27:45.0973 5272  nv_agp - ok
21:27:45.0988 5272  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:27:46.0066 5272  p2pimsvc - ok
21:27:46.0082 5272  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:27:46.0113 5272  p2psvc - ok
21:27:46.0144 5272  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\Windows\System32\drivers\parport.sys
21:27:46.0176 5272  Parport - ok
21:27:46.0176 5272  [ C1D7BA7F0DE487DFEEB51BF8D3EC5562 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:27:46.0191 5272  partmgr - ok
21:27:46.0223 5272  [ 19E41F140A6ADBD38943710DA7FF0E38 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:27:46.0238 5272  PcaSvc - ok
21:27:46.0254 5272  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\Windows\system32\drivers\pci.sys
21:27:46.0269 5272  pci - ok
21:27:46.0269 5272  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:27:46.0285 5272  pciide - ok
21:27:46.0301 5272  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:27:46.0316 5272  pcmcia - ok
21:27:46.0316 5272  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:27:46.0332 5272  pcw - ok
21:27:46.0348 5272  [ A192B9FC67F181A78B05175EE0A244FA ] pdc             C:\Windows\system32\drivers\pdc.sys
21:27:46.0363 5272  pdc - ok
21:27:46.0394 5272  [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:27:46.0457 5272  PEAUTH - ok
21:27:46.0535 5272  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:27:46.0566 5272  PerfHost - ok
21:27:46.0676 5272  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\Windows\system32\pla.dll
21:27:46.0738 5272  pla - ok
21:27:46.0754 5272  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:27:46.0769 5272  PlugPlay - ok
21:27:46.0801 5272  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:27:46.0816 5272  PNRPAutoReg - ok
21:27:46.0816 5272  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:27:46.0832 5272  PNRPsvc - ok
21:27:46.0863 5272  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:27:46.0894 5272  PolicyAgent - ok
21:27:46.0926 5272  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\Windows\system32\umpo.dll
21:27:46.0973 5272  Power - ok
21:27:47.0004 5272  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:27:47.0019 5272  PptpMiniport - ok
21:27:47.0301 5272  [ CC0B8655E4B2A5BBB215CDA8FC3BE4DE ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
21:27:47.0488 5272  PrintNotify - ok
21:27:47.0519 5272  [ 8DA167F8967AB35A2487095CB1B879A0 ] Processor       C:\Windows\System32\drivers\processr.sys
21:27:47.0535 5272  Processor - ok
21:27:47.0566 5272  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\Windows\system32\profsvc.dll
21:27:47.0598 5272  ProfSvc - ok
21:27:47.0629 5272  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:27:47.0644 5272  Psched - ok
21:27:47.0660 5272  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\Windows\system32\qwave.dll
21:27:47.0691 5272  QWAVE - ok
21:27:47.0707 5272  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:27:47.0738 5272  QWAVEdrv - ok
21:27:47.0754 5272  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:27:47.0785 5272  RasAcd - ok
21:27:47.0816 5272  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:27:47.0832 5272  RasAgileVpn - ok
21:27:47.0863 5272  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\Windows\System32\rasauto.dll
21:27:47.0894 5272  RasAuto - ok
21:27:47.0910 5272  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:27:47.0941 5272  Rasl2tp - ok
21:27:47.0957 5272  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\Windows\System32\rasmans.dll
21:27:47.0988 5272  RasMan - ok
21:27:48.0004 5272  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:27:48.0019 5272  RasPppoe - ok
21:27:48.0019 5272  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:27:48.0051 5272  RasSstp - ok
21:27:48.0082 5272  [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:27:48.0098 5272  rdbss - ok
21:27:48.0113 5272  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
21:27:48.0160 5272  rdpbus - ok
21:27:48.0160 5272  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:27:48.0207 5272  RDPDR - ok
21:27:48.0223 5272  [ 3B4F32CA8B37584ECF98BCE136E38B96 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:27:48.0238 5272  RdpVideoMiniport - ok
21:27:48.0238 5272  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:27:48.0270 5272  RDPWD - ok
21:27:48.0285 5272  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:27:48.0301 5272  rdyboost - ok
21:27:48.0316 5272  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:27:48.0348 5272  RemoteAccess - ok
21:27:48.0395 5272  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:27:48.0441 5272  RemoteRegistry - ok
21:27:48.0473 5272  [ 17EF582CBC4809F96B9E6D0543480763 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:27:48.0504 5272  RFCOMM - ok
21:27:48.0520 5272  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:27:48.0551 5272  RpcEptMapper - ok
21:27:48.0582 5272  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\Windows\system32\locator.exe
21:27:48.0613 5272  RpcLocator - ok
21:27:48.0645 5272  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\Windows\system32\rpcss.dll
21:27:48.0676 5272  RpcSs - ok
21:27:48.0691 5272  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:27:48.0723 5272  rspndr - ok
21:27:48.0754 5272  [ 15923AA360F7675D3D43C9669316A0BA ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
21:27:48.0801 5272  RTL8168 - ok
21:27:48.0816 5272  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
21:27:48.0848 5272  s3cap - ok
21:27:48.0879 5272  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\Windows\system32\lsass.exe
21:27:48.0895 5272  SamSs - ok
21:27:48.0926 5272  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:27:48.0926 5272  sbp2port - ok
21:27:48.0973 5272  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:27:49.0004 5272  SCardSvr - ok
21:27:49.0004 5272  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:27:49.0035 5272  scfilter - ok
21:27:49.0066 5272  [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule        C:\Windows\system32\schedsvc.dll
21:27:49.0129 5272  Schedule - ok
21:27:49.0176 5272  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:27:49.0191 5272  SCPolicySvc - ok
21:27:49.0191 5272  [ A27CF856218B1B1442A7A3B5CF94B4B9 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
21:27:49.0207 5272  sdbus - ok
21:27:49.0238 5272  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:27:49.0301 5272  SDRSVC - ok
21:27:49.0332 5272  [ 74369A913837FB46C3B27373DA2ADF4E ] sdstor          C:\Windows\System32\drivers\sdstor.sys
21:27:49.0348 5272  sdstor - ok
21:27:49.0379 5272  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:27:49.0395 5272  secdrv - ok
21:27:49.0441 5272  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\Windows\system32\seclogon.dll
21:27:49.0473 5272  seclogon - ok
21:27:49.0473 5272  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\Windows\System32\sens.dll
21:27:49.0520 5272  SENS - ok
21:27:49.0535 5272  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:27:49.0582 5272  SensrSvc - ok
21:27:49.0613 5272  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\Windows\system32\drivers\SerCx.sys
21:27:49.0613 5272  SerCx - ok
21:27:49.0629 5272  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\Windows\System32\drivers\serenum.sys
21:27:49.0660 5272  Serenum - ok
21:27:49.0676 5272  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\Windows\System32\drivers\serial.sys
21:27:49.0691 5272  Serial - ok
21:27:49.0691 5272  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\Windows\System32\drivers\sermouse.sys
21:27:49.0707 5272  sermouse - ok
21:27:49.0754 5272  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\Windows\system32\sessenv.dll
21:27:49.0770 5272  SessionEnv - ok
21:27:49.0770 5272  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
21:27:49.0801 5272  sfloppy - ok
21:27:49.0832 5272  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:27:49.0879 5272  SharedAccess - ok
21:27:49.0910 5272  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:27:50.0004 5272  ShellHWDetection - ok
21:27:50.0020 5272  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:27:50.0035 5272  SiSRaid2 - ok
21:27:50.0035 5272  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:27:50.0051 5272  SiSRaid4 - ok
21:27:50.0066 5272  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:27:50.0113 5272  SNMPTRAP - ok
21:27:50.0129 5272  [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
21:27:50.0145 5272  spaceport - ok
