Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: F:\RECYCLER\e621ca05.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 24.03.2013, 12:34   #1
Blacklaiser
 
F:\RECYCLER\e621ca05.exe - Standard

F:\RECYCLER\e621ca05.exe



Hallo

Ich habe seit gesternabend ein Problem mit meiner Externen Festplatte und zwar werden alle
Ordner als Verknüpfung Angezeigt.

Wenn ich dort drauf klicke kommt ein Fenster dort steht
"F:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden.Stelle Sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den Vorgang.

Dazu muss ich sagen das mein Antivir gestern eine Meldung gab
Worm/Dorkbot.A.2985 den habe ich dann entfernen lassen.

Ich habe auch schon die Logs gemacht mit OTL/gmer

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-24 13:14:16
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD103SI rev.1AG01118 931,51GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\basti\AppData\Local\Temp\awloqpow.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77]
.text ... * 2

---- EOF - GMER 2.1 ----

OTL
OTL logfile created on: 24.03.2013 12:39:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\basti\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,05 Gb Available Physical Memory | 75,62% Memory free
16,00 Gb Paging File | 13,68 Gb Available in Paging File | 85,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 774,50 Gb Free Space | 83,14% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 709,71 Gb Free Space | 76,19% Space Free | Partition Type: NTFS

Computer Name: BASTI-PC | User Name: basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.24 12:38:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\basti\Downloads\OTL.exe
PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.02.12 22:00:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.12 22:00:13 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.02.12 22:00:08 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.12 22:00:08 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.20 21:56:46 | 001,574,176 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.12.23 10:58:44 | 002,259,568 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe
PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2013.03.11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
MOD - [2013.03.11 01:22:05 | 012,662,224 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013.03.11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013.03.11 01:21:18 | 000,596,944 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013.03.11 01:21:18 | 000,124,368 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013.03.11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [1998.10.31 10:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\EXPERTool\TBManage.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.03.13 18:50:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.12 22:00:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.12 22:00:13 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.02.12 22:00:08 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.19 10:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 10:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.06.19 00:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=hp&fr=linkury-tb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 7A B6 02 62 09 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B2E1175-4E0B-46B1-A7D9-F477E60F2122}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=be8393d0-34dd-4927-9451-fe0c977105a7&apn_sauid=B64D5FB6-00F2-48C2-AC9F-5A8A17954E73
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\basti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\basti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\basti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2ADC8C-3CCF-4D36-B4BD-CADDCD830F7A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~4\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f9b893fc-7551-11e2-8260-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f9b893fc-7551-11e2-8260-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.23 12:31:14 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Roaming\Malwarebytes
[2013.03.23 12:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.23 12:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.23 12:30:56 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Programs
[2013.03.21 01:16:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.03.21 01:16:15 | 000,000,000 | ---D | C] -- C:\cb05257f374522336446e9bd
[2013.03.18 13:36:17 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Microsoft_Corporation
[2013.03.10 15:46:09 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\SKIDROW
[2013.03.08 22:36:59 | 000,000,000 | ---D | C] -- C:\Users\basti\Documents\EA Games
[2013.03.08 22:36:42 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\EA Games
[2013.03.04 06:57:17 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Skyrim
[2013.03.03 22:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2013.03.03 22:17:53 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Diagnostics
[2013.03.03 20:38:38 | 000,000,000 | ---D | C] -- C:\Users\basti\Documents\My Games
[2013.03.03 19:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.03.03 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.03.03 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.03.03 05:25:31 | 000,000,000 | ---D | C] -- C:\Users\basti\Documents\Criterion Games
[2013.02.24 22:01:23 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\TeknoGods
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.03.24 12:37:25 | 000,000,000 | ---- | M] () -- C:\Users\basti\defogger_reenable
[2013.03.24 12:36:04 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127675848-68977983-1399159111-1001UA.job
[2013.03.24 12:09:59 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 12:09:59 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 12:08:23 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.24 12:08:23 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.24 12:08:23 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.24 12:08:23 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.24 12:08:23 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.24 12:02:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.24 12:02:23 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.21 00:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.18 13:33:14 | 000,000,000 | -H-- | M] () -- C:\Users\basti\Documents\Default.rdp
[2013.03.14 21:40:08 | 000,002,372 | ---- | M] () -- C:\Users\basti\Desktop\Google Chrome.lnk
[2013.03.13 17:03:58 | 000,000,165 | ---- | M] () -- C:\Users\basti\Desktop\listen-aacisdn (1).pls
[2013.03.08 10:36:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127675848-68977983-1399159111-1001Core.job
[2013.03.03 22:21:42 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk
[2013.03.03 19:35:37 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.02.26 00:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.03.24 12:37:25 | 000,000,000 | ---- | C] () -- C:\Users\basti\defogger_reenable
[2013.03.18 13:33:14 | 000,000,000 | -H-- | C] () -- C:\Users\basti\Documents\Default.rdp
[2013.03.13 17:03:57 | 000,000,165 | ---- | C] () -- C:\Users\basti\Desktop\listen-aacisdn (1).pls
[2013.03.03 22:21:42 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk
[2013.03.03 19:35:36 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.02.13 17:36:29 | 000,000,017 | ---- | C] () -- C:\Users\basti\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.03.01 21:07:13 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\.minecraft
[2013.02.13 17:24:29 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\OpenCandy

========== Purity Check ==========



< End of report >

Extras
OTL Extras logfile created on: 24.03.2013 12:39:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\basti\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,05 Gb Available Physical Memory | 75,62% Memory free
16,00 Gb Paging File | 13,68 Gb Available in Paging File | 85,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 774,50 Gb Free Space | 83,14% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 709,71 Gb Free Space | 76,19% Space Free | Partition Type: NTFS

Computer Name: BASTI-PC | User Name: basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046041BF-6189-49C0-A122-1951050A9350}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0CB99028-99B9-48A5-A258-C91E41F02359}" = rport=10243 | protocol=6 | dir=out | app=system |
"{17190016-7837-467A-9B45-2E3695BAC63F}" = lport=445 | protocol=6 | dir=in | app=system |
"{254ED800-1AE5-4ED6-BB33-FEBA652D5EBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{309D4A84-A3D0-4F9B-8641-D498EE4DC94D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{315A1CCA-2561-4BDC-9A61-2403502EA240}" = rport=445 | protocol=6 | dir=out | app=system |
"{4249BBBB-ABD5-4E66-A3C8-DE3238449046}" = lport=139 | protocol=6 | dir=in | app=system |
"{5DB3E68D-5377-4682-9452-6B9A5AEDC9DA}" = lport=138 | protocol=17 | dir=in | app=system |
"{65ACCD6C-27C6-474E-9ABA-5E0C999808CC}" = rport=137 | protocol=17 | dir=out | app=system |
"{75F8A28E-32B5-498F-90AB-020C38172BA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{913221AB-7CCF-43D7-9BF5-2E6A750DCF84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93D895B6-6015-415A-9E73-9965110E8966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{993B658F-957F-4264-8BED-C72C7924746D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E7616E0-4C42-4266-9492-8B019DE53051}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A0008364-532F-4A51-891B-00897C8DEAD4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5972BC3-A401-44A1-B16F-43A72877E084}" = lport=137 | protocol=17 | dir=in | app=system |
"{B9AD5EB0-316E-46DB-8235-8F2B27027FF7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BBE053A5-069E-43F0-B331-722B951E303B}" = rport=138 | protocol=17 | dir=out | app=system |
"{C445E835-832E-4A4A-98AC-CA862ED15FA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC28F4C1-16B1-4182-929B-47E0F9D0FA2D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E41C9F8C-E2F6-4EDC-A0B5-17249218761E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F096F259-9EBA-41DD-9E09-47364992C98C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F56682DA-8078-4D16-BE63-C8E87DFD7E52}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E3A335-E89E-4E6B-98EC-B1AD758BA9D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{077BB950-5095-4DD0-9673-7A9696415A60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B3EA404-C2A0-4D6E-BC90-BC29161395E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1443C81B-37F4-4882-8F46-5E311C71DE20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{20EE0F13-E7DF-4D06-89B1-4E1EE4CB3BF2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{22AD454C-3A8D-4891-9B25-7E76AF146B0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{2B62394D-19B8-43B3-93C8-E73A8303AC6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39F8D502-0EB0-4D15-8800-0E8D04C64A75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3D8A0EE5-C3A2-4132-A571-9D5E1FC001A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4654928D-DBBD-44ED-B838-4CC15BD22938}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4AC9509B-BF3C-42A7-A826-F3AD04FD7BDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{579D169A-500B-480E-B65D-02F06101E6C2}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{5A4398AD-0836-4D73-99FE-73BB6338889A}" = protocol=58 | dir=in | app=system |
"{5EA5E196-2097-44CA-B7FA-DC4FDDA82F30}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6FF1B221-31B5-4230-B3BD-99D2A61320EE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{82A30414-EB7E-46A8-A356-0567FDDDF826}" = protocol=6 | dir=out | app=system |
"{8506E774-041E-484C-90AF-35FD603DF1BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{950C6B7D-EE5E-46EF-A934-4EA86AA30AB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{99F6D0C6-A5F0-40EA-A701-8607E8522686}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9C4BA0BE-E823-4872-BD35-8DE2BEEEB15B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A7F313FE-0A46-469A-933F-223CCDF10358}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DBCB20B5-772D-48A1-9D58-D42CC8A19C9A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E423B589-DB6B-42F2-B3B0-D0178607AE2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1FC07E5-E83E-4A3F-A595-7FBDCE2280A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F78857FD-670D-4BA3-A311-70FF04C3634D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC7E7C69-9CC0-4A16-8C73-FB116519B9D6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{18861116-2515-4D7C-BEB4-B01C1CCA9A4B}C:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp.exe |
"TCP Query User{3D03630A-5B4F-4A9E-8B4D-6AE4A807F54F}C:\spiele1\call of duty modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp_server.exe |
"TCP Query User{43D016D6-33A9-408B-BBDB-64BA4BBDA3E3}F:\spiele1\empire earth\empire earth.exe" = protocol=6 | dir=in | app=f:\spiele1\empire earth\empire earth.exe |
"TCP Query User{4C880C81-2AD1-4699-B093-A23C11A0575D}F:\spiele1\call of duty modern warfare 3\iw5sp.exe" = protocol=6 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5sp.exe |
"TCP Query User{509B228D-C967-414A-B9A0-10595BBEA68F}C:\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\metin2\metin2client.bin |
"TCP Query User{5E48E488-6B58-400B-A25C-2FFDD5101BB9}E:\metin2\metin2client.bin" = protocol=6 | dir=in | app=e:\metin2\metin2client.bin |
"TCP Query User{606A895A-F030-4CE6-90D5-170DB3B5D20E}F:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=f:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe |
"TCP Query User{823B1FE6-92F1-4C2A-8554-696ECCF95EE5}F:\metin2\metin2client.bin" = protocol=6 | dir=in | app=f:\metin2\metin2client.bin |
"TCP Query User{9579B278-E932-4443-9A93-0EC6FF717AA9}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{9EE1A822-EF67-4B7A-B080-0D26F9F7DA75}F:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5mp.exe |
"UDP Query User{6AE8803C-8E99-4C6C-A854-5A4F956D0D4B}F:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=f:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe |
"UDP Query User{7A593A2E-C269-4FC3-93C6-CC92D2147C6C}C:\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\metin2\metin2client.bin |
"UDP Query User{8E2EF7D7-4DCC-4386-8E9B-53B777675346}C:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp.exe |
"UDP Query User{A42EE3E0-67F5-4158-81B8-C188BA9DD736}E:\metin2\metin2client.bin" = protocol=17 | dir=in | app=e:\metin2\metin2client.bin |
"UDP Query User{B25C9687-FA2E-43BC-A82F-094DF520884E}F:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5mp.exe |
"UDP Query User{C90683E7-6355-4656-BA83-3C6A03875BF1}F:\metin2\metin2client.bin" = protocol=17 | dir=in | app=f:\metin2\metin2client.bin |
"UDP Query User{D2E33147-8EB7-4FB1-BF03-54896444572D}F:\spiele1\empire earth\empire earth.exe" = protocol=17 | dir=in | app=f:\spiele1\empire earth\empire earth.exe |
"UDP Query User{D552B5F0-F7D9-4677-AF29-754298D021EE}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{D66194BA-8404-42CF-8EB9-5A8740C0033C}F:\spiele1\call of duty modern warfare 3\iw5sp.exe" = protocol=17 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5sp.exe |
"UDP Query User{FD73DD3E-F798-4265-AE53-2AB578AE644D}C:\spiele1\call of duty modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp_server.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{32A3A4F4-B792-11D6-A78A-00B0D0170130}" = Java SE Development Kit 7 Update 13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.3.1
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LogMeIn Hamachi" = LogMeIn Hamachi
"MySSID_is1" = EXPERTool 7.16
"Need for Speed Most Wanted_is1" = Need for Speed Most Wanted
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 72850" = The Elder Scrolls V: Skyrim
"WinRAR archiver" = WinRAR 4.20 (32-Bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03.03.2013 00:28:38 | Computer Name = basti-PC | Source = Application Hang | ID = 1002
Description = Programm NFS13.exe, Version 1.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f68 Startzeit:
01ce17c723d9d19a Endzeit: 593 Anwendungspfad: F:\Spiele\Need for Speed Most Wanted\NFS13.exe

