Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.04.2013, 17:11   #1
Supreme12
 
Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) - Standard

Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)



Hallo, da ich hier schon einmal gute Erfahrungen gemacht habe wende ich mich mit meinen Problem erneut an euch.

Das Problem beschreibt der Threadtitel ganz gut, Firefox öffnet random besagten Tab, manchmal tagelang garnicht und dann innerhalb weniger Stunden 3-4 mal. Da mir das ganze dann doch zu unegheuer wurde wollte ich nun etwas dagegen unternehmen.

OTL und GMER Logs habe ich schon gesammelt, nur leider weiß ich nicht mehr wie man diese in die, für euch praktische, kleine Zusammenfassung zum scrollen packt und ich finde einfach nirgends wie man das macht. (wahrscheinlich überseh ich es einfach kompeltt, ich habe gesucht!!).
Für eine erneute Anleitung wäre ich euch überaus dankbar.


Nun denn, ich hoffe auf gute Zusammenarbeit.

Edit: Oh man, bin ich wirklich im falschen Thread gelandet, Ich bitte vielmals um Verzeihung und um Verschieben ... Danke!

Geändert von Supreme12 (20.04.2013 um 17:17 Uhr)

Alt 20.04.2013, 18:31   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) - Standard

Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)



Hallo und

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 21.04.2013, 07:34   #3
Supreme12
 
Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) - Standard

Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)



Guten Morgen

Danke für die Antwort, hier die Logs:

OTL:

Code:
ATTFilter
OTL logfile created on: 20.04.2013 17:18:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\BAUDI\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,37 Gb Available Physical Memory | 79,69% Memory free
16,00 Gb Paging File | 14,29 Gb Available in Paging File | 89,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 697,34 Gb Free Space | 74,87% Space Free | Partition Type: NTFS
Drive D: | 1,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 6,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BAUDI-PC | User Name: BAUDI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.20 17:10:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BAUDI\Desktop\OTL.exe
PRC - [2012.12.18 15:09:54 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.10.29 15:03:54 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.08.30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.12 01:58:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.13 19:49:56 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 15:09:54 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.29 15:03:54 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012.10.25 03:01:23 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.08.30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.29 15:04:30 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.27 10:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.11.20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 88 7C AE A0 38 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: extension%40hidemyass.com:1.2.7
FF - prefs.js..extensions.enabledAddons: %7B25A1388B-6B18-46c3-BEBA-A81915D0DE8F%7D:1.7.8.5
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.29 15:04:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.29 15:04:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.29 15:04:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 01:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.09.14 19:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\Extensions
[2013.04.08 10:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\Firefox\Profiles\6x3m62k1.default\extensions
[2013.04.08 10:36:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\BAUDI\AppData\Roaming\mozilla\Firefox\Profiles\6x3m62k1.default\extensions\ich@maltegoetz.de
[2012.09.15 17:53:27 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\firefox\profiles\6x3m62k1.default\extensions\DivXWebPlayer@divx.com.xpi
[2013.01.13 10:45:10 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\firefox\profiles\6x3m62k1.default\extensions\extension@hidemyass.com.xpi
[2013.03.04 16:05:52 | 000,504,298 | ---- | M] () (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\firefox\profiles\6x3m62k1.default\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}.xpi
[2013.02.14 16:12:40 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\firefox\profiles\6x3m62k1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 01:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 01:58:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.20 05:13:28 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.117.1.25 89.16.129.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E8CC5E4-0DBB-45A4-8952-163938700E31}: DhcpNameServer = 62.117.1.25 89.16.129.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.19 08:56:08 | 008,382,272 | R--- | M] (Electronic Arts, Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2013.02.01 01:51:38 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ]
O32 - AutoRun File - [2013.01.19 08:59:08 | 000,163,254 | R--- | M] () - D:\Autorun.ico -- [ UDF ]
O32 - AutoRun File - [2013.02.01 01:51:34 | 000,000,096 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0393c884-fe8a-11e1-be61-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0393c884-fe8a-11e1-be61-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{0393c884-fe8a-11e1-be61-806e6f6e6963}\Shell\DirectX\command - "" = E:\soft\directx_Jun2010_redist.exe
O33 - MountPoints2\{0393c884-fe8a-11e1-be61-806e6f6e6963}\Shell\Install\command - "" = E:\autorun.exe
O33 - MountPoints2\{cc3c0712-fe8c-11e1-b3ff-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cc3c0712-fe8c-11e1-b3ff-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2013.01.19 08:56:08 | 008,382,272 | R--- | M] (Electronic Arts, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.20 17:10:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\BAUDI\Desktop\OTL.exe
[2013.04.12 01:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.10 08:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.20 17:17:59 | 000,000,000 | ---- | M] () -- C:\Users\BAUDI\defogger_reenable
[2013.04.20 17:10:58 | 000,377,856 | ---- | M] () -- C:\Users\BAUDI\Desktop\gmer_2.1.19163.exe
[2013.04.20 17:10:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BAUDI\Desktop\OTL.exe
[2013.04.20 17:08:47 | 000,050,477 | ---- | M] () -- C:\Users\BAUDI\Desktop\Defogger.exe
[2013.04.20 16:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.20 15:07:54 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.20 15:07:54 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.20 15:05:35 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.20 15:05:35 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.20 15:05:35 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.20 15:05:35 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.20 15:05:35 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.20 15:00:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.20 15:00:36 | 2146,291,711 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.15 23:52:30 | 540,846,414 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.07 23:38:48 | 000,007,607 | ---- | M] () -- C:\Users\BAUDI\AppData\Local\Resmon.ResmonCfg
 