21:27:50.0145 5272  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
21:27:50.0160 5272  SpbCx - ok
21:27:50.0191 5272  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\Windows\System32\spoolsv.exe
21:27:50.0270 5272  Spooler - ok
21:27:50.0363 5272  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:27:50.0504 5272  sppsvc - ok
21:27:50.0535 5272  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:27:50.0566 5272  srv - ok
21:27:50.0582 5272  [ 0DE224F7B8041B17AA53D00327A86396 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:27:50.0613 5272  srv2 - ok
21:27:50.0629 5272  [ 9400C71F5A1A380B494B6922F007D485 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:27:50.0645 5272  srvnet - ok
21:27:50.0676 5272  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:27:50.0723 5272  SSDPSRV - ok
21:27:50.0754 5272  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:27:50.0770 5272  SstpSvc - ok
21:27:50.0801 5272  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:27:50.0817 5272  stexstor - ok
21:27:50.0863 5272  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\Windows\System32\wiaservc.dll
21:27:50.0942 5272  stisvc - ok
21:27:50.0957 5272  [ C588BBD37B432CE3204E5765B459E6B2 ] storahci        C:\Windows\system32\drivers\storahci.sys
21:27:50.0973 5272  storahci - ok
21:27:50.0973 5272  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
21:27:50.0988 5272  storflt - ok
21:27:51.0020 5272  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\Windows\system32\storsvc.dll
21:27:51.0067 5272  StorSvc - ok
21:27:51.0082 5272  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:27:51.0098 5272  storvsc - ok
21:27:51.0145 5272  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\Windows\system32\svsvc.dll
21:27:51.0176 5272  svsvc - ok
21:27:51.0176 5272  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\Windows\System32\drivers\swenum.sys
21:27:51.0192 5272  swenum - ok
21:27:51.0223 5272  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\Windows\System32\swprv.dll
21:27:51.0254 5272  swprv - ok
21:27:51.0285 5272  [ DC21E1F06343773D7E24362DCEF7944B ] SysMain         C:\Windows\system32\sysmain.dll
21:27:51.0317 5272  SysMain - ok
21:27:51.0348 5272  [ 079244F281621FEDCC161D3923E858FE ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
21:27:51.0395 5272  SystemEventsBroker - ok
21:27:51.0442 5272  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
21:27:51.0457 5272  TabletInputService - ok
21:27:51.0488 5272  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:27:51.0520 5272  TapiSrv - ok
21:27:51.0582 5272  [ 1D644E2D0FC395A055AB1C23C3B43631 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:27:51.0645 5272  Tcpip - ok
21:27:51.0754 5272  [ 1D644E2D0FC395A055AB1C23C3B43631 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:27:51.0801 5272  TCPIP6 - ok
21:27:51.0832 5272  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:27:51.0863 5272  tcpipreg - ok
21:27:51.0863 5272  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:27:51.0879 5272  tdx - ok
21:27:51.0879 5272  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
21:27:51.0895 5272  terminpt - ok
21:27:51.0926 5272  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\Windows\System32\termsrv.dll
21:27:51.0973 5272  TermService - ok
21:27:51.0988 5272  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\Windows\system32\themeservice.dll
21:27:52.0020 5272  Themes - ok
21:27:52.0051 5272  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\Windows\system32\mmcss.dll
21:27:52.0067 5272  THREADORDER - ok
21:27:52.0082 5272  [ 52066C139CC189468845D5BE557B25EB ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
21:27:52.0098 5272  TimeBroker - ok
21:27:52.0129 5272  [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM             C:\Windows\system32\drivers\tpm.sys
21:27:52.0145 5272  TPM - ok
21:27:52.0160 5272  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\Windows\System32\trkwks.dll
21:27:52.0192 5272  TrkWks - ok
21:27:52.0254 5272  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:27:52.0270 5272  TrustedInstaller - ok
21:27:52.0301 5272  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:27:52.0332 5272  TsUsbFlt - ok
21:27:52.0332 5272  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
21:27:52.0363 5272  TsUsbGD - ok
21:27:52.0363 5272  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:27:52.0410 5272  tunnel - ok
21:27:52.0410 5272  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:27:52.0426 5272  uagp35 - ok
21:27:52.0426 5272  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
21:27:52.0442 5272  UASPStor - ok
21:27:52.0473 5272  [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
21:27:52.0488 5272  UCX01000 - ok
21:27:52.0504 5272  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:27:52.0520 5272  udfs - ok
21:27:52.0551 5272  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:27:52.0582 5272  UI0Detect - ok
21:27:52.0582 5272  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:27:52.0598 5272  uliagpkx - ok
21:27:52.0613 5272  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\Windows\System32\drivers\umbus.sys
21:27:52.0645 5272  umbus - ok
21:27:52.0645 5272  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\Windows\System32\drivers\umpass.sys
21:27:52.0660 5272  UmPass - ok
21:27:52.0707 5272  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\Windows\System32\umrdp.dll
21:27:52.0738 5272  UmRdpService - ok
21:27:52.0848 5272  [ E1A119AD21F5AFE22EB516C549306D3D ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:27:52.0863 5272  UNS - ok
21:27:52.0895 5272  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\Windows\System32\upnphost.dll
21:27:52.0957 5272  upnphost - ok
21:27:52.0973 5272  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
21:27:53.0004 5272  usbccgp - ok
21:27:53.0020 5272  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
21:27:53.0051 5272  usbcir - ok
21:27:53.0082 5272  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
21:27:53.0098 5272  usbehci - ok
21:27:53.0114 5272  [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub          C:\Windows\System32\drivers\usbhub.sys
21:27:53.0145 5272  usbhub - ok
21:27:53.0160 5272  [ 7B886003CEEBF3C8E4FDF3586DCB3787 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
21:27:53.0176 5272  USBHUB3 - ok
21:27:53.0207 5272  [ EC1303E3DBF312B846377A84C0D15F27 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
21:27:53.0239 5272  usbohci - ok
21:27:53.0254 5272  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\Windows\System32\drivers\usbprint.sys
21:27:53.0301 5272  usbprint - ok
21:27:53.0317 5272  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
21:27:53.0332 5272  USBSTOR - ok
21:27:53.0348 5272  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
21:27:53.0364 5272  usbuhci - ok
21:27:53.0395 5272  [ 09799E701B4327097E9F63D3FE221083 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:27:53.0410 5272  usbvideo - ok
21:27:53.0457 5272  [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
21:27:53.0473 5272  USBXHCI - ok
21:27:53.0489 5272  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\Windows\system32\lsass.exe
21:27:53.0504 5272  VaultSvc - ok
21:27:53.0520 5272  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:27:53.0535 5272  vdrvroot - ok
21:27:53.0567 5272  [ 00FBA165A1167738802DA5D0EE78EF10 ] vds             C:\Windows\System32\vds.exe
21:27:53.0629 5272  vds - ok
21:27:53.0629 5272  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
21:27:53.0645 5272  VerifierExt - ok
21:27:53.0676 5272  [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
21:27:53.0692 5272  vhdmp - ok
21:27:53.0754 5272  [ C11A95D4D504A42FACF6691B7F9084B0 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
21:27:53.0801 5272  VIAHdAudAddService - ok
21:27:53.0801 5272  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\Windows\system32\drivers\viaide.sys
21:27:53.0817 5272  viaide - ok
21:27:53.0832 5272  [ 0C0B393138C55954929FE47611383BC9 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
21:27:53.0848 5272  VIAKaraokeService - ok
21:27:53.0879 5272  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:27:53.0895 5272  vmbus - ok
21:27:53.0895 5272  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
21:27:53.0926 5272  VMBusHID - ok
21:27:53.0973 5272  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
21:27:53.0989 5272  vmicheartbeat - ok
21:27:53.0989 5272  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