Berichts-ID:


Error - 17.03.2013 14:01:43 | Computer Name = basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empire Earth.exe, Version: 0.0.0.0,
Zeitstempel: 0x3bc74cf2 Name des fehlerhaften Moduls: DX7HRDisplay.dll, Version:
0.0.0.0, Zeitstempel: 0x3bc74643 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009791
ID
des fehlerhaften Prozesses: 0xe0c Startzeit der fehlerhaften Anwendung: 0x01ce233959d8796a
Pfad
der fehlerhaften Anwendung: F:\spiele1\empire earth\Empire Earth.exe Pfad des fehlerhaften
Moduls: F:\SPIELE1\EMPIRE EARTH\DX7HRDisplay.dll Berichtskennung: b995f876-8f2c-11e2-857f-6c626de4c601

Error - 17.03.2013 14:11:36 | Computer Name = basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empire Earth.exe, Version: 0.0.0.0,
Zeitstempel: 0x3bc74cf2 Name des fehlerhaften Moduls: DX7HRDisplay.dll, Version:
0.0.0.0, Zeitstempel: 0x3bc74643 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009791
ID
des fehlerhaften Prozesses: 0xea8 Startzeit der fehlerhaften Anwendung: 0x01ce23397f222324
Pfad
der fehlerhaften Anwendung: F:\spiele1\empire earth\Empire Earth.exe Pfad des fehlerhaften
Moduls: F:\SPIELE1\EMPIRE EARTH\DX7HRDisplay.dll Berichtskennung: 1afad808-8f2e-11e2-857f-6c626de4c601

Error - 18.03.2013 13:14:27 | Computer Name = basti-PC | Source = Application Hang | ID = 1002
Description = Programm TombRaider.exe, Version 1.0.716.5 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1198 Startzeit:
01ce23f2dbe80d15 Endzeit: 1010 Anwendungspfad: F:\Spiele\Tombraider\TombRaider.exe

Berichts-ID:


Error - 18.03.2013 13:16:19 | Computer Name = basti-PC | Source = Application Hang | ID = 1002
Description = Programm TombRaider.exe, Version 1.0.716.5 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 107c Startzeit:
01ce23fc11524885 Endzeit: 770 Anwendungspfad: F:\Spiele\Tombraider\TombRaider.exe

Berichts-ID:


Error - 24.03.2013 06:55:05 | Computer Name = basti-PC | Source = Application Hang | ID = 1002
Description = Programm StubInstaller.exe, Version 2.0.27.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: ad8 Startzeit: 01ce287dd0440f05 Endzeit: 5 Anwendungspfad: C:\Users\basti\AppData\Local\Temp\RarSFX0\StubInstaller.exe

Berichts-ID:


Error - 24.03.2013 07:02:37 | Computer Name = basti-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35

Error - 24.03.2013 07:06:49 | Computer Name = basti-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35

Error - 24.03.2013 07:07:06 | Computer Name = basti-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35

[ System Events ]
Error - 21.03.2013 06:40:55 | Computer Name = basti-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070490 fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme
(KB976932)

Error - 21.03.2013 06:50:09 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 21.03.2013 06:50:09 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 22.03.2013 06:45:06 | Computer Name = basti-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 23.03.2013 07:09:08 | Computer Name = basti-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 23.03.2013 13:43:08 | Computer Name = basti-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 24.03.2013 07:02:37 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.

Error - 24.03.2013 07:02:38 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1066

Error - 24.03.2013 07:06:49 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.

Error - 24.03.2013 07:07:06 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.


< End of report >

Jetzt ist meine Frage was kann man nun dagegen machen ohne so wennig Dateien wie möglich zu verlieren.

Alt 24.03.2013, 14:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
F:\RECYCLER\e621ca05.exe - Standard

F:\RECYCLER\e621ca05.exe



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 24.03.2013, 14:06   #3
Blacklaiser
 
F:\RECYCLER\e621ca05.exe - Standard

F:\RECYCLER\e621ca05.exe



Ich habe keine weitern Log fils mehr auf dem computer,
das sind alle die ich habe
__________________

Alt 24.03.2013, 14:11   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
F:\RECYCLER\e621ca05.exe - Standard

F:\RECYCLER\e621ca05.exe



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.03.2013, 14:59   #5
Blacklaiser
 
F:\RECYCLER\e621ca05.exe - Standard

F:\RECYCLER\e621ca05.exe



So ich habe jetzt die scanns jetzt alle gemacht

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.02.15.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
basti :: BASTI-PC [administrator]

24.03.2013 15:43:14
mbar-log-2013-03-24 (15-43-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28038
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-24 15:45:33
-----------------------------
15:45:33.681 OS Version: Windows x64 6.1.7600
15:45:33.681 Number of processors: 6 586 0xA00
15:45:33.697 ComputerName: BASTI-PC UserName: basti
15:45:35.943 Initialize success
15:46:04.019 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
15:46:04.019 Disk 0 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953869MB BusType: 3
15:46:04.128 Disk 0 MBR read successfully
15:46:04.128 Disk 0 MBR scan
15:46:04.144 Disk 0 Windows 7 default MBR code
15:46:04.144 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
15:46:04.160 Disk 0 scanning C:\Windows\system32\drivers
15:46:08.730 Service scanning
15:46:18.855 Modules scanning
15:46:18.855 Disk 0 trace - called modules:
15:46:18.886 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:46:18.886 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ae2060]
15:46:18.902 3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> [0xfffffa8007815580]
15:46:18.902 5 ACPI.sys[fffff88000f87781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007819060]
15:46:18.902 Scan finished successfully
15:46:50.507 Disk 0 MBR has been saved successfully to "C:\Users\basti\Desktop\MBR.dat"
15:46:50.507 The log file has been saved successfully to "C:\Users\basti\Desktop\aswMBR.txt"