========== Files Created - No Company Name ==========
 
[2013.04.20 17:17:59 | 000,000,000 | ---- | C] () -- C:\Users\BAUDI\defogger_reenable
[2013.04.20 17:10:58 | 000,377,856 | ---- | C] () -- C:\Users\BAUDI\Desktop\gmer_2.1.19163.exe
[2013.04.20 17:08:47 | 000,050,477 | ---- | C] () -- C:\Users\BAUDI\Desktop\Defogger.exe
[2013.04.07 23:38:48 | 000,007,607 | ---- | C] () -- C:\Users\BAUDI\AppData\Local\Resmon.ResmonCfg
[2012.12.18 14:23:12 | 000,281,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.18 14:22:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.08 07:12:18 | 000,741,889 | ---- | C] () -- C:\Users\BAUDI\C00FIUYA5ANK1336644988195.jpg
[2012.11.08 07:12:18 | 000,713,018 | ---- | C] () -- C:\Users\BAUDI\4TE2DY6M0A8J1336644987730.jpg
[2012.11.08 07:12:18 | 000,080,767 | ---- | C] () -- C:\Users\BAUDI\385655_361131910612039_855087110_n.jpg
[2012.09.14 19:08:51 | 000,017,408 | ---- | C] () -- C:\Users\BAUDI\AppData\Local\WebpageIcons.db
[2012.09.14 18:48:26 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2012.09.14 18:44:56 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.19 16:33:38 | 000,000,000 | ---D | M] -- C:\Users\BAUDI\AppData\Roaming\Amazon
[2013.04.20 17:17:37 | 000,000,000 | ---D | M] -- C:\Users\BAUDI\AppData\Roaming\ICQ
[2012.09.16 17:51:33 | 000,000,000 | ---D | M] -- C:\Users\BAUDI\AppData\Roaming\LolClient
[2013.03.13 14:14:32 | 000,000,000 | ---D | M] -- C:\Users\BAUDI\AppData\Roaming\Origin
[2013.04.19 23:08:58 | 000,000,000 | ---D | M] -- C:\Users\BAUDI\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         
GMER:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-20 17:34:51
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 ST1000DM rev.1AJ1 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\BAUDI\AppData\Local\Temp\pgloqpob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                            00000000721b17fa 2 bytes CALL 74e51199 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                        00000000721b1860 2 bytes CALL 74e51199 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                      00000000721b1942 2 bytes JMP 762fc29f C:\Windows\syswow64\WS2_32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                     00000000721b194d 2 bytes JMP 762f418d C:\Windows\syswow64\WS2_32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                              0000000074b21401 2 bytes JMP 74e6eb26 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                0000000074b21419 2 bytes JMP 74e7b513 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                              0000000074b21431 2 bytes JMP 74ef8609 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                              0000000074b2144a 2 bytes CALL 74e51dfa C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                         * 9
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                 0000000074b214dd 2 bytes JMP 74ef7efe C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                          0000000074b214f5 2 bytes JMP 74ef80d8 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                 0000000074b2150d 2 bytes JMP 74ef7df4 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                          0000000074b21525 2 bytes JMP 74ef81c2 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                0000000074b2153d 2 bytes JMP 74e6f088 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                     0000000074b21555 2 bytes JMP 74e7b885 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                              0000000074b2156d 2 bytes JMP 74ef86c1 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                0000000074b21585 2 bytes JMP 74ef8222 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                   0000000074b2159d 2 bytes JMP 74ef7db8 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                0000000074b215b5 2 bytes JMP 74e6f121 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                              0000000074b215cd 2 bytes JMP 74e7b29f C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                          0000000074b216b2 2 bytes JMP 74ef8584 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                          0000000074b216bd 2 bytes JMP 74ef7d4d C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000074b21401 2 bytes JMP 74e6eb26 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000074b21419 2 bytes JMP 74e7b513 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000074b21431 2 bytes JMP 74ef8609 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000074b2144a 2 bytes CALL 74e51dfa C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                         * 9
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         0000000074b214dd 2 bytes JMP 74ef7efe C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000074b214f5 2 bytes JMP 74ef80d8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         0000000074b2150d 2 bytes JMP 74ef7df4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000074b21525 2 bytes JMP 74ef81c2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000074b2153d 2 bytes JMP 74e6f088 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000074b21555 2 bytes JMP 74e7b885 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000074b2156d 2 bytes JMP 74ef86c1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000074b21585 2 bytes JMP 74ef8222 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           0000000074b2159d 2 bytes JMP 74ef7db8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000074b215b5 2 bytes JMP 74e6f121 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000074b215cd 2 bytes JMP 74e7b29f C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000074b216b2 2 bytes JMP 74ef8584 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000074b216bd 2 bytes JMP 74ef7d4d C:\Windows\syswow64\kernel32.dll

---- EOF - GMER 2.1 ----
         
Falls es noch Relevant ist, ich nutze Ksapersky Internet Security und Adblock Plus bei Firefox.
__________________

Alt 21.04.2013, 21:59   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) - Standard

Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)



Zitat:
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.04.2013, 11:14   #5
Supreme12
 
Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) - Standard

Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)



Nunja, da kann man sicherlich drüber streiten ob man das als Privatanwender braucht. Ich hab mir meinen Rechner vor 2 oder 3 Jahren im Internet zusammen gestellt (keine Ahnung ob ich hier externe Links posten darf, kann ich gerne auf Anfrage nachholen). Der Preisunterschied war nicht besonders signifikant daher habe ich mich damals für Ultimate entschieden.


Alt 22.04.2013, 13:27   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) - Standard

Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)



Ok, danke für die Erklärung

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)

Alt 22.04.2013, 14:53   #7
Supreme12
 
Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) - Standard

Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)



Vielen Dank für die Antwort !

Hier die Logs:

MBAR hatte nichts gefunden daher habe ich auf einen reboot verzichtet.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.22.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
BAUDI :: BAUDI-PC [administrator]

22.04.2013 15:23:36
mbar-log-2013-04-22 (15-23-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28437
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
aswMBR

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-22 15:40:43
-----------------------------
15:40:43.133    OS Version: Windows x64 6.1.7600 
15:40:43.133    Number of processors: 8 586 0x1A05
15:40:43.133    ComputerName: BAUDI-PC  UserName: BAUDI
15:40:45.427    Initialize success
15:40:59.253    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
15:40:59.253    Disk 0 Vendor: ST1000DM 1AJ1 Size: 953869MB BusType: 3
15:40:59.393    Disk 0 MBR read successfully
15:40:59.393    Disk 0 MBR scan
15:40:59.393    Disk 0 Windows 7 default MBR code
15:40:59.409    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:40:59.409    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953767 MB offset 206848
15:40:59.456    Disk 0 scanning C:\Windows\system32\drivers
15:41:03.761    Service scanning
15:41:06.975    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
15:41:06.991    Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
15:41:07.053    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
15:41:07.069    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
15:41:13.137    Modules scanning
15:41:13.137    Disk 0 trace - called modules:
15:41:13.153    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
15:41:13.168    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008454060]
15:41:13.168    3 CLASSPNP.SYS[fffff8800205143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007575050]
15:41:13.168    Scan finished successfully
15:41:23.605    Disk 0 MBR has been saved successfully to "C:\Users\BAUDI\Desktop\MBR.dat"
15:41:23.605    The log file has been saved successfully to "C:\Users\BAUDI\Desktop\aswMBR.txt"
         
TDSS hatte was gefunden, aber steht ja auch alles da drin.