21:27:54.0004 5272  vmickvpexchange - ok
21:27:54.0020 5272  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\Windows\System32\ICSvc.dll
21:27:54.0035 5272  vmicrdv - ok
21:27:54.0035 5272  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
21:27:54.0051 5272  vmicshutdown - ok
21:27:54.0067 5272  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\Windows\System32\ICSvc.dll
21:27:54.0082 5272  vmictimesync - ok
21:27:54.0082 5272  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\Windows\System32\ICSvc.dll
21:27:54.0098 5272  vmicvss - ok
21:27:54.0114 5272  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:27:54.0129 5272  volmgr - ok
21:27:54.0145 5272  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:27:54.0176 5272  volmgrx - ok
21:27:54.0176 5272  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:27:54.0192 5272  volsnap - ok
21:27:54.0207 5272  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\Windows\System32\drivers\vpci.sys
21:27:54.0207 5272  vpci - ok
21:27:54.0223 5272  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:27:54.0239 5272  vsmraid - ok
21:27:54.0270 5272  [ EA658570314042C914964FC72AB50E6B ] VSS             C:\Windows\system32\vssvc.exe
21:27:54.0348 5272  VSS - ok
21:27:54.0379 5272  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
21:27:54.0395 5272  VSTXRAID - ok
21:27:54.0410 5272  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:27:54.0426 5272  vwifibus - ok
21:27:54.0426 5272  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:27:54.0442 5272  vwififlt - ok
21:27:54.0457 5272  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:27:54.0473 5272  vwifimp - ok
21:27:54.0504 5272  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\Windows\system32\w32time.dll
21:27:54.0535 5272  W32Time - ok
21:27:54.0551 5272  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
21:27:54.0582 5272  WacomPen - ok
21:27:54.0614 5272  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
21:27:54.0645 5272  Wanarp - ok
21:27:54.0645 5272  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:27:54.0660 5272  Wanarpv6 - ok
21:27:54.0707 5272  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\Windows\system32\wbengine.exe
21:27:54.0817 5272  wbengine - ok
21:27:54.0832 5272  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:27:54.0879 5272  WbioSrvc - ok
21:27:54.0910 5272  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
21:27:54.0942 5272  Wcmsvc - ok
21:27:54.0973 5272  [ 4507D89FA9E4283100948C91E867D130 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:27:55.0020 5272  wcncsvc - ok
21:27:55.0036 5272  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:27:55.0098 5272  WcsPlugInService - ok
21:27:55.0114 5272  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\Windows\system32\drivers\wd.sys
21:27:55.0160 5272  Wd - ok
21:27:55.0160 5272  [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
21:27:55.0176 5272  WdBoot - ok
21:27:55.0192 5272  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:27:55.0239 5272  Wdf01000 - ok
21:27:55.0239 5272  [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
21:27:55.0254 5272  WdFilter - ok
21:27:55.0301 5272  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:27:55.0364 5272  WdiServiceHost - ok
21:27:55.0364 5272  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:27:55.0395 5272  WdiSystemHost - ok
21:27:55.0426 5272  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\Windows\System32\webclnt.dll
21:27:55.0473 5272  WebClient - ok
21:27:55.0504 5272  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:27:55.0536 5272  Wecsvc - ok
21:27:55.0567 5272  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:27:55.0598 5272  wercplsupport - ok
21:27:55.0598 5272  [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:27:55.0645 5272  WerSvc - ok
21:27:55.0676 5272  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
21:27:55.0692 5272  WFPLWFS - ok
21:27:55.0723 5272  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\Windows\System32\wiarpc.dll
21:27:55.0754 5272  WiaRpc - ok
21:27:55.0754 5272  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:27:55.0770 5272  WIMMount - ok
21:27:55.0786 5272  WinDefend - ok
21:27:55.0832 5272  [ 1369928779943B5C7AABA263E6E2BBC1 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
21:27:55.0848 5272  WinHttpAutoProxySvc - ok
21:27:55.0895 5272  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:27:55.0926 5272  Winmgmt - ok
21:27:55.0989 5272  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:27:56.0082 5272  WinRM - ok
21:27:56.0114 5272  [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
21:27:56.0129 5272  WinUsb - ok
21:27:56.0176 5272  [ 19B3CFB1D6516AB2C54772CB75426AD4 ] WlanSvc         C:\Windows\System32\wlansvc.dll
21:27:56.0254 5272  WlanSvc - ok
21:27:56.0301 5272  [ 08EFA13A2234C8C3B8A99E4B88BE7E9B ] wlidsvc         C:\Windows\system32\wlidsvc.dll
21:27:56.0364 5272  wlidsvc - ok
21:27:56.0379 5272  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
21:27:56.0411 5272  WmiAcpi - ok
21:27:56.0457 5272  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:27:56.0489 5272  wmiApSrv - ok
21:27:56.0504 5272  WMPNetworkSvc - ok
21:27:56.0520 5272  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
21:27:56.0582 5272  wpcfltr - ok
21:27:56.0614 5272  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:27:56.0629 5272  WPCSvc - ok
21:27:56.0645 5272  [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:27:56.0661 5272  WPDBusEnum - ok
21:27:56.0676 5272  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
21:27:56.0707 5272  WpdUpFltr - ok
21:27:56.0739 5272  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:27:56.0770 5272  ws2ifsl - ok
21:27:56.0801 5272  [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:27:56.0864 5272  wscsvc - ok
21:27:56.0864 5272  WSearch - ok
21:27:56.0926 5272  [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\Windows\System32\WSService.dll
21:27:57.0020 5272  WSService - ok
21:27:57.0098 5272  [ 69DDDAF7BB4D39A4CC928EA434A3E258 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:27:57.0223 5272  wuauserv - ok
21:27:57.0254 5272  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:27:57.0301 5272  WudfPf - ok
21:27:57.0301 5272  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
21:27:57.0332 5272  WUDFRd - ok
21:27:57.0379 5272  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:27:57.0411 5272  wudfsvc - ok
21:27:57.0411 5272  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
21:27:57.0426 5272  WUDFWpdFs - ok
21:27:57.0457 5272  [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:27:57.0520 5272  WwanSvc - ok
21:27:57.0536 5272  ================ Scan global ===============================
21:27:57.0567 5272  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
21:27:57.0598 5272  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
21:27:57.0614 5272  [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
21:27:57.0645 5272  [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
21:27:57.0661 5272  [Global] - ok
21:27:57.0661 5272  ================ Scan MBR ==================================
21:27:57.0661 5272  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
21:27:57.0911 5272  \Device\Harddisk0\DR0 - ok
21:27:57.0911 5272  ================ Scan VBR ==================================
21:27:57.0926 5272  [ CC147B29700663BED1CCC618344BF7A2 ] \Device\Harddisk0\DR0\Partition1
21:27:57.0926 5272  \Device\Harddisk0\DR0\Partition1 - ok
21:27:57.0942 5272  [ 5E9F0C57291ECEFEB967DDC0F2209601 ] \Device\Harddisk0\DR0\Partition2
21:27:57.0942 5272  \Device\Harddisk0\DR0\Partition2 - ok
21:27:57.0958 5272  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
21:27:57.0958 5272  \Device\Harddisk0\DR0\Partition3 - ok
21:27:57.0973 5272  [ 0BEC1683E9D82884065F5A426CC9099C ] \Device\Harddisk0\DR0\Partition4
21:27:57.0973 5272  \Device\Harddisk0\DR0\Partition4 - ok
21:27:58.0004 5272  [ BF957E5AF69932A807B2DAC1AC8FE7E9 ] \Device\Harddisk0\DR0\Partition5
21:27:58.0004 5272  \Device\Harddisk0\DR0\Partition5 - ok
21:27:58.0020 5272  [ 7315884CC3C30CD71B6D2AEBA85492B8 ] \Device\Harddisk0\DR0\Partition6
21:27:58.0020 5272  \Device\Harddisk0\DR0\Partition6 - ok
21:27:58.0020 5272  ============================================================
21:27:58.0020 5272  Scan finished
21:27:58.0020 5272  ============================================================
21:27:58.0036 0452  Detected object count: 0
21:27:58.0036 0452  Actual detected object count: 0
         