Bei tdssKiller hat er nichts gefunden

doch Tdsskiller hat auch ein logg gerade erst gesehen sry

15:50:01.0161 4812 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:50:01.0700 4812 ============================================================
15:50:01.0700 4812 Current date / time: 2013/03/24 15:50:01.0700
15:50:01.0700 4812 SystemInfo:
15:50:01.0700 4812
15:50:01.0700 4812 OS Version: 6.1.7600 ServicePack: 0.0
15:50:01.0700 4812 Product type: Workstation
15:50:01.0700 4812 ComputerName: BASTI-PC
15:50:01.0701 4812 UserName: basti
15:50:01.0701 4812 Windows directory: C:\Windows
15:50:01.0701 4812 System windows directory: C:\Windows
15:50:01.0701 4812 Running under WOW64
15:50:01.0701 4812 Processor architecture: Intel x64
15:50:01.0701 4812 Number of processors: 6
15:50:01.0701 4812 Page size: 0x1000
15:50:01.0701 4812 Boot type: Normal boot
15:50:01.0701 4812 ============================================================
15:50:02.0870 4812 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:50:02.0877 4812 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:50:02.0907 4812 ============================================================
15:50:02.0907 4812 \Device\Harddisk0\DR0:
15:50:02.0907 4812 MBR partitions:
15:50:02.0907 4812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
15:50:02.0907 4812 \Device\Harddisk1\DR1:
15:50:02.0909 4812 MBR partitions:
15:50:02.0909 4812 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
15:50:02.0909 4812 ============================================================
15:50:02.0933 4812 C: <-> \Device\Harddisk0\DR0\Partition1
15:50:02.0957 4812 F: <-> \Device\Harddisk1\DR1\Partition1
15:50:02.0957 4812 ============================================================
15:50:02.0957 4812 Initialize success
15:50:02.0957 4812 ============================================================
15:52:50.0869 2620 ============================================================
15:52:50.0869 2620 Scan started
15:52:50.0869 2620 Mode: Manual; SigCheck; TDLFS;
15:52:50.0869 2620 ============================================================
15:52:52.0086 2620 ================ Scan system memory ========================
15:52:52.0086 2620 System memory - ok
15:52:52.0086 2620 ================ Scan services =============================
15:52:52.0242 2620 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:52:52.0367 2620 1394ohci - ok
15:52:52.0398 2620 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
15:52:52.0429 2620 ACPI - ok
15:52:52.0429 2620 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
15:52:52.0460 2620 AcpiPmi - ok
15:52:52.0632 2620 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:52:52.0648 2620 AdobeFlashPlayerUpdateSvc - ok
15:52:52.0679 2620 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:52:52.0694 2620 adp94xx - ok
15:52:52.0710 2620 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:52:52.0726 2620 adpahci - ok
15:52:52.0757 2620 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:52:52.0788 2620 adpu320 - ok
15:52:52.0819 2620 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:52:52.0897 2620 AeLookupSvc - ok
15:52:52.0960 2620 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
15:52:53.0006 2620 AFD - ok
15:52:53.0038 2620 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
15:52:53.0069 2620 agp440 - ok
15:52:53.0084 2620 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:52:53.0131 2620 ALG - ok
15:52:53.0147 2620 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
15:52:53.0162 2620 aliide - ok
15:52:53.0178 2620 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
15:52:53.0194 2620 amdide - ok
15:52:53.0194 2620 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:52:53.0209 2620 AmdK8 - ok
15:52:53.0240 2620 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:52:53.0287 2620 AmdPPM - ok
15:52:53.0318 2620 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:52:53.0334 2620 amdsata - ok
15:52:53.0365 2620 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:52:53.0381 2620 amdsbs - ok
15:52:53.0412 2620 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:52:53.0412 2620 amdxata - ok
15:52:53.0490 2620 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:52:53.0521 2620 AntiVirSchedulerService - ok
15:52:53.0552 2620 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:52:53.0568 2620 AntiVirService - ok
15:52:53.0584 2620 [ D05B3EB1F1C8C7199D84C9D68D35FD78 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:52:53.0599 2620 AntiVirWebService - ok
15:52:53.0615 2620 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
15:52:53.0646 2620 AppID - ok
15:52:53.0693 2620 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:52:53.0755 2620 AppIDSvc - ok
15:52:53.0771 2620 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
15:52:53.0786 2620 Appinfo - ok
15:52:53.0818 2620 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:52:53.0849 2620 arc - ok
15:52:53.0849 2620 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:52:53.0864 2620 arcsas - ok
15:52:53.0896 2620 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:52:53.0958 2620 AsyncMac - ok
15:52:53.0974 2620 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
15:52:53.0974 2620 atapi - ok
15:52:54.0005 2620 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:52:54.0052 2620 AudioEndpointBuilder - ok
15:52:54.0052 2620 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:52:54.0083 2620 AudioSrv - ok
15:52:54.0114 2620 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:52:54.0114 2620 avgntflt - ok
15:52:54.0130 2620 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:52:54.0145 2620 avipbb - ok
15:52:54.0161 2620 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:52:54.0161 2620 avkmgr - ok
15:52:54.0176 2620 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:52:54.0208 2620 AxInstSV - ok
15:52:54.0254 2620 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:52:54.0286 2620 b06bdrv - ok
15:52:54.0317 2620 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:52:54.0364 2620 b57nd60a - ok
15:52:54.0395 2620 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:52:54.0426 2620 BDESVC - ok
15:52:54.0442 2620 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:52:54.0504 2620 Beep - ok
15:52:54.0551 2620 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
15:52:54.0629 2620 BFE - ok
15:52:54.0676 2620 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
15:52:54.0707 2620 BITS - ok
15:52:54.0738 2620 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:52:54.0754 2620 blbdrive - ok
15:52:54.0785 2620 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:52:54.0832 2620 bowser - ok
15:52:54.0832 2620 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:52:54.0863 2620 BrFiltLo - ok
15:52:54.0863 2620 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:52:54.0878 2620 BrFiltUp - ok
15:52:54.0925 2620 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
15:52:54.0956 2620 Browser - ok
15:52:54.0988 2620 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:52:55.0019 2620 Brserid - ok
15:52:55.0019 2620 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:52:55.0050 2620 BrSerWdm - ok
15:52:55.0050 2620 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:52:55.0050 2620 BrUsbMdm - ok
15:52:55.0066 2620 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:52:55.0066 2620 BrUsbSer - ok
15:52:55.0081 2620 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:52:55.0081 2620 BTHMODEM - ok
15:52:55.0112 2620 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:52:55.0175 2620 bthserv - ok
15:52:55.0175 2620 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:52:55.0206 2620 cdfs - ok
15:52:55.0237 2620 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:52:55.0237 2620 cdrom - ok
15:52:55.0268 2620 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
15:52:55.0315 2620 CertPropSvc - ok
15:52:55.0331 2620 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:52:55.0331 2620 circlass - ok
15:52:55.0346 2620 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:52:55.0362 2620 CLFS - ok
15:52:55.0424 2620 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:52:55.0456 2620 clr_optimization_v2.0.50727_32 - ok
15:52:55.0518 2620 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:52:55.0549 2620 clr_optimization_v2.0.50727_64 - ok
15:52:55.0658 2620 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:52:55.0690 2620 clr_optimization_v4.0.30319_32 - ok
15:52:55.0705 2620 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:52:55.0736 2620 clr_optimization_v4.0.30319_64 - ok
15:52:55.0736 2620 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:52:55.0752 2620 CmBatt - ok
15:52:55.0768 2620 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
15:52:55.0768 2620 cmdide - ok
15:52:55.0814 2620 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
15:52:55.0830 2620 CNG - ok
15:52:55.0846 2620 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:52:55.0846 2620 Compbatt - ok
15:52:55.0861 2620 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:52:55.0908 2620 CompositeBus - ok
15:52:55.0908 2620 COMSysApp - ok
15:52:55.0939 2620 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:52:55.0955 2620 crcdisk - ok
15:52:55.0986 2620 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:52:56.0017 2620 CryptSvc - ok
15:52:56.0080 2620 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:52:56.0126 2620 DcomLaunch - ok
15:52:56.0158 2620 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:52:56.0204 2620 defragsvc - ok
15:52:56.0236 2620 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:52:56.0267 2620 DfsC - ok
15:52:56.0298 2620 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
15:52:56.0345 2620 Dhcp - ok
15:52:56.0360 2620 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:52:56.0438 2620 discache - ok
15:52:56.0485 2620 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:52:56.0501 2620 Disk - ok
15:52:56.0532 2620 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:52:56.0548 2620 Dnscache - ok
15:52:56.0563 2620 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
15:52:56.0626 2620 dot3svc - ok
15:52:56.0641 2620 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
15:52:56.0672 2620 DPS - ok
15:52:56.0719 2620 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:52:56.0750 2620 drmkaud - ok
15:52:56.0782 2620 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:52:56.0813 2620 DXGKrnl - ok
15:52:56.0844 2620 EagleX64 - ok
15:52:56.0875 2620 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:52:56.0938 2620 EapHost - ok
15:52:57.0031 2620 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:52:57.0078 2620 ebdrv - ok
15:52:57.0094 2620 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
15:52:57.0125 2620 EFS - ok
15:52:57.0203 2620 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:52:57.0250 2620 ehRecvr - ok
15:52:57.0281 2620 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:52:57.0281 2620 ehSched - ok
15:52:57.0328 2620 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:52:57.0359 2620 elxstor - ok
15:52:57.0374 2620 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
15:52:57.0421 2620 ErrDev - ok
15:52:57.0452 2620 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:52:57.0499 2620 EventSystem - ok
15:52:57.0515 2620 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:52:57.0530 2620 exfat - ok
15:52:57.0562 2620 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:52:57.0593 2620 fastfat - ok
15:52:57.0671 2620 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
15:52:57.0733 2620 Fax - ok
15:52:57.0749 2620 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:52:57.0764 2620 fdc - ok
15:52:57.0796 2620 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:52:57.0920 2620 fdPHost - ok
15:52:57.0936 2620 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:52:57.0983 2620 FDResPub - ok
15:52:58.0014 2620 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:52:58.0014 2620 FileInfo - ok
15:52:58.0045 2620 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:52:58.0076 2620 Filetrace - ok
15:52:58.0092 2620 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:52:58.0092 2620 flpydisk - ok
15:52:58.0108 2620 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:52:58.0123 2620 FltMgr - ok
15:52:58.0170 2620 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
15:52:58.0232 2620 FontCache - ok
15:52:58.0295 2620 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:52:58.0310 2620 FontCache3.0.0.0 - ok
15:52:58.0342 2620 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:52:58.0357 2620 FsDepends - ok
15:52:58.0373 2620 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:52:58.0388 2620 Fs_Rec - ok
15:52:58.0435 2620 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:52:58.0466 2620 fvevol - ok
15:52:58.0513 2620 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:52:58.0544 2620 gagp30kx - ok
15:52:58.0576 2620 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
15:52:58.0607 2620 gpsvc - ok
15:52:58.0638 2620 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
15:52:58.0654 2620 hamachi - ok
15:52:58.0778 2620 [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
15:52:58.0825 2620 Hamachi2Svc - ok
15:52:58.0841 2620 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:52:58.0856 2620 hcw85cir - ok
15:52:58.0903 2620 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:52:58.0934 2620 HdAudAddService - ok
15:52:58.0981 2620 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:52:58.0997 2620 HDAudBus - ok
15:52:58.0997 2620 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:52:59.0028 2620 HidBatt - ok
15:52:59.0044 2620 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:52:59.0090 2620 HidBth - ok
15:52:59.0106 2620 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:52:59.0153 2620 HidIr - ok
15:52:59.0168 2620 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:52:59.0231 2620 hidserv - ok
15:52:59.0246 2620 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:52:59.0278 2620 HidUsb - ok
15:52:59.0309 2620 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:52:59.0371 2620 hkmsvc - ok
15:52:59.0402 2620 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:52:59.0434 2620 HomeGroupListener - ok
15:52:59.0465 2620 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:52:59.0512 2620 HomeGroupProvider - ok
15:52:59.0543 2620 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
15:52:59.0558 2620 HpSAMD - ok
15:52:59.0590 2620 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:52:59.0636 2620 HTTP - ok