Code:
ATTFilter
15:43:31.0729 7400  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:43:31.0807 7400  ============================================================
15:43:31.0807 7400  Current date / time: 2013/04/22 15:43:31.0807
15:43:31.0807 7400  SystemInfo:
15:43:31.0807 7400  
15:43:31.0807 7400  OS Version: 6.1.7600 ServicePack: 0.0
15:43:31.0807 7400  Product type: Workstation
15:43:31.0807 7400  ComputerName: BAUDI-PC
15:43:31.0807 7400  UserName: BAUDI
15:43:31.0807 7400  Windows directory: C:\Windows
15:43:31.0807 7400  System windows directory: C:\Windows
15:43:31.0807 7400  Running under WOW64
15:43:31.0807 7400  Processor architecture: Intel x64
15:43:31.0807 7400  Number of processors: 8
15:43:31.0807 7400  Page size: 0x1000
15:43:31.0807 7400  Boot type: Normal boot
15:43:31.0807 7400  ============================================================
15:43:32.0072 7400  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
15:43:32.0088 7400  ============================================================
15:43:32.0088 7400  \Device\Harddisk0\DR0:
15:43:32.0088 7400  MBR partitions:
15:43:32.0088 7400  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:43:32.0088 7400  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
15:43:32.0088 7400  ============================================================
15:43:32.0119 7400  C: <-> \Device\Harddisk0\DR0\Partition2
15:43:32.0119 7400  ============================================================
15:43:32.0119 7400  Initialize success
15:43:32.0119 7400  ============================================================
15:43:43.0382 1180  ============================================================
15:43:43.0382 1180  Scan started
15:43:43.0382 1180  Mode: Manual; SigCheck; TDLFS; 
15:43:43.0382 1180  ============================================================
15:43:43.0647 1180  ================ Scan system memory ========================
15:43:43.0647 1180  System memory - ok
15:43:43.0647 1180  ================ Scan services =============================
15:43:43.0772 1180  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
15:43:43.0866 1180  1394ohci - ok
15:43:43.0881 1180  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
15:43:43.0897 1180  ACPI - ok
15:43:43.0928 1180  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
15:43:43.0991 1180  AcpiPmi - ok
15:43:44.0115 1180  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:43:44.0147 1180  AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - warning
15:43:44.0147 1180  AdobeFlashPlayerUpdateSvc - detected UnsignedFile.Multi.Generic (1)
15:43:44.0178 1180  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:43:44.0193 1180  adp94xx - ok
15:43:44.0240 1180  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:43:44.0256 1180  adpahci - ok
15:43:44.0271 1180  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:43:44.0287 1180  adpu320 - ok
15:43:44.0318 1180  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:43:44.0490 1180  AeLookupSvc - ok
15:43:44.0537 1180  [ B9384E03479D2506BC924C16A3DB87BC ] AFD             C:\Windows\system32\drivers\afd.sys
15:43:44.0615 1180  AFD - ok
15:43:44.0630 1180  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
15:43:44.0630 1180  agp440 - ok
15:43:44.0646 1180  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:43:44.0755 1180  ALG - ok
15:43:44.0786 1180  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
15:43:44.0786 1180  aliide - ok
15:43:44.0817 1180  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
15:43:44.0817 1180  amdide - ok
15:43:44.0849 1180  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:43:44.0911 1180  AmdK8 - ok
15:43:44.0942 1180  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:43:44.0942 1180  AmdPPM - ok
15:43:44.0989 1180  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
15:43:45.0005 1180  amdsata - ok
15:43:45.0067 1180  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:43:45.0083 1180  amdsbs - ok
15:43:45.0098 1180  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
15:43:45.0114 1180  amdxata - ok
15:43:45.0129 1180  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
15:43:45.0223 1180  AppID - ok
15:43:45.0254 1180  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:43:45.0301 1180  AppIDSvc - ok
15:43:45.0332 1180  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
15:43:45.0395 1180  Appinfo - ok
15:43:45.0488 1180  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:43:45.0504 1180  AppMgmt - ok
15:43:45.0519 1180  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:43:45.0535 1180  arc - ok
15:43:45.0566 1180  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:43:45.0582 1180  arcsas - ok
15:43:45.0597 1180  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:45.0644 1180  AsyncMac - ok
15:43:45.0675 1180  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
15:43:45.0675 1180  atapi - ok
15:43:45.0691 1180  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:43:45.0753 1180  AudioEndpointBuilder - ok
15:43:45.0753 1180  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:43:45.0785 1180  AudioSrv - ok
15:43:45.0878 1180  [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
15:43:45.0909 1180  AVP - ok
15:43:45.0941 1180  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:43:45.0987 1180  AxInstSV - ok
15:43:46.0065 1180  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:43:46.0112 1180  b06bdrv - ok
15:43:46.0128 1180  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:43:46.0159 1180  b57nd60a - ok
15:43:46.0190 1180  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:43:46.0237 1180  BDESVC - ok
15:43:46.0253 1180  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:43:46.0299 1180  Beep - ok
15:43:46.0346 1180  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
15:43:46.0393 1180  BFE - ok
15:43:46.0424 1180  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
15:43:46.0487 1180  BITS - ok
15:43:46.0502 1180  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:43:46.0533 1180  blbdrive - ok
15:43:46.0549 1180  [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:43:46.0596 1180  bowser - ok
15:43:46.0596 1180  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:43:46.0627 1180  BrFiltLo - ok
15:43:46.0658 1180  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:43:46.0674 1180  BrFiltUp - ok
15:43:46.0689 1180  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
15:43:46.0767 1180  Browser - ok
15:43:46.0799 1180  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:43:46.0814 1180  Brserid - ok
15:43:46.0814 1180  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:43:46.0861 1180  BrSerWdm - ok
15:43:46.0877 1180  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:43:46.0892 1180  BrUsbMdm - ok
15:43:46.0908 1180  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:43:46.0908 1180  BrUsbSer - ok
15:43:46.0939 1180  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:43:47.0017 1180  BTHMODEM - ok
15:43:47.0033 1180  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:43:47.0079 1180  bthserv - ok
15:43:47.0095 1180  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:43:47.0126 1180  cdfs - ok
15:43:47.0142 1180  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:43:47.0142 1180  cdrom - ok
15:43:47.0157 1180  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:43:47.0189 1180  CertPropSvc - ok
15:43:47.0204 1180  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:43:47.0235 1180  circlass - ok
15:43:47.0267 1180  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:43:47.0282 1180  CLFS - ok
15:43:47.0345 1180  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:47.0360 1180  clr_optimization_v2.0.50727_32 - ok
15:43:47.0407 1180  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:43:47.0423 1180  clr_optimization_v2.0.50727_64 - ok
15:43:47.0485 1180  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:47.0485 1180  clr_optimization_v4.0.30319_32 - ok
15:43:47.0547 1180  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:43:47.0547 1180  clr_optimization_v4.0.30319_64 - ok
15:43:47.0563 1180  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:43:47.0594 1180  CmBatt - ok
15:43:47.0610 1180  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
15:43:47.0625 1180  cmdide - ok
15:43:47.0641 1180  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG             C:\Windows\system32\Drivers\cng.sys
15:43:47.0672 1180  CNG - ok
15:43:47.0688 1180  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:43:47.0688 1180  Compbatt - ok
15:43:47.0703 1180  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:43:47.0719 1180  CompositeBus - ok
15:43:47.0719 1180  COMSysApp - ok
15:43:47.0797 1180  cpuz132 - ok
15:43:47.0813 1180  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:43:47.0813 1180  crcdisk - ok
15:43:47.0875 1180  [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:43:47.0922 1180  CryptSvc - ok
15:43:47.0969 1180  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\Windows\system32\drivers\csc.sys
15:43:47.0984 1180  CSC - ok
15:43:48.0015 1180  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
15:43:48.0047 1180  CscService - ok
15:43:48.0093 1180  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:43:48.0171 1180  DcomLaunch - ok