Alt 05.03.2013, 10:21   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
startfenster.com Windows 8 vcl player download - Standard

startfenster.com Windows 8 vcl player download



Unaufffällig

Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.03.2013, 11:29   #9
dejin
 
startfenster.com Windows 8 vcl player download - Standard

startfenster.com Windows 8 vcl player download



Ja schon. Es hat sich auch nichts unerwünschtes mehr geöffnet gestern und die performance war normal. hab dann mal alles gereinigt und mir den vlc-Player über ne virenfreie Quelle besorgt O.o' (sorry, aber ich musste dringend was gucken )

OTL:
Code:
ATTFilter
OTL logfile created on: 05/03/2013 11:16:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\juerg_000\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.89 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 54.65% Memory free
7.39 Gb Paging File | 5.42 Gb Available in Paging File | 73.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 128.35 Gb Free Space | 68.89% Space Free | Partition Type: NTFS
Drive D: | 258.15 Gb Total Space | 258.03 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: juerg_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\juerg_000\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS)
SRV - (McAWFwk) -- c:\PROGRA~1\mcafee\msc\mcawfwk.exe (McAfee, Inc.)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\Drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\Drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\Drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\Drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\Drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\Drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\Drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeelamk) -- C:\Windows\SysNative\Drivers\mfeelamk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\Drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\Drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\Drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (ATP) -- C:\Windows\SysNative\Drivers\AsusTP.sys (ASUS Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\Drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\Drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\Drivers\kbfiltr.sys ( )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\Drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\Drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\Drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\Drivers\e1i63x64.sys (Intel Corporation)
DRV:64bit: - (HIDSwitch) -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys (ASUS)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\Drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3435455976-2761992232-2573730619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3435455976-2761992232-2573730619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3435455976-2761992232-2573730619-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3435455976-2761992232-2573730619-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://de-de.facebook.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/04 11:46:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/04 18:50:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/03/04 11:04:36 | 000,000,000 | ---D | M]
 