15:52:59.0652 2620 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:52:59.0652 2620 hwpolicy - ok
15:52:59.0683 2620 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:52:59.0683 2620 i8042prt - ok
15:52:59.0730 2620 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:52:59.0761 2620 iaStorV - ok
15:52:59.0808 2620 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:52:59.0839 2620 idsvc - ok
15:52:59.0870 2620 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:52:59.0886 2620 iirsp - ok
15:52:59.0917 2620 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
15:52:59.0948 2620 IKEEXT - ok
15:52:59.0995 2620 [ CAA8BC6737DFA3BF1A50175CFB226788 ] InputFilter_Hid_FlexDef2b C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys
15:53:00.0058 2620 InputFilter_Hid_FlexDef2b - ok
15:53:00.0120 2620 [ 589B94A9B73A0E819FF873743A480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:53:00.0167 2620 IntcAzAudAddService - ok
15:53:00.0214 2620 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
15:53:00.0370 2620 intelide - ok
15:53:00.0385 2620 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:53:00.0432 2620 intelppm - ok
15:53:00.0463 2620 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:53:00.0510 2620 IPBusEnum - ok
15:53:00.0541 2620 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:53:00.0557 2620 IpFilterDriver - ok
15:53:00.0572 2620 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:53:00.0619 2620 iphlpsvc - ok
15:53:00.0619 2620 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:53:00.0635 2620 IPMIDRV - ok
15:53:00.0635 2620 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:53:00.0666 2620 IPNAT - ok
15:53:00.0697 2620 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:53:00.0713 2620 IRENUM - ok
15:53:00.0713 2620 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
15:53:00.0728 2620 isapnp - ok
15:53:00.0744 2620 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:53:00.0760 2620 iScsiPrt - ok
15:53:00.0775 2620 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:53:00.0791 2620 kbdclass - ok
15:53:00.0791 2620 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:53:00.0822 2620 kbdhid - ok
15:53:00.0838 2620 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
15:53:00.0869 2620 KeyIso - ok
15:53:00.0900 2620 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:53:00.0900 2620 KSecDD - ok
15:53:00.0916 2620 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:53:00.0916 2620 KSecPkg - ok
15:53:00.0931 2620 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:53:00.0947 2620 ksthunk - ok
15:53:00.0978 2620 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:53:01.0009 2620 KtmRm - ok
15:53:01.0040 2620 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:53:01.0056 2620 LanmanServer - ok
15:53:01.0087 2620 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:53:01.0165 2620 LanmanWorkstation - ok
15:53:01.0196 2620 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:53:01.0212 2620 lltdio - ok
15:53:01.0243 2620 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:53:01.0259 2620 lltdsvc - ok
15:53:01.0274 2620 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:53:01.0290 2620 lmhosts - ok
15:53:01.0321 2620 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:53:01.0337 2620 LSI_FC - ok
15:53:01.0352 2620 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:53:01.0352 2620 LSI_SAS - ok
15:53:01.0368 2620 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:53:01.0368 2620 LSI_SAS2 - ok
15:53:01.0399 2620 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:53:01.0399 2620 LSI_SCSI - ok
15:53:01.0415 2620 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:53:01.0430 2620 luafv - ok
15:53:01.0493 2620 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:53:01.0524 2620 MBAMProtector - ok
15:53:01.0618 2620 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:53:01.0649 2620 MBAMScheduler - ok
15:53:01.0664 2620 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:53:01.0680 2620 MBAMService - ok
15:53:01.0711 2620 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:53:01.0742 2620 Mcx2Svc - ok
15:53:01.0758 2620 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:53:01.0774 2620 megasas - ok
15:53:01.0789 2620 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:53:01.0805 2620 MegaSR - ok
15:53:01.0820 2620 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:53:01.0867 2620 MMCSS - ok
15:53:01.0883 2620 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:53:01.0914 2620 Modem - ok
15:53:01.0961 2620 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:53:02.0008 2620 monitor - ok
15:53:02.0023 2620 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:53:02.0054 2620 mouclass - ok
15:53:02.0086 2620 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:53:02.0132 2620 mouhid - ok
15:53:02.0164 2620 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:53:02.0195 2620 mountmgr - ok
15:53:02.0210 2620 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
15:53:02.0226 2620 mpio - ok
15:53:02.0273 2620 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:53:02.0304 2620 mpsdrv - ok
15:53:02.0320 2620 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:53:02.0382 2620 MpsSvc - ok
15:53:02.0398 2620 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:53:02.0429 2620 MRxDAV - ok
15:53:02.0444 2620 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:53:02.0460 2620 mrxsmb - ok
15:53:02.0460 2620 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:53:02.0491 2620 mrxsmb10 - ok
15:53:02.0507 2620 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:53:02.0554 2620 mrxsmb20 - ok
15:53:02.0585 2620 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
15:53:02.0585 2620 msahci - ok
15:53:02.0600 2620 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
15:53:02.0616 2620 msdsm - ok
15:53:02.0632 2620 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:53:02.0678 2620 MSDTC - ok
15:53:02.0710 2620 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:53:02.0741 2620 Msfs - ok
15:53:02.0756 2620 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:53:02.0803 2620 mshidkmdf - ok
15:53:02.0819 2620 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
15:53:02.0819 2620 msisadrv - ok
15:53:02.0866 2620 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:53:02.0881 2620 MSiSCSI - ok
15:53:02.0881 2620 msiserver - ok
15:53:02.0912 2620 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:53:02.0975 2620 MSKSSRV - ok
15:53:02.0990 2620 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:53:03.0022 2620 MSPCLOCK - ok
15:53:03.0037 2620 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:53:03.0084 2620 MSPQM - ok
15:53:03.0100 2620 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:53:03.0115 2620 MsRPC - ok
15:53:03.0131 2620 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:53:03.0146 2620 mssmbios - ok
15:53:03.0162 2620 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:53:03.0178 2620 MSTEE - ok
15:53:03.0193 2620 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:53:03.0224 2620 MTConfig - ok
15:53:03.0240 2620 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:53:03.0271 2620 Mup - ok
15:53:03.0287 2620 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
15:53:03.0318 2620 napagent - ok
15:53:03.0349 2620 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:53:03.0412 2620 NativeWifiP - ok
15:53:03.0458 2620 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:53:03.0490 2620 NDIS - ok
15:53:03.0505 2620 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:53:03.0521 2620 NdisCap - ok
15:53:03.0552 2620 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:53:03.0568 2620 NdisTapi - ok
15:53:03.0568 2620 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:53:03.0614 2620 Ndisuio - ok
15:53:03.0630 2620 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:53:03.0661 2620 NdisWan - ok
15:53:03.0677 2620 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:53:03.0739 2620 NDProxy - ok
15:53:03.0755 2620 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:53:03.0786 2620 NetBIOS - ok
15:53:03.0817 2620 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:53:03.0833 2620 NetBT - ok
15:53:03.0848 2620 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
15:53:03.0864 2620 Netlogon - ok
15:53:03.0911 2620 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:53:03.0973 2620 Netman - ok
15:53:04.0004 2620 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:53:04.0036 2620 netprofm - ok
15:53:04.0067 2620 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:53:04.0082 2620 NetTcpPortSharing - ok
15:53:04.0114 2620 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:53:04.0145 2620 nfrd960 - ok
15:53:04.0160 2620 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:53:04.0223 2620 NlaSvc - ok
15:53:04.0238 2620 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:53:04.0285 2620 Npfs - ok
15:53:04.0301 2620 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:53:04.0332 2620 nsi - ok
15:53:04.0363 2620 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:53:04.0379 2620 nsiproxy - ok
15:53:04.0457 2620 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:53:04.0488 2620 Ntfs - ok
15:53:04.0504 2620 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:53:04.0550 2620 Null - ok
15:53:04.0597 2620 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
15:53:04.0628 2620 nusb3hub - ok
15:53:04.0660 2620 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:53:04.0706 2620 nusb3xhc - ok
15:53:04.0769 2620 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:53:04.0800 2620 NVHDA - ok
15:53:05.0034 2620 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:53:05.0159 2620 nvlddmkm - ok
15:53:05.0206 2620 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:53:05.0221 2620 nvraid - ok
15:53:05.0221 2620 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:53:05.0237 2620 nvstor - ok
15:53:05.0299 2620 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] NVSvc C:\Windows\system32\nvvsvc.exe
15:53:05.0315 2620 NVSvc - ok
15:53:05.0393 2620 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:53:05.0440 2620 nvUpdatusService - ok
15:53:05.0455 2620 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
15:53:05.0455 2620 nv_agp - ok
15:53:05.0471 2620 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:53:05.0502 2620 ohci1394 - ok
15:53:05.0533 2620 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:53:05.0564 2620 p2pimsvc - ok
15:53:05.0596 2620 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:53:05.0611 2620 p2psvc - ok
15:53:05.0627 2620 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:53:05.0642 2620 Parport - ok
15:53:05.0674 2620 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:53:05.0674 2620 partmgr - ok
15:53:05.0689 2620 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:53:05.0720 2620 PcaSvc - ok
15:53:05.0752 2620 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
15:53:05.0767 2620 pci - ok
15:53:05.0783 2620 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
15:53:05.0783 2620 pciide - ok
15:53:05.0798 2620 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:53:05.0814 2620 pcmcia - ok
15:53:05.0830 2620 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:53:05.0830 2620 pcw - ok
15:53:05.0861 2620 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:53:05.0892 2620 PEAUTH - ok
15:53:05.0970 2620 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:53:06.0032 2620 PerfHost - ok
15:53:06.0079 2620 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
15:53:06.0142 2620 pla - ok
15:53:06.0188 2620 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:53:06.0220 2620 PlugPlay - ok
15:53:06.0235 2620 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:53:06.0266 2620 PNRPAutoReg - ok
15:53:06.0282 2620 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:53:06.0282 2620 PNRPsvc - ok
15:53:06.0313 2620 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:53:06.0360 2620 PolicyAgent - ok
15:53:06.0391 2620 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:53:06.0454 2620 Power - ok
15:53:06.0500 2620 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:53:06.0578 2620 PptpMiniport - ok
15:53:06.0594 2620 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:53:06.0610 2620 Processor - ok
15:53:06.0656 2620 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
15:53:06.0688 2620 ProfSvc - ok
15:53:06.0688 2620 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:53:06.0703 2620 ProtectedStorage - ok
15:53:06.0719 2620 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:53:06.0766 2620 Psched - ok
15:53:06.0828 2620 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:53:06.0859 2620 ql2300 - ok
15:53:06.0875 2620 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:53:06.0875 2620 ql40xx - ok
15:53:06.0906 2620 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:53:06.0953 2620 QWAVE - ok
15:53:06.0968 2620 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:53:07.0015 2620 QWAVEdrv - ok
15:53:07.0031 2620 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:53:07.0062 2620 RasAcd - ok
15:53:07.0078 2620 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:53:07.0093 2620 RasAgileVpn - ok
15:53:07.0109 2620 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:53:07.0187 2620 RasAuto - ok
15:53:07.0202 2620 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:53:07.0280 2620 Rasl2tp - ok
15:53:07.0312 2620 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
15:53:07.0358 2620 RasMan - ok
15:53:07.0374 2620 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:53:07.0452 2620 RasPppoe - ok
15:53:07.0468 2620 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:53:07.0483 2620 RasSstp - ok
15:53:07.0514 2620 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:53:07.0561 2620 rdbss - ok
15:53:07.0592 2620 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:53:07.0592 2620 rdpbus - ok
15:53:07.0608 2620 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:53:07.0639 2620 RDPCDD - ok
15:53:07.0655 2620 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:53:07.0702 2620 RDPENCDD - ok
15:53:07.0717 2620 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:53:07.0748 2620 RDPREFMP - ok
15:53:07.0780 2620 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:53:07.0795 2620 RDPWD - ok
15:53:07.0811 2620 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:53:07.0811 2620 rdyboost - ok
15:53:07.0842 2620 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:53:07.0920 2620 RemoteAccess - ok