15:43:48.0187 1180  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:43:48.0249 1180  defragsvc - ok
15:43:48.0281 1180  [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:43:48.0296 1180  DfsC - ok
15:43:48.0312 1180  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:43:48.0452 1180  Dhcp - ok
15:43:48.0468 1180  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:43:48.0561 1180  discache - ok
15:43:48.0593 1180  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:43:48.0593 1180  Disk - ok
15:43:48.0624 1180  [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:43:48.0671 1180  Dnscache - ok
15:43:48.0686 1180  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
15:43:48.0702 1180  dot3svc - ok
15:43:48.0717 1180  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
15:43:48.0733 1180  DPS - ok
15:43:48.0795 1180  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:43:48.0811 1180  drmkaud - ok
15:43:48.0858 1180  [ 7CB7D2B73813CE05C7BC0F5F95D27CEC ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:43:48.0905 1180  DXGKrnl - ok
15:43:48.0936 1180  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:43:48.0967 1180  EapHost - ok
15:43:49.0014 1180  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:43:49.0061 1180  ebdrv - ok
15:43:49.0092 1180  [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS             C:\Windows\System32\lsass.exe
15:43:49.0123 1180  EFS - ok
15:43:49.0201 1180  [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:43:49.0248 1180  ehRecvr - ok
15:43:49.0263 1180  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:43:49.0295 1180  ehSched - ok
15:43:49.0326 1180  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:43:49.0341 1180  elxstor - ok
15:43:49.0373 1180  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
15:43:49.0404 1180  ErrDev - ok
15:43:49.0466 1180  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:43:49.0513 1180  EventSystem - ok
15:43:49.0513 1180  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:43:49.0544 1180  exfat - ok
15:43:49.0622 1180  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:43:49.0685 1180  fastfat - ok
15:43:49.0747 1180  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
15:43:49.0794 1180  Fax - ok
15:43:49.0809 1180  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:43:49.0841 1180  fdc - ok
15:43:49.0872 1180  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:43:49.0919 1180  fdPHost - ok
15:43:49.0934 1180  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:43:49.0950 1180  FDResPub - ok
15:43:49.0965 1180  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:43:49.0965 1180  FileInfo - ok
15:43:49.0981 1180  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:43:49.0997 1180  Filetrace - ok
15:43:49.0997 1180  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:43:50.0012 1180  flpydisk - ok
15:43:50.0028 1180  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:43:50.0043 1180  FltMgr - ok
15:43:50.0059 1180  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache       C:\Windows\system32\FntCache.dll
15:43:50.0090 1180  FontCache - ok
15:43:50.0121 1180  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:43:50.0137 1180  FontCache3.0.0.0 - ok
15:43:50.0153 1180  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:43:50.0153 1180  FsDepends - ok
15:43:50.0168 1180  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:43:50.0168 1180  Fs_Rec - ok
15:43:50.0184 1180  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:43:50.0199 1180  fvevol - ok
15:43:50.0215 1180  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:43:50.0231 1180  gagp30kx - ok
15:43:50.0231 1180  gdrv - ok
15:43:50.0246 1180  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
15:43:50.0293 1180  gpsvc - ok
15:43:50.0309 1180  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:43:50.0355 1180  hcw85cir - ok
15:43:50.0387 1180  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:43:50.0402 1180  HdAudAddService - ok
15:43:50.0418 1180  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:43:50.0449 1180  HDAudBus - ok
15:43:50.0480 1180  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:43:50.0480 1180  HidBatt - ok
15:43:50.0496 1180  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:43:50.0527 1180  HidBth - ok
15:43:50.0543 1180  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:43:50.0574 1180  HidIr - ok
15:43:50.0589 1180  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:43:50.0621 1180  hidserv - ok
15:43:50.0652 1180  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:43:50.0652 1180  HidUsb - ok
15:43:50.0683 1180  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:43:50.0714 1180  hkmsvc - ok
15:43:50.0745 1180  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:43:50.0761 1180  HomeGroupListener - ok
15:43:50.0792 1180  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:43:50.0823 1180  HomeGroupProvider - ok
15:43:50.0855 1180  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
15:43:50.0855 1180  HpSAMD - ok
15:43:50.0886 1180  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:43:50.0933 1180  HTTP - ok
15:43:50.0933 1180  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:43:50.0933 1180  hwpolicy - ok
15:43:50.0964 1180  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:43:50.0964 1180  i8042prt - ok
15:43:51.0026 1180  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:43:51.0042 1180  IAANTMON - ok
15:43:51.0073 1180  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:43:51.0073 1180  iaStor - ok
15:43:51.0104 1180  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
15:43:51.0120 1180  iaStorV - ok
15:43:51.0135 1180  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:43:51.0151 1180  idsvc - ok
15:43:51.0167 1180  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:43:51.0167 1180  iirsp - ok
15:43:51.0198 1180  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
15:43:51.0229 1180  IKEEXT - ok
15:43:51.0323 1180  [ 163F94EBF8F8A98616A6B804AF08D736 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:43:51.0369 1180  IntcAzAudAddService - ok
15:43:51.0369 1180  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
15:43:51.0385 1180  intelide - ok
15:43:51.0401 1180  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:43:51.0432 1180  intelppm - ok
15:43:51.0463 1180  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:43:51.0525 1180  IPBusEnum - ok
15:43:51.0541 1180  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:51.0557 1180  IpFilterDriver - ok
15:43:51.0572 1180  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:43:51.0603 1180  iphlpsvc - ok
15:43:51.0619 1180  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:43:51.0635 1180  IPMIDRV - ok
15:43:51.0650 1180  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:43:51.0713 1180  IPNAT - ok
15:43:51.0728 1180  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:43:51.0744 1180  IRENUM - ok
15:43:51.0759 1180  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
15:43:51.0759 1180  isapnp - ok
15:43:51.0775 1180  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:43:51.0791 1180  iScsiPrt - ok
15:43:51.0853 1180  [ F3A41EC4C6506E76E07A219B3A1DF8D2 ] JMB36X          C:\Windows\SysWOW64\XSrvSetup.exe
15:43:51.0853 1180  JMB36X - ok
15:43:51.0900 1180  [ 1C368C1A2733DCC5B8E15420AA2B0F6D ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
15:43:51.0900 1180  JRAID - ok
15:43:51.0915 1180  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:51.0931 1180  kbdclass - ok
15:43:51.0947 1180  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:43:51.0993 1180  kbdhid - ok
15:43:52.0025 1180  [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso          C:\Windows\system32\lsass.exe
15:43:52.0040 1180  KeyIso - ok
15:43:52.0071 1180  [ E656FE10D6D27794AFA08136685A69E8 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
15:43:52.0087 1180  KL1 - ok
15:43:52.0087 1180  [ D865DD8B0448E3F963D68C04C532858F ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
15:43:52.0103 1180  kl2 - ok
15:43:52.0149 1180  [ 8490798365236B6C8E54DEDD27A42D07 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
15:43:52.0165 1180  KLIF - ok
15:43:52.0181 1180  [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
15:43:52.0181 1180  KLIM6 - ok
15:43:52.0196 1180  [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
15:43:52.0196 1180  klmouflt - ok
15:43:52.0212 1180  [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:43:52.0227 1180  KSecDD - ok
15:43:52.0227 1180  [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:43:52.0227 1180  KSecPkg - ok
15:43:52.0243 1180  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:43:52.0290 1180  ksthunk - ok
15:43:52.0305 1180  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:43:52.0352 1180  KtmRm - ok
15:43:52.0383 1180  [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:43:52.0415 1180  LanmanServer - ok
15:43:52.0430 1180  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:43:52.0461 1180  LanmanWorkstation - ok
15:43:52.0493 1180  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:43:52.0539 1180  lltdio - ok
15:43:52.0555 1180  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:43:52.0586 1180  lltdsvc - ok