[2013/03/04 11:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juerg_000\AppData\Roaming\mozilla\Extensions
[2013/03/04 13:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juerg_000\AppData\Roaming\mozilla\Firefox\Profiles\rnxhzc2u.default\extensions
[2013/03/04 13:02:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\juerg_000\AppData\Roaming\mozilla\firefox\profiles\rnxhzc2u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/04 11:46:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/02/27 06:10:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013/02/27 06:09:34 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/27 06:09:34 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.234.128.7 195.234.128.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DF84F21-D7C0-4CAD-B46D-D41FFD5FDD3E}: DhcpNameServer = 195.234.128.7 195.234.128.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8E7A823-7114-4CD8-B198-C7D8D85E3B2B}: DhcpNameServer = 40.53.1.201 40.53.1.203
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/05 11:14:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\juerg_000\Desktop\OTL.exe
[2013/03/05 11:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/03/04 23:41:16 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\vlc
[2013/03/04 23:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/03/04 23:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/03/04 23:08:14 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2013/03/04 21:48:30 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\T2
[2013/03/04 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/03/04 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/03/04 18:21:40 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Malwarebytes
[2013/03/04 18:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/04 18:20:55 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Programs
[2013/03/04 17:01:45 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013/03/04 17:01:45 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2013/03/04 17:01:38 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2013/03/04 17:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2013/03/04 17:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013/03/04 17:01:29 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Winamp
[2013/03/04 17:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013/03/04 16:53:34 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\pixx
[2013/03/04 16:44:27 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\SILVER LININGS DVDRIP EDAW2013
[2013/03/04 16:43:44 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\momentane fav`s
[2013/03/04 16:42:44 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\Word
[2013/03/04 14:28:41 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100_clr0400.dll
[2013/03/04 14:26:27 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100_clr0400.dll
[2013/03/04 14:23:42 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013/03/04 14:23:41 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013/03/04 14:23:41 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013/03/04 14:23:40 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013/03/04 14:23:39 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013/03/04 14:23:38 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013/03/04 14:23:38 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013/03/04 14:23:36 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013/03/04 14:23:36 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013/03/04 14:23:36 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013/03/04 14:23:36 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013/03/04 14:23:35 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013/03/04 14:23:35 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013/03/04 14:23:33 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/03/04 14:23:33 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013/03/04 14:23:32 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013/03/04 14:23:32 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013/03/04 14:23:32 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013/03/04 14:23:32 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013/03/04 14:23:32 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013/03/04 14:23:31 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013/03/04 14:23:31 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2013/03/04 14:23:31 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013/03/04 14:23:31 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013/03/04 14:23:30 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013/03/04 14:23:30 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013/03/04 14:23:29 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013/03/04 14:23:29 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013/03/04 14:23:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013/03/04 14:23:17 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013/03/04 14:23:17 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/03/04 14:20:18 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll
[2013/03/04 14:20:18 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appserverai.dll
[2013/03/04 14:20:18 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDWebAI.dll
[2013/03/04 14:20:18 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmHostAI.dll
[2013/03/04 14:20:14 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013/03/04 14:20:14 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013/03/04 14:20:11 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/03/04 14:20:11 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/03/04 14:20:03 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll
[2013/03/04 14:20:03 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll
[2013/03/04 14:19:20 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Macromedia
[2013/03/04 14:18:39 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/03/04 14:16:15 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013/03/04 14:16:15 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resetengmig.dll
[2013/03/04 14:16:15 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2013/03/04 14:16:15 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013/03/04 14:16:15 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysreset.exe
[2013/03/04 14:15:09 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll
[2013/03/04 14:15:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe
[2013/03/04 14:15:08 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll
[2013/03/04 14:14:40 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/04 14:14:38 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/03/04 14:14:37 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/04 14:14:36 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/03/04 14:14:34 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/03/04 14:14:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/03/04 14:14:33 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/04 14:14:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/04 14:14:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/03/04 14:14:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/03/04 14:14:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/03/04 14:14:32 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013/03/04 14:14:32 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013/03/04 14:14:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/03/04 14:14:29 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgentc.exe
[2013/03/04 14:14:29 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe
[2013/03/04 14:14:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2013/03/04 14:14:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2013/03/04 14:14:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013/03/04 14:14:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013/03/04 14:14:19 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/03/04 14:14:19 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/03/04 14:14:19 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2013/03/04 14:14:18 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2013/03/04 14:14:18 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnathlp.dll
[2013/03/04 14:14:18 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2013/03/04 14:14:18 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhupnp.dll
[2013/03/04 14:14:18 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhpast.dll
[2013/03/04 14:14:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhupnp.dll
[2013/03/04 14:14:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhpast.dll
[2013/03/04 14:14:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnlobby.dll
[2013/03/04 14:14:18 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll
[2013/03/04 14:14:18 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnlobby.dll
[2013/03/04 14:14:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll
[2013/03/04 14:14:07 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/03/04 14:14:07 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/03/04 14:14:06 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/03/04 14:14:06 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/03/04 14:14:06 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/03/04 14:14:06 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/03/04 14:14:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/03/04 14:14:06 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/03/04 13:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013/03/04 13:38:18 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Paint.NET
[2013/03/04 12:41:25 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\uTorrent
[2013/03/04 12:40:14 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\BitTorrent
[2013/03/04 12:19:49 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Avira
[2013/03/04 12:11:05 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Macromedia
[2013/03/04 12:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/03/04 12:01:25 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/04 12:01:25 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/04 12:01:25 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/03/04 12:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/03/04 12:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/03/04 11:57:55 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\fav programme
[2013/03/04 11:46:48 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Mozilla
[2013/03/04 11:46:48 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Mozilla
[2013/03/04 11:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/03/04 11:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/04 11:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/04 11:29:33 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Documents\ASUS
[2013/03/04 11:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2013/03/04 11:08:08 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\ASUS WebStorage
[2013/03/04 11:07:24 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/03/04 11:07:24 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Searches
[2013/03/04 11:07:24 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Contacts
[2013/03/04 11:07:24 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/03/04 11:06:38 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Adobe
[2013/03/04 11:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderView
[2013/03/04 11:04:29 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\VirtualStore
[2013/03/04 11:04:18 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Packages
[2013/03/04 11:04:15 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\ASUS
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Vorlagen
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\AppData\Local\Verlauf
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\AppData\Local\Temporary Internet Files
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Startmenü
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\SendTo
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Recent
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Netzwerkumgebung
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Lokale Einstellungen
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Documents\Eigene Videos
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Documents\Eigene Musik
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Eigene Dateien
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Documents\Eigene Bilder
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Druckumgebung
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Cookies
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\AppData\Local\Anwendungsdaten
[2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Anwendungsdaten
[2013/03/04 11:03:58 | 000,000,000 | --SD | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Videos
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Saved Games
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Pictures
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Music
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Links
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Favorites
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Downloads
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Documents
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Desktop
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/03/04 11:03:58 | 000,000,000 | -H-D | C] -- C:\Users\juerg_000\AppData
[2013/03/04 11:03:58 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Temp
[2013/03/04 11:03:58 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Microsoft
[2013/03/04 11:03:58 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/05 11:15:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\juerg_000\Desktop\OTL.exe
[2013/03/05 11:08:46 | 000,000,401 | ---- | M] () -- C:\Users\juerg_000\AppData\Roaming\sp_data.sys
[2013/03/05 11:06:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/05 03:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/04 23:15:08 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/03/04 23:14:43 | 3338,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/04 16:43:21 | 004,568,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/04 16:43:21 | 000,790,022 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/03/04 16:43:21 | 000,785,550 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013/03/04 16:43:21 | 000,780,976 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/03/04 16:43:21 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/03/04 16:43:21 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/04 16:43:21 | 000,158,586 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013/03/04 16:43:21 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/03/04 16:43:21 | 000,155,084 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/03/04 16:43:21 | 000,152,608 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/03/04 16:43:21 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/04 16:41:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/03/04 12:00:21 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/04 12:00:21 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/04 12:00:21 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/02/15 18:51:48 | 009,808,492 | ---- | M] () -- C:\Users\juerg_000\Desktop\Anlagen Jürgen Haberzett.pdf
[2013/02/07 00:06:14 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/07 00:06:14 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/03 15:09:00 | 000,009,075 | ---- | M] () -- C:\Users\juerg_000\Desktop\to do or think of (or not anymore;).odt
 