15:53:07.0936 2620 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:53:07.0951 2620 RemoteRegistry - ok
15:53:07.0967 2620 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:53:08.0045 2620 RpcEptMapper - ok
15:53:08.0076 2620 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:53:08.0170 2620 RpcLocator - ok
15:53:08.0201 2620 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
15:53:08.0263 2620 RpcSs - ok
15:53:08.0279 2620 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:53:08.0310 2620 rspndr - ok
15:53:08.0357 2620 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:53:08.0357 2620 RTL8167 - ok
15:53:08.0372 2620 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
15:53:08.0388 2620 SamSs - ok
15:53:08.0404 2620 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
15:53:08.0404 2620 sbp2port - ok
15:53:08.0419 2620 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:53:08.0435 2620 SCardSvr - ok
15:53:08.0450 2620 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:53:08.0482 2620 scfilter - ok
15:53:08.0528 2620 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
15:53:08.0544 2620 Schedule - ok
15:53:08.0575 2620 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:53:08.0591 2620 SCPolicySvc - ok
15:53:08.0606 2620 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:53:08.0653 2620 SDRSVC - ok
15:53:08.0669 2620 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:53:08.0716 2620 secdrv - ok
15:53:08.0731 2620 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
15:53:08.0778 2620 seclogon - ok
15:53:08.0809 2620 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:53:08.0872 2620 SENS - ok
15:53:08.0887 2620 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:53:08.0918 2620 SensrSvc - ok
15:53:08.0950 2620 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:53:08.0981 2620 Serenum - ok
15:53:09.0012 2620 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:53:09.0028 2620 Serial - ok
15:53:09.0059 2620 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:53:09.0106 2620 sermouse - ok
15:53:09.0137 2620 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
15:53:09.0199 2620 SessionEnv - ok
15:53:09.0230 2620 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:53:09.0277 2620 sffdisk - ok
15:53:09.0308 2620 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:53:09.0340 2620 sffp_mmc - ok
15:53:09.0371 2620 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:53:09.0386 2620 sffp_sd - ok
15:53:09.0386 2620 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:53:09.0418 2620 sfloppy - ok
15:53:09.0449 2620 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:53:09.0511 2620 SharedAccess - ok
15:53:09.0542 2620 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:53:09.0589 2620 ShellHWDetection - ok
15:53:09.0620 2620 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:53:09.0636 2620 SiSRaid2 - ok
15:53:09.0667 2620 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:53:09.0667 2620 SiSRaid4 - ok
15:53:09.0714 2620 [ 0A0A0183711EFB04F9BCC32BB44471F2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:53:09.0745 2620 SkypeUpdate - ok
15:53:09.0761 2620 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:53:09.0808 2620 Smb - ok
15:53:09.0839 2620 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:53:09.0854 2620 SNMPTRAP - ok
15:53:09.0870 2620 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:53:09.0886 2620 spldr - ok
15:53:09.0917 2620 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
15:53:09.0964 2620 Spooler - ok
15:53:10.0073 2620 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
15:53:10.0151 2620 sppsvc - ok
15:53:10.0182 2620 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:53:10.0244 2620 sppuinotify - ok
15:53:10.0276 2620 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:53:10.0322 2620 srv - ok
15:53:10.0354 2620 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:53:10.0369 2620 srv2 - ok
15:53:10.0369 2620 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:53:10.0400 2620 srvnet - ok
15:53:10.0432 2620 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:53:10.0463 2620 SSDPSRV - ok
15:53:10.0478 2620 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:53:10.0494 2620 SstpSvc - ok
15:53:10.0556 2620 Steam Client Service - ok
15:53:10.0634 2620 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:53:10.0681 2620 Stereo Service - ok
15:53:10.0712 2620 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:53:10.0712 2620 stexstor - ok
15:53:10.0775 2620 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
15:53:10.0806 2620 stisvc - ok
15:53:10.0806 2620 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:53:10.0822 2620 swenum - ok
15:53:10.0837 2620 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:53:10.0868 2620 swprv - ok
15:53:10.0900 2620 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
15:53:10.0946 2620 SysMain - ok
15:53:10.0978 2620 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:53:11.0040 2620 TabletInputService - ok
15:53:11.0056 2620 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
15:53:11.0134 2620 TapiSrv - ok
15:53:11.0165 2620 TBPanel - ok
15:53:11.0180 2620 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:53:11.0227 2620 TBS - ok
15:53:11.0305 2620 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:53:11.0336 2620 Tcpip - ok
15:53:11.0368 2620 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:53:11.0399 2620 TCPIP6 - ok
15:53:11.0414 2620 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:53:11.0461 2620 tcpipreg - ok
15:53:11.0477 2620 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:53:11.0477 2620 TDPIPE - ok
15:53:11.0524 2620 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:53:11.0570 2620 TDTCP - ok
15:53:11.0586 2620 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:53:11.0633 2620 tdx - ok
15:53:11.0664 2620 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:53:11.0664 2620 TermDD - ok
15:53:11.0695 2620 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
15:53:11.0758 2620 TermService - ok
15:53:11.0773 2620 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:53:11.0804 2620 Themes - ok
15:53:11.0820 2620 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:53:11.0836 2620 THREADORDER - ok
15:53:11.0851 2620 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:53:11.0929 2620 TrkWks - ok
15:53:11.0976 2620 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:53:12.0007 2620 TrustedInstaller - ok
15:53:12.0023 2620 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:53:12.0101 2620 tssecsrv - ok
15:53:12.0132 2620 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:53:12.0179 2620 tunnel - ok
15:53:12.0194 2620 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:53:12.0210 2620 uagp35 - ok
15:53:12.0226 2620 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:53:12.0257 2620 udfs - ok
15:53:12.0272 2620 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:53:12.0288 2620 UI0Detect - ok
15:53:12.0319 2620 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
15:53:12.0335 2620 uliagpkx - ok
15:53:12.0350 2620 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:53:12.0350 2620 umbus - ok
15:53:12.0382 2620 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:53:12.0413 2620 UmPass - ok
15:53:12.0444 2620 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:53:12.0475 2620 upnphost - ok
15:53:12.0507 2620 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:53:12.0553 2620 usbccgp - ok
15:53:12.0569 2620 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
15:53:12.0616 2620 usbcir - ok
15:53:12.0663 2620 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:53:12.0663 2620 usbehci - ok
15:53:12.0678 2620 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:53:12.0694 2620 usbhub - ok
15:53:12.0725 2620 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:53:12.0756 2620 usbohci - ok
15:53:12.0772 2620 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:53:12.0787 2620 usbprint - ok
15:53:12.0819 2620 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:53:12.0819 2620 USBSTOR - ok
15:53:12.0850 2620 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:53:12.0881 2620 usbuhci - ok
15:53:12.0897 2620 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:53:12.0975 2620 UxSms - ok
15:53:12.0990 2620 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
15:53:12.0990 2620 VaultSvc - ok
15:53:13.0021 2620 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
15:53:13.0021 2620 vdrvroot - ok
15:53:13.0037 2620 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
15:53:13.0068 2620 vds - ok
15:53:13.0084 2620 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:53:13.0099 2620 vga - ok
15:53:13.0115 2620 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:53:13.0177 2620 VgaSave - ok
15:53:13.0193 2620 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
15:53:13.0193 2620 vhdmp - ok
15:53:13.0209 2620 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
15:53:13.0209 2620 viaide - ok
15:53:13.0224 2620 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
15:53:13.0240 2620 volmgr - ok
15:53:13.0302 2620 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:53:13.0318 2620 volmgrx - ok
15:53:13.0365 2620 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
15:53:13.0380 2620 volsnap - ok
15:53:13.0411 2620 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:53:13.0443 2620 vsmraid - ok
15:53:13.0489 2620 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
15:53:13.0521 2620 VSS - ok
15:53:13.0536 2620 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:53:13.0552 2620 vwifibus - ok
15:53:13.0583 2620 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:53:13.0614 2620 W32Time - ok
15:53:13.0630 2620 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:53:13.0661 2620 WacomPen - ok
15:53:13.0677 2620 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:53:13.0739 2620 WANARP - ok
15:53:13.0755 2620 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:53:13.0770 2620 Wanarpv6 - ok
15:53:13.0801 2620 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
15:53:13.0848 2620 wbengine - ok
15:53:13.0864 2620 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:53:13.0879 2620 WbioSrvc - ok
15:53:13.0926 2620 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:53:13.0942 2620 wcncsvc - ok
15:53:13.0957 2620 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:53:13.0957 2620 WcsPlugInService - ok
15:53:13.0973 2620 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:53:13.0989 2620 Wd - ok
15:53:14.0035 2620 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:53:14.0067 2620 Wdf01000 - ok
15:53:14.0082 2620 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:53:14.0113 2620 WdiServiceHost - ok
15:53:14.0113 2620 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:53:14.0129 2620 WdiSystemHost - ok
15:53:14.0160 2620 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
15:53:14.0191 2620 WebClient - ok
15:53:14.0207 2620 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:53:14.0238 2620 Wecsvc - ok
15:53:14.0269 2620 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:53:14.0332 2620 wercplsupport - ok
15:53:14.0379 2620 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:53:14.0410 2620 WerSvc - ok
15:53:14.0410 2620 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:53:14.0441 2620 WfpLwf - ok
15:53:14.0457 2620 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:53:14.0457 2620 WIMMount - ok
15:53:14.0472 2620 WinDefend - ok
15:53:14.0472 2620 WinHttpAutoProxySvc - ok
15:53:14.0503 2620 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:53:14.0535 2620 Winmgmt - ok
15:53:14.0581 2620 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
15:53:14.0628 2620 WinRM - ok
15:53:14.0675 2620 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:53:14.0691 2620 Wlansvc - ok
15:53:14.0691 2620 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:53:14.0722 2620 WmiAcpi - ok
15:53:14.0737 2620 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:53:14.0753 2620 wmiApSrv - ok
15:53:14.0769 2620 WMPNetworkSvc - ok
15:53:14.0769 2620 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:53:14.0784 2620 WPCSvc - ok
15:53:14.0800 2620 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:53:14.0815 2620 WPDBusEnum - ok
15:53:14.0815 2620 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:53:14.0862 2620 ws2ifsl - ok
15:53:14.0878 2620 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
15:53:14.0909 2620 wscsvc - ok
15:53:14.0925 2620 WSearch - ok
15:53:15.0018 2620 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:53:15.0049 2620 wuauserv - ok
15:53:15.0096 2620 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:53:15.0096 2620 WudfPf - ok
15:53:15.0143 2620 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:53:15.0190 2620 WUDFRd - ok
15:53:15.0205 2620 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:53:15.0252 2620 wudfsvc - ok
15:53:15.0283 2620 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:53:15.0299 2620 WwanSvc - ok
15:53:15.0315 2620 ================ Scan global ===============================
15:53:15.0330 2620 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:53:15.0361 2620 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
15:53:15.0377 2620 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
15:53:15.0393 2620 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:53:15.0424 2620 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:53:15.0424 2620 [Global] - ok
15:53:15.0424 2620 ================ Scan MBR ==================================
15:53:15.0439 2620 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:53:15.0783 2620 \Device\Harddisk0\DR0 - ok
15:53:15.0783 2620 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
15:53:15.0939 2620 \Device\Harddisk1\DR1 - ok
15:53:15.0939 2620 ================ Scan VBR ==================================
15:53:15.0939 2620 [ 62538AFD1232A4D663430095BF2F2D9A ] \Device\Harddisk0\DR0\Partition1
15:53:15.0939 2620 \Device\Harddisk0\DR0\Partition1 - ok
15:53:15.0954 2620 [ 668E19F6E5CE7C4F346AE8AF6D504F00 ] \Device\Harddisk1\DR1\Partition1
15:53:15.0954 2620 \Device\Harddisk1\DR1\Partition1 - ok
15:53:15.0954 2620 ============================================================
15:53:15.0954 2620 Scan finished
15:53:15.0954 2620 ============================================================
15:53:15.0970 4240 Detected object count: 0
15:53:15.0970 4240 Actual detected object count: 0
15:53:33.0395 1564 Deinitialize success