15:43:52.0602 1180  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:43:52.0617 1180  lmhosts - ok
15:43:52.0649 1180  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:43:52.0649 1180  LSI_FC - ok
15:43:52.0664 1180  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:43:52.0664 1180  LSI_SAS - ok
15:43:52.0680 1180  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:43:52.0680 1180  LSI_SAS2 - ok
15:43:52.0680 1180  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:43:52.0695 1180  LSI_SCSI - ok
15:43:52.0711 1180  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:43:52.0742 1180  luafv - ok
15:43:52.0773 1180  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:43:52.0805 1180  Mcx2Svc - ok
15:43:52.0820 1180  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:43:52.0836 1180  megasas - ok
15:43:52.0851 1180  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:43:52.0867 1180  MegaSR - ok
15:43:52.0883 1180  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:43:52.0961 1180  MMCSS - ok
15:43:52.0976 1180  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:43:53.0007 1180  Modem - ok
15:43:53.0039 1180  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:43:53.0070 1180  monitor - ok
15:43:53.0085 1180  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:43:53.0101 1180  mouclass - ok
15:43:53.0117 1180  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:43:53.0132 1180  mouhid - ok
15:43:53.0163 1180  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:43:53.0163 1180  mountmgr - ok
15:43:53.0195 1180  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:43:53.0210 1180  MozillaMaintenance - ok
15:43:53.0226 1180  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
15:43:53.0241 1180  mpio - ok
15:43:53.0257 1180  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:43:53.0288 1180  mpsdrv - ok
15:43:53.0319 1180  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:43:53.0366 1180  MpsSvc - ok
15:43:53.0382 1180  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:43:53.0413 1180  MRxDAV - ok
15:43:53.0429 1180  [ CFDCD8CA87C2A657DEBC150AC35B5E08 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:53.0491 1180  mrxsmb - ok
15:43:53.0522 1180  [ 1BEE517B220B7F024F411AEC1571DD5A ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:53.0538 1180  mrxsmb10 - ok
15:43:53.0553 1180  [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:53.0585 1180  mrxsmb20 - ok
15:43:53.0585 1180  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
15:43:53.0585 1180  msahci - ok
15:43:53.0600 1180  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
15:43:53.0600 1180  msdsm - ok
15:43:53.0616 1180  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:43:53.0647 1180  MSDTC - ok
15:43:53.0663 1180  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:43:53.0709 1180  Msfs - ok
15:43:53.0709 1180  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:43:53.0741 1180  mshidkmdf - ok
15:43:53.0756 1180  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
15:43:53.0772 1180  msisadrv - ok
15:43:53.0819 1180  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:43:53.0865 1180  MSiSCSI - ok
15:43:53.0865 1180  msiserver - ok
15:43:53.0881 1180  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:43:53.0928 1180  MSKSSRV - ok
15:43:53.0943 1180  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:53.0959 1180  MSPCLOCK - ok
15:43:53.0975 1180  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:43:54.0006 1180  MSPQM - ok
15:43:54.0037 1180  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:43:54.0037 1180  MsRPC - ok
15:43:54.0068 1180  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:43:54.0084 1180  mssmbios - ok
15:43:54.0084 1180  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:43:54.0115 1180  MSTEE - ok
15:43:54.0131 1180  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:43:54.0146 1180  MTConfig - ok
15:43:54.0193 1180  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:43:54.0209 1180  Mup - ok
15:43:54.0240 1180  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
15:43:54.0287 1180  napagent - ok
15:43:54.0302 1180  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:43:54.0333 1180  NativeWifiP - ok
15:43:54.0365 1180  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:43:54.0396 1180  NDIS - ok
15:43:54.0411 1180  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:43:54.0427 1180  NdisCap - ok
15:43:54.0458 1180  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:43:54.0474 1180  NdisTapi - ok
15:43:54.0474 1180  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:43:54.0567 1180  Ndisuio - ok
15:43:54.0583 1180  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:43:54.0599 1180  NdisWan - ok
15:43:54.0614 1180  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:43:54.0630 1180  NDProxy - ok
15:43:54.0661 1180  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:43:54.0677 1180  NetBIOS - ok
15:43:54.0692 1180  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:43:54.0708 1180  NetBT - ok
15:43:54.0708 1180  [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon        C:\Windows\system32\lsass.exe
15:43:54.0723 1180  Netlogon - ok
15:43:54.0786 1180  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:43:54.0848 1180  Netman - ok
15:43:54.0848 1180  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:43:54.0879 1180  netprofm - ok
15:43:54.0895 1180  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:43:54.0911 1180  NetTcpPortSharing - ok
15:43:54.0926 1180  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:43:54.0926 1180  nfrd960 - ok
15:43:54.0957 1180  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:43:55.0004 1180  NlaSvc - ok
15:43:55.0020 1180  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:43:55.0035 1180  Npfs - ok
15:43:55.0051 1180  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:43:55.0067 1180  nsi - ok
15:43:55.0082 1180  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:43:55.0113 1180  nsiproxy - ok
15:43:55.0160 1180  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:43:55.0191 1180  Ntfs - ok
15:43:55.0191 1180  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:43:55.0223 1180  Null - ok
15:43:55.0269 1180  [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
15:43:55.0285 1180  nusb3hub - ok
15:43:55.0301 1180  [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:43:55.0316 1180  nusb3xhc - ok
15:43:55.0347 1180  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
15:43:55.0347 1180  NVHDA - ok
15:43:55.0550 1180  [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:43:55.0675 1180  nvlddmkm - ok
15:43:55.0691 1180  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
15:43:55.0706 1180  nvraid - ok
15:43:55.0706 1180  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
15:43:55.0722 1180  nvstor - ok
15:43:55.0753 1180  [ 43F91595049DE14C4B61D1E76436164F ] NVSvc           C:\Windows\system32\nvvsvc.exe
15:43:55.0753 1180  NVSvc - ok
15:43:55.0815 1180  [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:43:55.0847 1180  nvUpdatusService - ok
15:43:55.0847 1180  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
15:43:55.0847 1180  nv_agp - ok
15:43:55.0862 1180  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:43:55.0862 1180  ohci1394 - ok
15:43:55.0893 1180  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:43:55.0940 1180  p2pimsvc - ok
15:43:55.0956 1180  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:43:55.0971 1180  p2psvc - ok
15:43:56.0003 1180  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:43:56.0003 1180  Parport - ok
15:43:56.0018 1180  [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:43:56.0018 1180  partmgr - ok
15:43:56.0034 1180  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:43:56.0065 1180  PcaSvc - ok
15:43:56.0081 1180  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
15:43:56.0096 1180  pci - ok
15:43:56.0112 1180  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
15:43:56.0127 1180  pciide - ok
15:43:56.0143 1180  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:43:56.0143 1180  pcmcia - ok
15:43:56.0159 1180  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:43:56.0159 1180  pcw - ok
15:43:56.0174 1180  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:43:56.0205 1180  PEAUTH - ok
15:43:56.0237 1180  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:43:56.0283 1180  PeerDistSvc - ok
15:43:56.0346 1180  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:43:56.0377 1180  PerfHost - ok
15:43:56.0408 1180  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
15:43:56.0471 1180  pla - ok
15:43:56.0502 1180  [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:43:56.0549 1180  PlugPlay - ok
15:43:56.0580 1180  PnkBstrA - ok
15:43:56.0595 1180  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:43:56.0611 1180  PNRPAutoReg - ok
15:43:56.0611 1180  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:43:56.0627 1180  PNRPsvc - ok
15:43:56.0658 1180  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:43:56.0720 1180  PolicyAgent - ok
15:43:56.0751 1180  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:43:56.0798 1180  Power - ok
15:43:56.0829 1180  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:43:56.0845 1180  PptpMiniport - ok