========== Files Created - No Company Name ==========
 
[2013/03/04 18:50:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/04 16:57:49 | 000,009,075 | ---- | C] () -- C:\Users\juerg_000\Desktop\to do or think of (or not anymore;).odt
[2013/03/04 16:45:18 | 009,808,492 | ---- | C] () -- C:\Users\juerg_000\Desktop\Anlagen Jürgen Haberzett.pdf
[2013/03/04 16:41:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/03/04 14:23:37 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/03/04 14:18:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/04 13:39:42 | 000,001,302 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013/03/04 11:46:41 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/04 11:08:00 | 000,000,401 | ---- | C] () -- C:\Users\juerg_000\AppData\Roaming\sp_data.sys
[2013/03/04 11:06:38 | 000,001,444 | ---- | C] () -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/01/08 02:22:28 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/11/20 11:01:21 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/11/20 11:00:59 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/11/20 11:00:54 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/08/17 01:52:29 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/08/17 01:52:28 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/07/26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/01/10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/01/10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 05/03/2013 11:16:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\juerg_000\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.89 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 54.65% Memory free
7.39 Gb Paging File | 5.42 Gb Available in Paging File | 73.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 128.35 Gb Free Space | 68.89% Space Free | Partition Type: NTFS
Drive D: | 258.15 Gb Total Space | 258.03 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: juerg_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3435455976-2761992232-2573730619-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B3CACB-AE81-4952-88AD-2F9A6AAF1C2C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{171A8D83-DE4E-467A-858B-CF9262C2033F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1DD7A109-AA81-4605-81F5-757B10A4A942}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2A9F92BC-BC08-47AB-A0BA-D1B7D607E11B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{32AD0ED7-6020-4B5B-94E2-DF23637048B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{365E73B6-EAF5-40CD-B80B-94736574301A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{380AE527-6E53-4141-A57E-D7B6D66B47E6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4ADEBB8E-4DAB-4D33-9299-DA2609F8EE1B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{593C6697-A1E5-4459-BC31-AA072A5B80D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6AE593F5-D13B-4371-A496-8EA0E2CA964C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7E4C71B7-50B0-49FB-A9EB-F47F1955B785}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8746CAB6-9CFC-44A6-9847-48761CFA3318}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8E6A0F74-98CE-43F8-9D09-D4573CB9AB6C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{991A54D4-39C6-46BC-B84A-8A3FD27F2E94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9BC61B2C-868E-4BD4-9339-7C7527E7C567}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A8BDD9E4-36C9-428A-A7EC-28BECDFD6F5A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AA7900C5-27B6-4F11-A532-0D0A90E49159}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B42565A7-D24A-4A2C-A0E0-BFE2E24890E3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D4BD7778-E439-4A3C-A875-056035527348}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EA296D4F-F717-4AD7-9D7A-4E1AD319132A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ECAB1CF0-995C-4810-8AB4-8AEA7817A8B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0101C7F2-27FF-44BD-9C20-F3661EC351B2}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{0316779F-9120-436F-9697-C8CAE00ABB4F}" = dir=out | name=fresh paint | 
"{07D088F5-0DE1-4936-9C51-E18FEC45D90A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0FA1BEBF-1D69-4431-9597-2C77A39B631B}" = protocol=6 | dir=out | app=system | 
"{17F605DA-83DD-4418-912A-666D62F36140}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{18A23013-6DE7-4529-9E49-4B69B9B3A3C7}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{1BB53BB9-9C39-4D0C-B092-3BD764320193}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1D7876A6-B641-4B7C-9751-16B651392115}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{2385AB9F-471A-4F81-8A03-72C9FDD292B4}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{28B55B69-8861-4957-B834-D78D96440926}" = dir=in | name=skype | 
"{2DF4F3C0-F263-475D-BEE0-FAB18BCBC44E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{2F0FC495-FC8B-4F0E-B4D3-6FE3C63B4523}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{311AAF25-6FA9-49D3-A26A-FDABAA901DE6}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{3D32ACCB-9242-49EF-B10F-7EDC84A1CE1A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{426C781B-8732-4CF9-BEF0-6C49C59987F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{49ECF422-BBDD-4135-BF16-35E1C3F5CDCC}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{5243CE6A-49C0-45A8-A96A-1D60A95A6F9E}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{59D1251B-F7B0-4002-9533-67D4E3F32DA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5D2DA09A-38C7-43FB-B3B4-84C7E7B235AF}" = protocol=6 | dir=in | app=c:\users\juerg_000\appdata\roaming\utorrent\utorrent.exe | 
"{5DEEDAB3-D39D-4494-BFE3-ACDAFC614631}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{64C35042-3087-4371-A832-F80C2568091F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65D8CB08-9F33-4C96-81F1-A484912979CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{66F92256-6BCE-442A-A599-976AA735F60A}" = dir=out | name=taptiles | 
"{77F63092-00A9-432C-A949-4D28CE3CCF1E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7C836E75-49A0-42FD-BBBF-0EFB2E20121A}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{7E968864-3F53-4805-B18F-BA4D6CE3F226}" = protocol=17 | dir=in | app=c:\users\juerg_000\appdata\roaming\utorrent\utorrent.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8094E3E9-6767-453A-B33E-448BDB8CAC4B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{81AF5E57-FB24-4213-81A4-73D3F42929BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89477E4A-807C-4213-9B20-1A2093F417C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8FB06FA1-66B6-4A2B-9900-A9C7EC4ED927}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{8FEEE7F3-3E43-42B1-AFC5-8C37B0C77520}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{99E19A73-8E57-4B15-84D8-91182892DF90}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{9C64FBDE-E582-4A0D-8A7A-786073DB463A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9DE533CB-D42F-4891-BE96-6956D4B97C35}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A0BEB4B6-6138-4E07-BE57-BFE0E95B8169}" = dir=out | name=windows_ie_ac_001 | 
"{A60C517B-B392-4EBC-ABF4-3BCFAB10AACD}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{AD97A3AC-A81F-4BF9-8463-3C83949A79B5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AF244168-5CAD-4AE8-AA0F-CF7078A00C3F}" = dir=out | name=wordament | 
"{B1892C4A-3338-4F67-98EC-7B83127CB920}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{B6BAA601-0FEE-4859-8113-E1CCCA171C5E}" = dir=out | name=skype | 
"{C36D5AF6-C0BF-46EE-99C4-B51388B91752}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{C9BB49B8-95C5-4055-B4B9-69A3FBCA4E8A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CFBDE754-F8E2-41AE-9831-85456D7B1270}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D7E89D3A-4AAD-4931-B64D-66A149FE6386}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{D7FA004F-15EA-40B9-BF88-1C5E17B93623}" = dir=out | name=adera | 
"{DFF40C64-5898-4605-82C6-023481B9B0AD}" = dir=out | name=microsoft solitaire collection | 
"{E2F9527E-5BC6-4A14-B824-59E5FC46BC68}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EB6DEE6B-E0A2-4AF6-85D8-97706E4296B0}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{F0C8D715-119A-4B96-863D-99518AF92B1F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{F22BD3BC-15A5-4871-AB6A-D39888B39859}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{F3A05029-E637-4FF3-A5E0-127163E18237}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FAFA0F3D-BD79-4EAF-8A45-DCE966E22D14}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FB27EE7C-6A8C-43A1-A31A-F9D870CE64A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FCF3071B-D02B-486D-B30E-1F1A7B0EEB91}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"C01F56FBD9B141017E63E2A1A141E59934D4DC67" = Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69CC4B1E-0ADB-48E7-83D5-B45DA8CD1320}" = Alcor Micro USB Card Reader
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"Mozilla Firefox 19.0.1 (x86 en-US)" = Mozilla Firefox 19.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3435455976-2761992232-2573730619-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04/03/2013 15:04:21 | Computer Name = raxfei | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\juerg_000\Downloads\esetsmartinstaller_enu.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
 