Alt 24.03.2013, 16:06   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
F:\RECYCLER\e621ca05.exe - Standard

F:\RECYCLER\e621ca05.exe



Bitte die nächsten Log in CODE-Tags posten

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> F:\RECYCLER\e621ca05.exe

Alt 24.03.2013, 16:49   #7
Blacklaiser
 
F:\RECYCLER\e621ca05.exe - Standard

F:\RECYCLER\e621ca05.exe



Bitte die nächsten Log in CODE-Tags posten

Das verstehe ich nicht gut das mit strg a und dann strg C isdt logisch aber, was ist mit auf # gemeint die taste # drücken oder wie?

Weil ich sondst nichts mit # sehe, aber wenn ich auf # drücke kommen die [code] sachen nicht

Alt 24.03.2013, 16:55   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
F:\RECYCLER\e621ca05.exe - Standard

F:\RECYCLER\e621ca05.exe



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.03.2013, 17:10   #9
Blacklaiser
 
F:\RECYCLER\e621ca05.exe - Standard

F:\RECYCLER\e621ca05.exe



Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke .

Das verstehe ich nicht im Editor auf welches # symbol da gibt es keins bei mir

Ok jetzt habe ich es verstanden
Code:
ATTFilter
ComboFix 13-03-24.03 - basti 24.03.2013  17:57:49.1.6 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.8191.6700 [GMT 1:00]
ausgeführt von:: c:\users\basti\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\basti\AppData\Roaming\E031.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-24 bis 2013-03-24  ))))))))))))))))))))))))))))))
.
.
2013-03-24 17:02 . 2013-03-24 17:02	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-24 17:02 . 2013-03-24 17:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-24 14:53 . 2013-03-04 13:53	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-23 11:31 . 2013-03-23 11:31	--------	d-----w-	c:\users\basti\AppData\Roaming\Malwarebytes
2013-03-23 11:31 . 2013-03-24 14:10	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-23 11:31 . 2013-03-24 14:13	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-23 11:31 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-23 11:30 . 2013-03-23 11:30	--------	d-----w-	c:\users\basti\AppData\Local\Programs
2013-03-22 10:58 . 2013-02-12 14:02	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-21 00:17 . 2013-03-24 14:13	--------	d-----w-	c:\windows\system32\SPReview
2013-03-21 00:16 . 2013-03-21 00:16	--------	d-----w-	c:\windows\system32\EventProviders
2013-03-18 12:36 . 2013-03-18 12:36	--------	d-----w-	c:\users\basti\AppData\Local\Microsoft_Corporation
2013-03-10 14:46 . 2013-03-10 14:46	--------	d-----w-	c:\users\basti\AppData\Local\SKIDROW
2013-03-08 21:36 . 2013-03-08 21:36	--------	d-----w-	c:\users\basti\AppData\Local\EA Games
2013-03-04 05:57 . 2013-03-04 14:09	--------	d-----w-	c:\users\basti\AppData\Local\Skyrim
2013-03-03 21:17 . 2013-03-03 21:17	--------	d-----w-	c:\users\basti\AppData\Local\Diagnostics
2013-03-03 18:35 . 2013-03-24 16:08	--------	d-----w-	c:\program files (x86)\Steam
2013-03-03 18:35 . 2013-03-24 14:13	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2013-03-03 17:55 . 2009-10-10 03:17	14336	----a-w-	c:\windows\system32\drivers\sffp_sd.sys
2013-03-03 17:54 . 2011-02-19 06:37	1135104	----a-w-	c:\windows\system32\FntCache.dll
2013-02-24 21:01 . 2013-03-24 14:13	--------	d-----w-	c:\users\basti\AppData\Local\TeknoGods
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 17:50 . 2013-02-13 16:05	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 17:50 . 2013-02-13 16:05	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-25 23:32 . 2013-02-12 20:41	2505144	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-25 23:32 . 2013-02-12 20:42	15129960	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-02-25 23:32 . 2013-02-12 20:41	2826040	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-25 23:32 . 2012-10-10 20:23	18055184	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-02-25 23:32 . 2012-10-10 20:23	1107440	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-02-25 23:32 . 2012-10-10 20:22	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-02-25 23:32 . 2012-10-10 20:23	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-02-25 23:32 . 2013-02-12 20:42	15053264	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-18 08:22 . 2013-02-18 08:22	31080	----a-w-	c:\windows\system32\nvhdap64.dll
2013-02-18 08:22 . 2013-02-18 08:22	1472360	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 08:22 . 2013-02-18 08:22	189288	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2013-02-17 02:08 . 2013-02-17 02:08	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-02-17 02:08 . 2013-02-17 02:08	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-02-17 02:08 . 2013-02-17 02:08	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-02-17 02:08 . 2013-02-17 02:08	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-02-17 02:08 . 2013-02-17 02:08	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-02-17 02:08 . 2013-02-17 02:08	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-02-17 02:08 . 2013-02-17 02:08	367104	----a-w-	c:\windows\SysWow64\html.iec
2013-02-17 02:08 . 2013-02-17 02:08	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-02-17 02:08 . 2013-02-17 02:08	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2013-02-17 02:08 . 2013-02-17 02:08	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2013-02-17 02:08 . 2013-02-17 02:08	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-02-17 02:08 . 2013-02-17 02:08	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2013-02-17 02:08 . 2013-02-17 02:08	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-02-17 02:08 . 2013-02-17 02:08	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2013-02-17 02:08 . 2013-02-17 02:08	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-02-17 02:08 . 2013-02-17 02:08	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-02-17 02:08 . 2013-02-17 02:08	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2013-02-17 02:08 . 2013-02-17 02:08	85504	----a-w-	c:\windows\system32\iesetup.dll
2013-02-17 02:08 . 2013-02-17 02:08	82432	----a-w-	c:\windows\system32\icardie.dll
2013-02-17 02:08 . 2013-02-17 02:08	76800	----a-w-	c:\windows\system32\tdc.ocx
2013-02-17 02:08 . 2013-02-17 02:08	65024	----a-w-	c:\windows\system32\pngfilt.dll
2013-02-17 02:08 . 2013-02-17 02:08	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-02-17 02:08 . 2013-02-17 02:08	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2013-02-17 02:08 . 2013-02-17 02:08	49664	----a-w-	c:\windows\system32\imgutil.dll
2013-02-17 02:08 . 2013-02-17 02:08	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-02-17 02:08 . 2013-02-17 02:08	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2013-02-17 02:08 . 2013-02-17 02:08	448512	----a-w-	c:\windows\system32\html.iec
2013-02-17 02:08 . 2013-02-17 02:08	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2013-02-17 02:08 . 2013-02-17 02:08	39936	----a-w-	c:\windows\system32\iernonce.dll
2013-02-17 02:08 . 2013-02-17 02:08	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-02-17 02:08 . 2013-02-17 02:08	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-02-17 02:08 . 2013-02-17 02:08	30720	----a-w-	c:\windows\system32\licmgr10.dll
2013-02-17 02:08 . 2013-02-17 02:08	282112	----a-w-	c:\windows\system32\dxtrans.dll
2013-02-17 02:08 . 2013-02-17 02:08	267776	----a-w-	c:\windows\system32\ieaksie.dll
2013-02-17 02:08 . 2013-02-17 02:08	249344	----a-w-	c:\windows\system32\webcheck.dll
2013-02-17 02:08 . 2013-02-17 02:08	222208	----a-w-	c:\windows\system32\msls31.dll
2013-02-17 02:08 . 2013-02-17 02:08	197120	----a-w-	c:\windows\system32\msrating.dll
2013-02-17 02:08 . 2013-02-17 02:08	165888	----a-w-	c:\windows\system32\iexpress.exe
2013-02-17 02:08 . 2013-02-17 02:08	163840	----a-w-	c:\windows\system32\ieakui.dll
2013-02-17 02:08 . 2013-02-17 02:08	160256	----a-w-	c:\windows\system32\wextract.exe
2013-02-17 02:08 . 2013-02-17 02:08	160256	----a-w-	c:\windows\system32\ieakeng.dll
2013-02-17 02:08 . 2013-02-17 02:08	149504	----a-w-	c:\windows\system32\occache.dll
2013-02-17 02:08 . 2013-02-17 02:08	145920	----a-w-	c:\windows\system32\iepeers.dll
2013-02-17 02:08 . 2013-02-17 02:08	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-02-17 02:08 . 2013-02-17 02:08	12288	----a-w-	c:\windows\system32\mshta.exe
2013-02-17 02:08 . 2013-02-17 02:08	114176	----a-w-	c:\windows\system32\admparse.dll
2013-02-17 02:08 . 2013-02-17 02:08	111616	----a-w-	c:\windows\system32\iesysprep.dll
2013-02-17 02:08 . 2013-02-17 02:08	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2013-02-17 02:08 . 2013-02-17 02:08	103936	----a-w-	c:\windows\system32\inseng.dll
2013-02-15 21:11 . 2013-02-15 21:11	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-02-15 21:11 . 2013-02-15 21:11	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-15 21:11 . 2013-02-15 21:11	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-18 15:00 . 2011-01-06 19:39	6390048	----a-w-	c:\windows\system32\nvcpl.dll
2013-01-18 15:00 . 2011-01-06 19:39	3460896	----a-w-	c:\windows\system32\nvsvc64.dll
2013-01-18 15:00 . 2013-02-17 02:05	2953448	----a-w-	c:\windows\system32\nvcoproc.bin
2013-01-18 15:00 . 2011-01-06 19:38	118560	----a-w-	c:\windows\system32\nvmctray.dll
2013-01-18 15:00 . 2011-01-06 19:38	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-01-18 15:00 . 2011-01-06 19:38	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-01-18 15:00 . 2011-01-06 19:38	2558240	----a-w-	c:\windows\system32\nvsvcr.dll
2013-01-18 07:15 . 2013-01-18 07:15	550176	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-01-05 05:57 . 2013-02-13 16:51	5500776	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:02 . 2013-02-13 16:51	3957608	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:02 . 2013-02-13 16:51	3902312	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:41 . 2013-02-13 16:43	1893224	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-04 05:40 . 2013-02-13 16:43	287576	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-04 05:37 . 2013-02-13 16:44	362496	----a-w-	c:\windows\system32\wow64win.dll
2013-01-04 05:37 . 2013-02-13 16:44	243200	----a-w-	c:\windows\system32\wow64.dll
2013-01-04 05:37 . 2013-02-13 16:44	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2013-01-04 05:36 . 2013-02-13 16:44	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 05:33 . 2013-02-13 16:44	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2013-01-04 05:30 . 2013-02-13 16:44	424960	----a-w-	c:\windows\system32\KernelBase.dll
2013-01-04 05:30 . 2013-02-13 16:44	1161216	----a-w-	c:\windows\system32\kernel32.dll
2013-01-04 05:27 . 2013-02-13 16:44	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:44	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:44	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:44	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:44	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:44	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:44	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:44	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:44	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:44	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:44	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-12-20 20:56	1521952	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-20 1521952]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2010-12-23 2259568]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-07 17706088]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-03-15 1632680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-12-20 1574176]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-12 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-02-12 565472]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-18 17920]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-13 17:50]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3127675848-68977983-1399159111-1001Core.job
- c:\users\basti\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-13 16:13]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3127675848-68977983-1399159111-1001UA.job
- c:\users\basti\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-13 16:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = fbdirecto.net/1/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Ogdkdy - c:\users\basti\AppData\Roaming\Ogdkdy.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-24  18:03:33
ComboFix-quarantined-files.txt  2013-03-24 17:03
.
Vor Suchlauf: 23 Verzeichnis(se), 828.121.661.440 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 828.016.369.664 Bytes frei
.
- - End Of File - - 45CC69C7AC256F698C314D5EEAFDC261
         

Alt 25.03.2013, 11:55   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
F:\RECYCLER\e621ca05.exe - Standard

F:\RECYCLER\e621ca05.exe



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.03.2013, 15:59   #11
Blacklaiser
 
F:\RECYCLER\e621ca05.exe - Standard

F:\RECYCLER\e621ca05.exe



so nach dem neu start vom adwcleaneer kam eine meldung
c:\User\***\AppData\Roaming\OpenCandy\E90C284E83954476A0218B6AE6EB7205\OCBrowserHelper_1.0.4.106.dll

Das angegebene Modul wurde nicht gefunden

hier sind die logs
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Home Premium x64
Ran by basti on 25.03.2013 at 16:28:52,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3127675848-68977983-1399159111-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthost.tool
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthost.tool.1
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\basti\AppData\Roaming\opencandy"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.03.2013 at 16:35:05,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 25/03/2013 um 16:37:47 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : basti - BASTI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\basti\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Users\basti\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\basti\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb --> hxxp://www.google.com

-\\ Google Chrome v25.0.1364.172

Datei : C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.33] : search_url = "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54[...]