15:43:56.0861 1180  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:43:56.0876 1180  Processor - ok
15:43:56.0923 1180  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
15:43:56.0954 1180  ProfSvc - ok
15:43:56.0970 1180  [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
15:43:56.0985 1180  ProtectedStorage - ok
15:43:57.0001 1180  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:43:57.0017 1180  Psched - ok
15:43:57.0048 1180  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:43:57.0063 1180  ql2300 - ok
15:43:57.0063 1180  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:43:57.0079 1180  ql40xx - ok
15:43:57.0095 1180  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:43:57.0110 1180  QWAVE - ok
15:43:57.0141 1180  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:43:57.0173 1180  QWAVEdrv - ok
15:43:57.0204 1180  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:43:57.0251 1180  RasAcd - ok
15:43:57.0266 1180  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:43:57.0297 1180  RasAgileVpn - ok
15:43:57.0297 1180  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:43:57.0329 1180  RasAuto - ok
15:43:57.0360 1180  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:43:57.0375 1180  Rasl2tp - ok
15:43:57.0391 1180  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
15:43:57.0438 1180  RasMan - ok
15:43:57.0453 1180  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:43:57.0516 1180  RasPppoe - ok
15:43:57.0531 1180  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:43:57.0594 1180  RasSstp - ok
15:43:57.0625 1180  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:43:57.0641 1180  rdbss - ok
15:43:57.0656 1180  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:43:57.0672 1180  rdpbus - ok
15:43:57.0687 1180  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:43:57.0719 1180  RDPCDD - ok
15:43:57.0734 1180  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:43:57.0750 1180  RDPDR - ok
15:43:57.0765 1180  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:43:57.0828 1180  RDPENCDD - ok
15:43:57.0828 1180  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:43:57.0843 1180  RDPREFMP - ok
15:43:57.0859 1180  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:43:57.0890 1180  RDPWD - ok
15:43:57.0906 1180  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:43:57.0921 1180  rdyboost - ok
15:43:57.0937 1180  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:43:57.0968 1180  RemoteAccess - ok
15:43:57.0999 1180  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:43:58.0015 1180  RemoteRegistry - ok
15:43:58.0031 1180  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:43:58.0046 1180  RpcEptMapper - ok
15:43:58.0062 1180  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:43:58.0077 1180  RpcLocator - ok
15:43:58.0109 1180  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
15:43:58.0140 1180  RpcSs - ok
15:43:58.0155 1180  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:43:58.0187 1180  rspndr - ok
15:43:58.0249 1180  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:43:58.0265 1180  RTL8167 - ok
15:43:58.0280 1180  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
15:43:58.0296 1180  s3cap - ok
15:43:58.0311 1180  [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs           C:\Windows\system32\lsass.exe
15:43:58.0327 1180  SamSs - ok
15:43:58.0327 1180  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
15:43:58.0343 1180  sbp2port - ok
15:43:58.0343 1180  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:43:58.0389 1180  SCardSvr - ok
15:43:58.0405 1180  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:43:58.0436 1180  scfilter - ok
15:43:58.0452 1180  [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule        C:\Windows\system32\schedsvc.dll
15:43:58.0483 1180  Schedule - ok
15:43:58.0499 1180  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:43:58.0530 1180  SCPolicySvc - ok
15:43:58.0530 1180  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:43:58.0592 1180  SDRSVC - ok
15:43:58.0608 1180  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:43:58.0670 1180  secdrv - ok
15:43:58.0686 1180  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
15:43:58.0717 1180  seclogon - ok
15:43:58.0733 1180  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:43:58.0748 1180  SENS - ok
15:43:58.0764 1180  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:43:58.0826 1180  SensrSvc - ok
15:43:58.0857 1180  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:43:58.0857 1180  Serenum - ok
15:43:58.0889 1180  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:43:58.0920 1180  Serial - ok
15:43:58.0935 1180  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:43:58.0967 1180  sermouse - ok
15:43:58.0998 1180  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
15:43:59.0045 1180  SessionEnv - ok
15:43:59.0060 1180  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
15:43:59.0091 1180  sffdisk - ok
15:43:59.0091 1180  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:43:59.0091 1180  sffp_mmc - ok
15:43:59.0107 1180  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
15:43:59.0123 1180  sffp_sd - ok
15:43:59.0123 1180  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:43:59.0154 1180  sfloppy - ok
15:43:59.0201 1180  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:43:59.0232 1180  SharedAccess - ok
15:43:59.0247 1180  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:43:59.0279 1180  ShellHWDetection - ok
15:43:59.0325 1180  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:43:59.0325 1180  SiSRaid2 - ok
15:43:59.0341 1180  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:43:59.0357 1180  SiSRaid4 - ok
15:43:59.0403 1180  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:43:59.0403 1180  SkypeUpdate - ok
15:43:59.0435 1180  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:43:59.0497 1180  Smb - ok
15:43:59.0513 1180  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:43:59.0528 1180  SNMPTRAP - ok
15:43:59.0622 1180  [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan        C:\Windows\syswow64\speedfan.sys
15:43:59.0637 1180  speedfan - ok
15:43:59.0653 1180  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:43:59.0669 1180  spldr - ok
15:43:59.0684 1180  [ 89E8550C5862999FCF482EA562B0E98E ] Spooler         C:\Windows\System32\spoolsv.exe
15:43:59.0700 1180  Spooler - ok
15:43:59.0762 1180  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:43:59.0809 1180  sppsvc - ok
15:43:59.0825 1180  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:43:59.0840 1180  sppuinotify - ok
15:43:59.0856 1180  [ EC8F67289105BF270498095F14963464 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:43:59.0887 1180  srv - ok
15:43:59.0903 1180  [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:43:59.0949 1180  srv2 - ok
15:43:59.0965 1180  [ 26E84D3649019C3244622E654DFCD75B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:44:00.0027 1180  srvnet - ok
15:44:00.0074 1180  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:44:00.0137 1180  SSDPSRV - ok
15:44:00.0137 1180  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:44:00.0168 1180  SstpSvc - ok
15:44:00.0183 1180  Steam Client Service - ok
15:44:00.0277 1180  [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:44:00.0293 1180  Stereo Service - ok
15:44:00.0324 1180  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:44:00.0324 1180  stexstor - ok
15:44:00.0371 1180  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
15:44:00.0402 1180  stisvc - ok
15:44:00.0417 1180  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
15:44:00.0433 1180  storflt - ok
15:44:00.0433 1180  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
15:44:00.0449 1180  storvsc - ok
15:44:00.0464 1180  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:44:00.0464 1180  swenum - ok
15:44:00.0480 1180  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:44:00.0511 1180  swprv - ok
15:44:00.0542 1180  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
15:44:00.0589 1180  SysMain - ok
15:44:00.0636 1180  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:44:00.0667 1180  TabletInputService - ok
15:44:00.0698 1180  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:44:00.0761 1180  TapiSrv - ok
15:44:00.0776 1180  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:44:00.0792 1180  TBS - ok
15:44:00.0823 1180  [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:44:00.0839 1180  Tcpip - ok
15:44:00.0870 1180  [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:44:00.0885 1180  TCPIP6 - ok
15:44:00.0901 1180  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:44:00.0917 1180  tcpipreg - ok
15:44:00.0932 1180  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:44:01.0010 1180  TDPIPE - ok
15:44:01.0010 1180  [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:44:01.0041 1180  TDTCP - ok
15:44:01.0057 1180  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:44:01.0135 1180  tdx - ok
15:44:01.0151 1180  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:44:01.0151 1180  TermDD - ok
15:44:01.0166 1180  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
15:44:01.0213 1180  TermService - ok
15:44:01.0229 1180  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:44:01.0260 1180  Themes - ok