Error - 04/03/2013 17:06:45 | Computer Name = raxfei | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“
 ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 04/03/2013 17:15:31 | Computer Name = raxfei | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: viaaud.exe, Version: 10.11.0.0, Zeitstempel:
 0x5052c7d5  Name des fehlerhaften Moduls: viaaud.exe, Version: 10.11.0.0, Zeitstempel:
 0x5052c7d5  Ausnahmecode: 0xc0000417  Fehleroffset: 0x00000000001619c4  ID des fehlerhaften
 Prozesses: 0x778  Startzeit der fehlerhaften Anwendung: 0x01ce191d6720e51f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\VIA\VIAAUD\viaaud.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\VIA\VIAAUD\viaaud.exe  Berichtskennung: a5090dc6-8510-11e2-be78-08606e95712a
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 04/03/2013 18:21:50 | Computer Name = raxfei | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McHlp32.exe, Version: 11.6.434.0,
 Zeitstempel: 0x5050b31e  Name des fehlerhaften Moduls: Flash.ocx, Version: 11.6.602.167,
 Zeitstempel: 0x510d5c95  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001fbd53  ID des fehlerhaften
 Prozesses: 0x17b8  Startzeit der fehlerhaften Anwendung: 0x01ce1926aa5e2a0e  Pfad der
 fehlerhaften Anwendung: C:\PROGRA~2\McAfee\MSC\McHlp32.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx  Berichtskennung: e8a37561-8519-11e2-be7a-08606e95712a
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 04/03/2013 18:21:50 | Computer Name = raxfei | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McHlp32.exe, Version: 11.6.434.0,
 Zeitstempel: 0x5050b31e  Name des fehlerhaften Moduls: Flash.ocx, Version: 11.6.602.167,
 Zeitstempel: 0x510d5c95  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001fbd53  ID des fehlerhaften
 Prozesses: 0x12cc  Startzeit der fehlerhaften Anwendung: 0x01ce1926a8139f6c  Pfad der
 fehlerhaften Anwendung: C:\PROGRA~2\McAfee\MSC\McHlp32.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx  Berichtskennung: e8a34e51-8519-11e2-be7a-08606e95712a
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 04/03/2013 19:04:43 | Computer Name = raxfei | Source = ESENT | ID = 455
Description = SettingSyncHost (3948) {7D57AE84-A6ED-4955-AF07-FD0A5C21A3C7}: Fehler
 -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Users\juerg_000\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log.
 