*************************

AdwCleaner[S1].txt - [6730 octets] - [25/03/2013 16:37:47]

########## EOF - C:\AdwCleaner[S1].txt - [6790 octets] ##########
         
Code:
ATTFilter
OTL Extras logfile created on: 25.03.2013 16:45:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\basti\Desktop\Anti-Virus Programme
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,04 Gb Available Physical Memory | 75,47% Memory free
16,00 Gb Paging File | 13,83 Gb Available in Paging File | 86,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 770,76 Gb Free Space | 82,74% Space Free | Partition Type: NTFS
Drive D: | 4,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 931,51 Gb Total Space | 741,69 Gb Free Space | 79,62% Space Free | Partition Type: NTFS
 
Computer Name: BASTI-PC | User Name: basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046041BF-6189-49C0-A122-1951050A9350}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0CB99028-99B9-48A5-A258-C91E41F02359}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{17190016-7837-467A-9B45-2E3695BAC63F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{254ED800-1AE5-4ED6-BB33-FEBA652D5EBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{309D4A84-A3D0-4F9B-8641-D498EE4DC94D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{315A1CCA-2561-4BDC-9A61-2403502EA240}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4249BBBB-ABD5-4E66-A3C8-DE3238449046}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5DB3E68D-5377-4682-9452-6B9A5AEDC9DA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{65ACCD6C-27C6-474E-9ABA-5E0C999808CC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{75F8A28E-32B5-498F-90AB-020C38172BA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{913221AB-7CCF-43D7-9BF5-2E6A750DCF84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{93D895B6-6015-415A-9E73-9965110E8966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{993B658F-957F-4264-8BED-C72C7924746D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9E7616E0-4C42-4266-9492-8B019DE53051}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A0008364-532F-4A51-891B-00897C8DEAD4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B5972BC3-A401-44A1-B16F-43A72877E084}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B9AD5EB0-316E-46DB-8235-8F2B27027FF7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BBE053A5-069E-43F0-B331-722B951E303B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C445E835-832E-4A4A-98AC-CA862ED15FA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC28F4C1-16B1-4182-929B-47E0F9D0FA2D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E41C9F8C-E2F6-4EDC-A0B5-17249218761E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F096F259-9EBA-41DD-9E09-47364992C98C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F56682DA-8078-4D16-BE63-C8E87DFD7E52}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E3A335-E89E-4E6B-98EC-B1AD758BA9D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{077BB950-5095-4DD0-9673-7A9696415A60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0889DD7A-2D98-45A0-915B-C61FA816ED1B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{0B3EA404-C2A0-4D6E-BC90-BC29161395E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1443C81B-37F4-4882-8F46-5E311C71DE20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{20EE0F13-E7DF-4D06-89B1-4E1EE4CB3BF2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{22AD454C-3A8D-4891-9B25-7E76AF146B0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{2B62394D-19B8-43B3-93C8-E73A8303AC6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{39F8D502-0EB0-4D15-8800-0E8D04C64A75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3D8A0EE5-C3A2-4132-A571-9D5E1FC001A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4654928D-DBBD-44ED-B838-4CC15BD22938}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4AC9509B-BF3C-42A7-A826-F3AD04FD7BDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5EA5E196-2097-44CA-B7FA-DC4FDDA82F30}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6FF1B221-31B5-4230-B3BD-99D2A61320EE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{82A30414-EB7E-46A8-A356-0567FDDDF826}" = protocol=6 | dir=out | app=system | 
"{8506E774-041E-484C-90AF-35FD603DF1BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{950C6B7D-EE5E-46EF-A934-4EA86AA30AB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{99F6D0C6-A5F0-40EA-A701-8607E8522686}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9C4BA0BE-E823-4872-BD35-8DE2BEEEB15B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A7F313FE-0A46-469A-933F-223CCDF10358}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D209E725-8A0A-4C63-88B0-152CF3E9A92A}" = protocol=58 | dir=in | app=system | 
"{DBCB20B5-772D-48A1-9D58-D42CC8A19C9A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E423B589-DB6B-42F2-B3B0-D0178607AE2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F1FC07E5-E83E-4A3F-A595-7FBDCE2280A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F78857FD-670D-4BA3-A311-70FF04C3634D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FC7E7C69-9CC0-4A16-8C73-FB116519B9D6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{0E410E0C-DBBA-41A0-B613-4576E9C527F2}C:\spiele1\call of duty modern warfare 3\iw5sp.exe" = protocol=6 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5sp.exe | 
"TCP Query User{18861116-2515-4D7C-BEB4-B01C1CCA9A4B}C:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp.exe | 
"TCP Query User{3D03630A-5B4F-4A9E-8B4D-6AE4A807F54F}C:\spiele1\call of duty modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp_server.exe | 
"TCP Query User{43D016D6-33A9-408B-BBDB-64BA4BBDA3E3}F:\spiele1\empire earth\empire earth.exe" = protocol=6 | dir=in | app=f:\spiele1\empire earth\empire earth.exe | 
"TCP Query User{4C880C81-2AD1-4699-B093-A23C11A0575D}F:\spiele1\call of duty modern warfare 3\iw5sp.exe" = protocol=6 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5sp.exe | 
"TCP Query User{509B228D-C967-414A-B9A0-10595BBEA68F}C:\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\metin2\metin2client.bin | 
"TCP Query User{5E48E488-6B58-400B-A25C-2FFDD5101BB9}E:\metin2\metin2client.bin" = protocol=6 | dir=in | app=e:\metin2\metin2client.bin | 
"TCP Query User{606A895A-F030-4CE6-90D5-170DB3B5D20E}F:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=f:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe | 
"TCP Query User{823B1FE6-92F1-4C2A-8554-696ECCF95EE5}F:\metin2\metin2client.bin" = protocol=6 | dir=in | app=f:\metin2\metin2client.bin | 
"TCP Query User{9579B278-E932-4443-9A93-0EC6FF717AA9}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{9EE1A822-EF67-4B7A-B080-0D26F9F7DA75}F:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5mp.exe | 
"UDP Query User{6AE8803C-8E99-4C6C-A854-5A4F956D0D4B}F:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=f:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe | 
"UDP Query User{7A593A2E-C269-4FC3-93C6-CC92D2147C6C}C:\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\metin2\metin2client.bin | 
"UDP Query User{8E2EF7D7-4DCC-4386-8E9B-53B777675346}C:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp.exe | 
"UDP Query User{8FD08008-C20F-4E46-B232-51E260920F51}C:\spiele1\call of duty modern warfare 3\iw5sp.exe" = protocol=17 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5sp.exe | 
"UDP Query User{A42EE3E0-67F5-4158-81B8-C188BA9DD736}E:\metin2\metin2client.bin" = protocol=17 | dir=in | app=e:\metin2\metin2client.bin | 
"UDP Query User{B25C9687-FA2E-43BC-A82F-094DF520884E}F:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5mp.exe | 
"UDP Query User{C90683E7-6355-4656-BA83-3C6A03875BF1}F:\metin2\metin2client.bin" = protocol=17 | dir=in | app=f:\metin2\metin2client.bin | 
"UDP Query User{D2E33147-8EB7-4FB1-BF03-54896444572D}F:\spiele1\empire earth\empire earth.exe" = protocol=17 | dir=in | app=f:\spiele1\empire earth\empire earth.exe | 
"UDP Query User{D552B5F0-F7D9-4677-AF29-754298D021EE}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{D66194BA-8404-42CF-8EB9-5A8740C0033C}F:\spiele1\call of duty modern warfare 3\iw5sp.exe" = protocol=17 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5sp.exe | 
"UDP Query User{FD73DD3E-F798-4265-AE53-2AB578AE644D}C:\spiele1\call of duty modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp_server.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{32A3A4F4-B792-11D6-A78A-00B0D0170130}" = Java SE Development Kit 7 Update 13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.3.1
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MySSID_is1" = EXPERTool 7.16
"Need for Speed Most Wanted_is1" = Need for Speed Most Wanted
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 72850" = The Elder Scrolls V: Skyrim
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3127675848-68977983-1399159111-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 25.03.2013 16:45:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\basti\Desktop\Anti-Virus Programme
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,04 Gb Available Physical Memory | 75,47% Memory free
16,00 Gb Paging File | 13,83 Gb Available in Paging File | 86,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 770,76 Gb Free Space | 82,74% Space Free | Partition Type: NTFS
Drive D: | 4,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 931,51 Gb Total Space | 741,69 Gb Free Space | 79,62% Space Free | Partition Type: NTFS
 
Computer Name: BASTI-PC | User Name: basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\basti\Desktop\Anti-Virus Programme\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\EXPERTool\TBPANEL.exe (Gainward Co.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll ()
MOD - C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll ()
MOD - C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll ()
MOD - C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\EXPERTool\TBManage.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (InputFilter_Hid_FlexDef2b) -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys (Siliten)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = fbdirecto.net/1/
IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 7A B6 02 62 09 CE 01  [binary data]
IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\..\SearchScopes\{0B2E1175-4E0B-46B1-A7D9-F477E60F2122}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=be8393d0-34dd-4927-9451-fe0c977105a7&apn_sauid=B64D5FB6-00F2-48C2-AC9F-5A8A17954E73
IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1003\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\basti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\basti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\basti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
 