15:44:01.0275 1180  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:44:01.0291 1180  THREADORDER - ok
15:44:01.0322 1180  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:44:01.0338 1180  TrkWks - ok
15:44:01.0400 1180  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:44:01.0431 1180  TrustedInstaller - ok
15:44:01.0463 1180  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:44:01.0494 1180  tssecsrv - ok
15:44:01.0525 1180  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:44:01.0572 1180  tunnel - ok
15:44:01.0572 1180  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:44:01.0587 1180  uagp35 - ok
15:44:01.0603 1180  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:44:01.0681 1180  udfs - ok
15:44:01.0697 1180  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:44:01.0728 1180  UI0Detect - ok
15:44:01.0743 1180  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
15:44:01.0759 1180  uliagpkx - ok
15:44:01.0775 1180  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:44:01.0806 1180  umbus - ok
15:44:01.0821 1180  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:44:01.0837 1180  UmPass - ok
15:44:01.0853 1180  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:44:01.0868 1180  UmRdpService - ok
15:44:01.0884 1180  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:44:01.0931 1180  upnphost - ok
15:44:01.0962 1180  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:44:02.0009 1180  usbaudio - ok
15:44:02.0024 1180  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:44:02.0102 1180  usbccgp - ok
15:44:02.0118 1180  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
15:44:02.0149 1180  usbcir - ok
15:44:02.0180 1180  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:44:02.0196 1180  usbehci - ok
15:44:02.0211 1180  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:44:02.0243 1180  usbhub - ok
15:44:02.0289 1180  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:44:02.0305 1180  usbohci - ok
15:44:02.0321 1180  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:44:02.0352 1180  usbprint - ok
15:44:02.0367 1180  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:44:02.0383 1180  USBSTOR - ok
15:44:02.0399 1180  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:44:02.0399 1180  usbuhci - ok
15:44:02.0414 1180  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:44:02.0430 1180  UxSms - ok
15:44:02.0445 1180  [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc        C:\Windows\system32\lsass.exe
15:44:02.0445 1180  VaultSvc - ok
15:44:02.0461 1180  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
15:44:02.0477 1180  vdrvroot - ok
15:44:02.0492 1180  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
15:44:02.0508 1180  vds - ok
15:44:02.0508 1180  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:44:02.0523 1180  vga - ok
15:44:02.0539 1180  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:44:02.0570 1180  VgaSave - ok
15:44:02.0586 1180  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
15:44:02.0601 1180  vhdmp - ok
15:44:02.0617 1180  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
15:44:02.0617 1180  viaide - ok
15:44:02.0648 1180  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
15:44:02.0648 1180  vmbus - ok
15:44:02.0664 1180  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
15:44:02.0664 1180  VMBusHID - ok
15:44:02.0679 1180  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
15:44:02.0679 1180  volmgr - ok
15:44:02.0711 1180  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:44:02.0711 1180  volmgrx - ok
15:44:02.0757 1180  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
15:44:02.0757 1180  volsnap - ok
15:44:02.0773 1180  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:44:02.0789 1180  vsmraid - ok
15:44:02.0804 1180  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
15:44:02.0835 1180  VSS - ok
15:44:02.0835 1180  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:44:02.0851 1180  vwifibus - ok
15:44:02.0867 1180  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:44:02.0898 1180  W32Time - ok
15:44:02.0913 1180  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:44:02.0929 1180  WacomPen - ok
15:44:02.0991 1180  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:44:03.0038 1180  WANARP - ok
15:44:03.0038 1180  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:44:03.0054 1180  Wanarpv6 - ok
15:44:03.0085 1180  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
15:44:03.0147 1180  wbengine - ok
15:44:03.0163 1180  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:44:03.0179 1180  WbioSrvc - ok
15:44:03.0194 1180  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:44:03.0210 1180  wcncsvc - ok
15:44:03.0225 1180  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:44:03.0225 1180  WcsPlugInService - ok
15:44:03.0257 1180  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:44:03.0257 1180  Wd - ok
15:44:03.0272 1180  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:44:03.0288 1180  Wdf01000 - ok
15:44:03.0303 1180  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:44:03.0319 1180  WdiServiceHost - ok
15:44:03.0319 1180  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:44:03.0335 1180  WdiSystemHost - ok
15:44:03.0366 1180  [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient       C:\Windows\System32\webclnt.dll
15:44:03.0397 1180  WebClient - ok
15:44:03.0413 1180  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:44:03.0460 1180  Wecsvc - ok
15:44:03.0475 1180  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:44:03.0522 1180  wercplsupport - ok
15:44:03.0538 1180  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:44:03.0553 1180  WerSvc - ok
15:44:03.0569 1180  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:44:03.0584 1180  WfpLwf - ok
15:44:03.0600 1180  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:44:03.0616 1180  WIMMount - ok
15:44:03.0616 1180  WinDefend - ok
15:44:03.0616 1180  WinHttpAutoProxySvc - ok
15:44:03.0694 1180  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:44:03.0725 1180  Winmgmt - ok
15:44:03.0756 1180  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:44:03.0818 1180  WinRM - ok
15:44:03.0881 1180  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:44:03.0896 1180  WinUsb - ok
15:44:03.0928 1180  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:44:03.0959 1180  Wlansvc - ok
15:44:04.0146 1180  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:44:04.0177 1180  wlidsvc - ok
15:44:04.0193 1180  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:44:04.0208 1180  WmiAcpi - ok
15:44:04.0224 1180  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:44:04.0255 1180  wmiApSrv - ok
15:44:04.0302 1180  WMPNetworkSvc - ok
15:44:04.0318 1180  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:44:04.0333 1180  WPCSvc - ok
15:44:04.0349 1180  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:44:04.0380 1180  WPDBusEnum - ok
15:44:04.0396 1180  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:44:04.0427 1180  ws2ifsl - ok
15:44:04.0442 1180  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:44:04.0474 1180  wscsvc - ok
15:44:04.0474 1180  WSearch - ok
15:44:04.0536 1180  [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:44:04.0583 1180  wuauserv - ok
15:44:04.0598 1180  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:44:04.0614 1180  WudfPf - ok
15:44:04.0630 1180  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:44:04.0661 1180  WUDFRd - ok
15:44:04.0692 1180  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:44:04.0723 1180  wudfsvc - ok
15:44:04.0739 1180  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:44:04.0770 1180  WwanSvc - ok
15:44:04.0801 1180  ================ Scan global ===============================
15:44:04.0832 1180  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:44:04.0848 1180  [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
15:44:04.0848 1180  [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
15:44:04.0879 1180  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:44:04.0895 1180  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:44:04.0910 1180  [Global] - ok
15:44:04.0910 1180  ================ Scan MBR ==================================
15:44:04.0942 1180  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:44:05.0098 1180  \Device\Harddisk0\DR0 - ok
15:44:05.0098 1180  ================ Scan VBR ==================================
15:44:05.0098 1180  [ B4CDBDB24231AF2CFBA4844E68A33333 ] \Device\Harddisk0\DR0\Partition1
15:44:05.0098 1180  \Device\Harddisk0\DR0\Partition1 - ok
15:44:05.0098 1180  [ D52B93CCD42B55469544F56821FC0B5E ] \Device\Harddisk0\DR0\Partition2
15:44:05.0098 1180  \Device\Harddisk0\DR0\Partition2 - ok
15:44:05.0098 1180  ============================================================
15:44:05.0098 1180  Scan finished
15:44:05.0098 1180  ============================================================
15:44:05.0113 6484  Detected object count: 1
15:44:05.0113 6484  Actual detected object count: 1
15:44:20.0167 6484  AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:20.0167 6484  AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:44:29.0309 7456  Deinitialize success
         