Error - 04/03/2013 19:24:13 | Computer Name = raxfei | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic“
 ist folgender Fehler aufgetreten: -2144927152. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 04/03/2013 19:28:16 | Computer Name = raxfei | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 05/03/2013 06:11:11 | Computer Name = raxfei | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McHlp32.exe, Version: 11.6.434.0,
 Zeitstempel: 0x5050b31e  Name des fehlerhaften Moduls: Flash.ocx, Version: 11.6.602.167,
 Zeitstempel: 0x510d5c95  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001fbd53  ID des fehlerhaften
 Prozesses: 0x1848  Startzeit der fehlerhaften Anwendung: 0x01ce1989c222015f  Pfad der
 fehlerhaften Anwendung: C:\PROGRA~2\McAfee\MSC\McHlp32.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx  Berichtskennung: 00f89726-857d-11e2-be7a-08606e95712a
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
[ System Events ]
Error - 04/03/2013 15:23:52 | Computer Name = raxfei | Source = DCOM | ID = 10010
Description = 
 
Error - 04/03/2013 15:24:22 | Computer Name = raxfei | Source = DCOM | ID = 10010
Description = 
 
Error - 04/03/2013 15:24:52 | Computer Name = raxfei | Source = DCOM | ID = 10010
Description = 
 
Error - 04/03/2013 15:25:22 | Computer Name = raxfei | Source = DCOM | ID = 10010
Description = 
 
Error - 04/03/2013 17:09:40 | Computer Name = raxfei | Source = DCOM | ID = 10010
Description = 
 
Error - 04/03/2013 17:09:51 | Computer Name = raxfei | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee McShield" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%109
 
Error - 04/03/2013 17:56:08 | Computer Name = raxfei | Source = Application Popup | ID = 877
Description = 
 
Error - 04/03/2013 17:57:04 | Computer Name = raxfei | Source = WMPNetworkSvc | ID = 866314
Description = 
 
Error - 04/03/2013 17:57:04 | Computer Name = raxfei | Source = WMPNetworkSvc | ID = 866314
Description = 
 
 
< End of report >
         

Alt 05.03.2013, 11:48   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
startfenster.com Windows 8 vcl player download - Standard

startfenster.com Windows 8 vcl player download



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.03.2013, 19:48   #11
dejin
 
startfenster.com Windows 8 vcl player download - Standard

startfenster.com Windows 8 vcl player download



Servus, jo merci nochmal zwischendrin
Eset hab ich jetzt 2mal angefangen und bleibt jedesmal bei 7% hängen...ka warum...

Malewarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.05.12

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16484
juerg_000 :: *** [Administrator]

05/03/2013 18:14:29
mbam-log-2013-03-05 (18-14-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203834
Laufzeit: 6 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 06.03.2013, 11:03   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
startfenster.com Windows 8 vcl player download - Standard

startfenster.com Windows 8 vcl player download



Bei ESET bitte etwas mehr Geduld!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.03.2013, 13:56   #13
dejin
 
startfenster.com Windows 8 vcl player download - Standard

startfenster.com Windows 8 vcl player download



Okay.
Hab beide nochmal gemacht...

Malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.06.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16484
juerg_000 :: *** [Administrator]

06/03/2013 13:46:02
mbam-log-2013-03-06 (13-46-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202762
Laufzeit: 3 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=78bd57eb5561fc49aa513fb4280c1272
# engine=13311
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-06 12:43:07
# local_time=2013-03-06 01:43:07 (+0100, Mitteleuropäische Zeit)
# country="United Kingdom"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=1799 16775165 100 96 18363 182632 11139 0
# compatibility_mode=5122 16777213 100 79 182310 70571353 0 0
# compatibility_mode=5893 16776574 100 94 8193 22079898 0 0
# scanned=67274
# found=0
# cleaned=0
# scan_time=3038
         

Alt 06.03.2013, 14:14   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
startfenster.com Windows 8 vcl player download - Standard

startfenster.com Windows 8 vcl player download



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.03.2013, 14:30   #15
dejin
 
startfenster.com Windows 8 vcl player download - Standard

startfenster.com Windows 8 vcl player download



Ja, cool. Merci für die Tipps; werd mich da mal reinarbeiten.
Ansonsten läuft er wieder (würd ich mal subjektiv sagen) - keine fremden Seiten und keine ungewünschten Suchmaschinen öffnen sich ungewollt.

Antwort

Themen zu startfenster.com Windows 8 vcl player download
adobe, adobe flash player, adobe reader xi, appdata, avg, browser, datei, dateien, defender, desktop, download, explorer, firefox, flash player, gelöscht, internet, internet browser, internet explorer, löschen, malwarebytes, microsoft, mozilla, ordner, problem, registrierungsdatenbank, roaming, software, vcl player, windows



Ähnliche Themen: startfenster.com Windows 8 vcl player download


  1. startfenster.de durch vlc Player heruntergeladen
    Log-Analyse und Auswertung - 01.03.2015 (13)
  2. Beim Herunterladen vom VLC Player "Startfenster" eingefangen
    Log-Analyse und Auswertung - 12.01.2015 (15)
  3. startfenster.de durch vlc Player heruntergeladen- Wie werde ich es wieder los?
    Log-Analyse und Auswertung - 10.12.2014 (3)
  4. Windows XP: Schadsoftware durch VLC-Player-Download
    Plagegeister aller Art und deren Bekämpfung - 27.02.2014 (3)
  5. Windows 8.1: Browserstartseite wird durch Startfenster.de umgeleitet nach VLC Player download
    Log-Analyse und Auswertung - 03.01.2014 (16)
  6. Startfenster.de nach dämlichem Download von vlc.de
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (9)
  7. Startfenster.com nach vlc.player download
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (2)
  8. Startfenster.com durch vlc player!
    Log-Analyse und Auswertung - 20.01.2013 (23)
  9. vlc player änderte browser startseite zu startfenster.com
    Log-Analyse und Auswertung - 02.01.2013 (6)
  10. Nach VLC-Player Installation von Vlc.de Problem mit www.startfenster.com
    Log-Analyse und Auswertung - 22.10.2012 (14)
  11. startfenster.de nach vlc-player installation von vlc.de
    Log-Analyse und Auswertung - 05.10.2012 (9)
  12. Nach Download VLC-Player erscheint startfenster.com
    Log-Analyse und Auswertung - 28.09.2012 (7)
  13. startfenster.com nach VLC-Player Download
    Log-Analyse und Auswertung - 27.09.2012 (18)
  14. Startfenster.com nach VLC-Player Download
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (29)
  15. startfenster.de Virus durch VLC Player
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (16)
  16. "Startfenster.de Virus" bei VLC Player Installation
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (8)
  17. vlc player änderte browser startseite zu startfenster.com
    Plagegeister aller Art und deren Bekämpfung - 29.08.2012 (15)

Zum Thema startfenster.com Windows 8 vcl player download - Servus zusammen, bin einer der vielen, die sich dummerweise das startfenster.com Problem zugezogen haben. Hab mich durch 2 threads hier gelesen und schon mal die Anweisungen aus nem ähnlichen thread - startfenster.com Windows 8 vcl player download...
Archiv
Du betrachtest: startfenster.com Windows 8 vcl player download auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.