O1 HOSTS File: ([2013.03.24 18:02:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-21-3127675848-68977983-1399159111-1001..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKU\S-1-5-21-3127675848-68977983-1399159111-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3127675848-68977983-1399159111-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3127675848-68977983-1399159111-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3127675848-68977983-1399159111-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2ADC8C-3CCF-4D36-B4BD-CADDCD830F7A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~4\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.06 16:01:16 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.25 16:28:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.25 16:28:24 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.24 18:07:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.24 18:03:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.24 17:56:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.24 17:56:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.24 17:56:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.24 17:56:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.24 17:56:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.24 17:45:04 | 005,044,071 | R--- | C] (Swearware) -- C:\Users\basti\Desktop\ComboFix.exe
[2013.03.24 13:35:08 | 000,000,000 | ---D | C] -- C:\Users\basti\Desktop\Anti-Virus Programme
[2013.03.23 12:31:14 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Roaming\Malwarebytes
[2013.03.23 12:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.23 12:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.23 12:31:04 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.23 12:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.23 12:30:56 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Programs
[2013.03.22 11:58:10 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.21 01:17:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.03.21 01:16:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.03.18 13:36:17 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Microsoft_Corporation
[2013.03.14 03:00:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.14 03:00:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.14 03:00:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.14 03:00:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.14 03:00:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.14 03:00:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.14 03:00:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.14 03:00:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.14 03:00:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.14 03:00:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.14 03:00:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.14 03:00:51 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.14 03:00:50 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.14 03:00:50 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.14 03:00:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.10 15:46:09 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\SKIDROW
[2013.03.08 22:36:59 | 000,000,000 | ---D | C] -- C:\Users\basti\Documents\EA Games
[2013.03.08 22:36:42 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\EA Games
[2013.03.04 06:57:17 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Skyrim
[2013.03.03 22:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2013.03.03 22:17:53 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Diagnostics
[2013.03.03 20:38:38 | 000,000,000 | ---D | C] -- C:\Users\basti\Documents\My Games
[2013.03.03 19:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.03.03 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.03.03 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.03.03 05:25:31 | 000,000,000 | ---D | C] -- C:\Users\basti\Documents\Criterion Games
[2013.02.26 00:32:44 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.02.26 00:32:40 | 006,262,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.02.26 00:32:36 | 026,929,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.02.26 00:32:36 | 002,720,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.02.26 00:32:36 | 000,958,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.02.26 00:32:34 | 007,932,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.02.26 00:32:34 | 002,346,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.02.26 00:32:32 | 000,245,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.02.26 00:32:28 | 002,904,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.02.26 00:32:26 | 020,449,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.02.26 00:32:24 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.02.26 00:32:08 | 012,641,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.02.26 00:32:08 | 007,564,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.02.26 00:32:08 | 001,985,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.02.26 00:32:06 | 009,390,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.02.26 00:32:04 | 000,201,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.02.24 22:01:23 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\TeknoGods
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.25 16:48:20 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.25 16:48:20 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.25 16:45:02 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.25 16:45:02 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.25 16:45:02 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.25 16:45:02 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.25 16:45:02 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.25 16:40:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.25 16:40:45 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.25 16:36:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127675848-68977983-1399159111-1001UA.job
[2013.03.24 21:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.24 18:02:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.24 17:48:50 | 005,044,071 | R--- | M] (Swearware) -- C:\Users\basti\Desktop\ComboFix.exe
[2013.03.24 12:37:25 | 000,000,000 | ---- | M] () -- C:\Users\basti\defogger_reenable
[2013.03.23 12:31:07 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.18 13:33:14 | 000,000,000 | -H-- | M] () -- C:\Users\basti\Documents\Default.rdp
[2013.03.14 21:40:08 | 000,002,372 | ---- | M] () -- C:\Users\basti\Desktop\Google Chrome.lnk
[2013.03.13 18:50:53 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 18:50:53 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.13 17:03:58 | 000,000,165 | ---- | M] () -- C:\Users\basti\Desktop\listen-aacisdn (1).pls
[2013.03.08 10:36:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127675848-68977983-1399159111-1001Core.job
[2013.03.03 22:21:42 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk
[2013.03.03 19:35:37 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.02.26 00:32:44 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.02.26 00:32:44 | 002,505,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.02.26 00:32:42 | 015,129,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.02.26 00:32:40 | 006,262,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.02.26 00:32:40 | 002,826,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.02.26 00:32:38 | 018,055,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.02.26 00:32:38 | 001,814,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2013.02.26 00:32:38 | 001,107,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.02.26 00:32:36 | 026,929,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.02.26 00:32:36 | 002,720,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.02.26 00:32:36 | 000,958,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.02.26 00:32:34 | 007,932,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.02.26 00:32:34 | 002,346,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.02.26 00:32:32 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2013.02.26 00:32:32 | 000,245,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.02.26 00:32:28 | 002,904,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.02.26 00:32:26 | 020,449,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.02.26 00:32:26 | 015,053,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.02.26 00:32:24 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.02.26 00:32:08 | 012,641,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.02.26 00:32:08 | 007,564,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.02.26 00:32:08 | 001,985,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.02.26 00:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.02.26 00:32:06 | 009,390,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.02.26 00:32:04 | 000,201,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.24 17:56:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.24 17:56:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.24 17:56:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.24 17:56:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.24 17:56:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.24 12:37:25 | 000,000,000 | ---- | C] () -- C:\Users\basti\defogger_reenable
[2013.03.23 12:31:07 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.18 13:33:14 | 000,000,000 | -H-- | C] () -- C:\Users\basti\Documents\Default.rdp
[2013.03.13 17:03:57 | 000,000,165 | ---- | C] () -- C:\Users\basti\Desktop\listen-aacisdn (1).pls
[2013.03.03 22:21:42 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk
[2013.03.03 19:35:36 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.02.13 17:36:29 | 000,000,017 | ---- | C] () -- C:\Users\basti\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Alt 25.03.2013, 18:54   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
F:\RECYCLER\e621ca05.exe - Standard

F:\RECYCLER\e621ca05.exe



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.03.2013, 01:36   #13
Blacklaiser
 
F:\RECYCLER\e621ca05.exe - Standard

F:\RECYCLER\e621ca05.exe



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.25.14

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
basti :: BASTI-PC [administrator]

25.03.2013 21:03:05
mbar-log-2013-03-25 (21-03-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27885
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1b7452194c0a994e8b68b57775895b08
# engine=13483
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-25 10:05:47
# local_time=2013-03-25 11:05:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 96 23676 229672437 16463 0
# compatibility_mode=5893 16776574 66 85 116654818 116654818 0 0
# scanned=304043
# found=21
# cleaned=0
# scan_time=6387
sh=ECCAE862016CBB8C05B1CAA98D0FCEA597D777D9 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\BASTI-PC\Backup Set 2012-12-30 190000\Backup Files 2012-12-30 190000\Backup files 2.zip"
sh=9ED9D9F73154C47CFCE11AE4C6444AC5FF7168E6 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\BASTI-PC\Backup Set 2013-01-13 190000\Backup Files 2013-01-13 190000\Backup files 3.zip"
sh=679D5F85D24D96CC7C0FCA6C507CDA4793D865B9 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\BASTI-PC\Backup Set 2013-01-27 190006\Backup Files 2013-01-27 190006\Backup files 3.zip"
sh=0EF9B862260C0563376901988203C1EB447DEF48 ft=1 fh=ca5630165ecb7221 vn="a variant of Win32/Injector.AEDM trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\basti\AppData\Roaming\E031.exe.vir"
sh=C2A761E51C5F5C5CD54A6524B991F680523F20BE ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\$RECYCLE.BIN.lnk"
sh=F18137DD5C527CC3A1C2A462D9E63F49744416BE ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\bilder 1.lnk"
sh=98BD904AD07343559576C72E94233908323C43CD ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Bilder.lnk"
sh=8797AABEEE0F52F70B1CD361B94CF6788605D402 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\filme.lnk"
sh=95EDCFACEEC9217C573DA2209BEE960202D2BD43 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Firefox.lnk"
sh=F39A4483AD95557F05E63EF5FD592F07E071C118 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Metin2.lnk"
sh=317C87E43981C737DC35C7B7839D4F8C4175D7ED ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Minecraft ordner.lnk"
sh=AAA8CDC464E7A152E2798C031070E1DE343C0D73 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Musik.lnk"
sh=E65F78024F86B2C1D8422E89BE9E0B989FB1D570 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\musik12.lnk"
sh=6D6326C0527634919F944DE9506EABE4B03016B3 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Programme 1.lnk"
sh=0F12B0BD909B0A6B23E63EF10EA4C42298293F5A ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Programme.lnk"
sh=1C94ED2263CF0D89B90F4A091D63FED8DE9B3469 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Programme2.lnk"
sh=A2E64620C3226015A0BDB917AA6ED0C79F32933F ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Serien.lnk"
sh=98F511A82936F615ED78DD46FBF485E458593169 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Spiele.lnk"
sh=3F0F4E18EEC677451C7FC8FC4A72B40E5A851E73 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\spiele1.lnk"
sh=7BC9617128898B7B4A74FC741BDBF302FFC8C96E ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\System Volume Information.lnk"
sh=78D753118491038E3BE30C391772C55C821B8314 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\youtubedownlaoer.lnk"
         

Alt 26.03.2013, 09:40   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
F:\RECYCLER\e621ca05.exe - Standard

F:\RECYCLER\e621ca05.exe



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:Files
F:\*.lnk
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.03.2013, 15:43   #15
Blacklaiser
 
F:\RECYCLER\e621ca05.exe - Standard

F:\RECYCLER\e621ca05.exe



woher weiß ich ob ich für das * bei F:\*.Ink meinen name ein fügen muss oder nicht

Antwort

Themen zu F:\RECYCLER\e621ca05.exe
antivir, autorun, avira, avira searchfree toolbar, bho, crystaldiskinfo, desktop, echtzeit-scanner, entfernen, festplatte, firefox, flash player, google, install.exe, logfile, metin2, object, problem, programm, realtek, registry, rundll, security, software, svchost.exe, usb, win32/adware.multiplug.h, win32/dorkbot.d, win32/injector.aedm



Ähnliche Themen: F:\RECYCLER\e621ca05.exe


  1. recycler/e621ca05.exe auf Laptop/ externer Festplatte, SD-Karte
    Log-Analyse und Auswertung - 09.12.2013 (11)
  2. USB-Stick mit Fehlermeldung "Fehlt recycler datei e621ca05.exe etc." - Log-File von ESET
    Log-Analyse und Auswertung - 25.08.2013 (27)
  3. C:\windows\system32RECYCLER\e621ca05.exe
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (29)
  4. recycler/e621ca05.exe auf meiner SD-Karte
    Plagegeister aller Art und deren Bekämpfung - 14.12.2012 (20)
  5. Verschlüsselungstrojaner e621ca05
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (38)
  6. Trojaner e621ca05.exe auf externer Festplatte. Ist auch mein Rechner befallen?
    Log-Analyse und Auswertung - 21.11.2012 (10)
  7. "H:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden.
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (63)
  8. "F:\RECYCLER\e621ca05.exe" kann nicht gefunden werden.
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (22)
  9. ,,Recycler/e621ca05.exe könnte nicht gefunden werden" auf externe Festplatte
    Alles rund um Windows - 19.10.2012 (1)
  10. "H:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden.
    Alles rund um Windows - 15.10.2012 (2)
  11. Virus Befall: e621ca05
    Log-Analyse und Auswertung - 08.10.2012 (29)
  12. e621ca05- externe Festplatte nicht erreichbar
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (3)
  13. Ext. Fesplatte zeigt nur noch Verknüpfungen (e621ca05.exe)
    Log-Analyse und Auswertung - 12.09.2012 (3)
  14. recycler e621ca05.exe auf Externer Festplatte
    Log-Analyse und Auswertung - 21.05.2012 (11)
  15. recycler/e621ca05.exe
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (3)
  16. Fehler bei Speicherkarten durch G:\RECYCLER\e621ca05.exe
    Log-Analyse und Auswertung - 31.03.2012 (29)
  17. recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler
    Log-Analyse und Auswertung - 21.11.2011 (42)

Zum Thema F:\RECYCLER\e621ca05.exe - Hallo Ich habe seit gesternabend ein Problem mit meiner Externen Festplatte und zwar werden alle Ordner als Verknüpfung Angezeigt. Wenn ich dort drauf klicke kommt ein Fenster dort steht "F:\RECYCLER\e621ca05.exe" - F:\RECYCLER\e621ca05.exe...
Archiv
Du betrachtest: F:\RECYCLER\e621ca05.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.