Alt 22.04.2013, 15:12   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) - Standard

Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.04.2013, 11:16   #9
Supreme12
 
Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) - Standard

Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)



Hab alles erledigt, ich wollte noch erwähnen das als JRT lief, meldete sich Adobe-Updater zwecks eines Updates des Flashplayers. War das nun einfach Zufall ?

Hier die Logs!

JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Ultimate x64
Ran by BAUDI on 23.04.2013 at  7:11:23,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders



~~~ FireFox

Successfully deleted: [File] "C:\Users\BAUDI\AppData\Roaming\mozilla\firefox\profiles\6x3m62k1.default\extensions\DivXWebPlayer@divx.com.xpi" 
Emptied folder: C:\Users\BAUDI\AppData\Roaming\mozilla\firefox\profiles\6x3m62k1.default\minidumps [97 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.04.2013 at  7:13:20,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Adwcleaner

Code:
ATTFilter
# AdwCleaner v2.202 - Datei am 23/04/2013 um 07:14:17 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate  (64 bits)
# Benutzer : BAUDI - BAUDI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\BAUDI\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\BAUDI\AppData\Roaming\Mozilla\Firefox\Profiles\6x3m62k1.default\foxydeal.sqlite

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (en-US)

Datei : C:\Users\BAUDI\AppData\Roaming\Mozilla\Firefox\Profiles\6x3m62k1.default\prefs.js

Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,extension%40hidemyass.com:[...]

*************************

AdwCleaner[S1].txt - [907 octets] - [23/04/2013 07:14:17]

########## EOF - C:\AdwCleaner[S1].txt - [966 octets] ##########
         
OTL

Code:
ATTFilter
OTL logfile created on: 23.04.2013 07:19:31 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\BAUDI\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,64% Memory free
16,00 Gb Paging File | 14,16 Gb Available in Paging File | 88,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 697,05 Gb Free Space | 74,84% Space Free | Partition Type: NTFS
Drive D: | 1,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 6,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BAUDI-PC | User Name: BAUDI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\BAUDI\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\XSrvSetup.exe ()
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1808996237-2003877586-2120010000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1808996237-2003877586-2120010000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1808996237-2003877586-2120010000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 88 7C AE A0 38 CE 01  [binary data]
IE - HKU\S-1-5-21-1808996237-2003877586-2120010000-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1808996237-2003877586-2120010000-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1808996237-2003877586-2120010000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1808996237-2003877586-2120010000-1003\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: extension%40hidemyass.com:1.2.7
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.29 15:04:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.29 15:04:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.29 15:04:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 01:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.09.14 19:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\Extensions
[2013.04.23 07:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\Firefox\Profiles\6x3m62k1.default\extensions
[2013.04.08 10:36:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\BAUDI\AppData\Roaming\mozilla\Firefox\Profiles\6x3m62k1.default\extensions\ich@maltegoetz.de
[2013.01.13 10:45:10 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\firefox\profiles\6x3m62k1.default\extensions\extension@hidemyass.com.xpi
[2013.02.14 16:12:40 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\firefox\profiles\6x3m62k1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 01:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 01:58:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.20 05:13:28 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1808996237-2003877586-2120010000-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1808996237-2003877586-2120010000-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1808996237-2003877586-2120010000-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1808996237-2003877586-2120010000-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.117.1.25 89.16.129.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E8CC5E4-0DBB-45A4-8952-163938700E31}: DhcpNameServer = 62.117.1.25 89.16.129.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.19 08:56:08 | 008,382,272 | R--- | M] (Electronic Arts, Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2013.02.01 01:51:38 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ]
O32 - AutoRun File - [2013.01.19 08:59:08 | 000,163,254 | R--- | M] () - D:\Autorun.ico -- [ UDF ]
O32 - AutoRun File - [2013.02.01 01:51:34 | 000,000,096 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0393c884-fe8a-11e1-be61-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0393c884-fe8a-11e1-be61-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{0393c884-fe8a-11e1-be61-806e6f6e6963}\Shell\DirectX\command - "" = E:\soft\directx_Jun2010_redist.exe
O33 - MountPoints2\{0393c884-fe8a-11e1-be61-806e6f6e6963}\Shell\Install\command - "" = E:\autorun.exe
O33 - MountPoints2\{cc3c0712-fe8c-11e1-b3ff-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cc3c0712-fe8c-11e1-b3ff-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2013.01.19 08:56:08 | 008,382,272 | R--- | M] (Electronic Arts, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.23 07:11:23 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.23 07:11:18 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.23 07:09:13 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\BAUDI\Desktop\JRT.exe
[2013.04.22 15:42:45 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\BAUDI\Desktop\tdsskiller.exe
[2013.04.22 15:37:11 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\BAUDI\Desktop\aswMBR.exe
[2013.04.22 15:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.22 15:16:08 | 000,000,000 | ---D | C] -- C:\Users\BAUDI\Desktop\mbar
[2013.04.20 17:10:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\BAUDI\Desktop\OTL.exe
[2013.04.12 01:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.10 08:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.23 07:21:44 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.23 07:21:44 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.23 07:21:44 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.23 07:21:44 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.23 07:21:44 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.23 07:16:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.23 07:16:19 | 2146,291,711 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.23 07:10:02 | 000,619,461 | ---- | M] () -- C:\Users\BAUDI\Desktop\adwcleaner.exe
[2013.04.23 07:09:17 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\BAUDI\Desktop\JRT.exe
[2013.04.23 06:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.22 15:54:12 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 15:54:12 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 15:42:45 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\BAUDI\Desktop\tdsskiller.exe
[2013.04.22 15:41:23 | 000,000,512 | ---- | M] () -- C:\Users\BAUDI\Desktop\MBR.dat
[2013.04.22 15:38:39 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\BAUDI\Desktop\aswMBR.exe
[2013.04.20 17:17:59 | 000,000,000 | ---- | M] () -- C:\Users\BAUDI\defogger_reenable
[2013.04.20 17:10:58 | 000,377,856 | ---- | M] () -- C:\Users\BAUDI\Desktop\gmer_2.1.19163.exe
[2013.04.20 17:10:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BAUDI\Desktop\OTL.exe
[2013.04.20 17:08:47 | 000,050,477 | ---- | M] () -- C:\Users\BAUDI\Desktop\Defogger.exe
[2013.04.15 23:52:30 | 540,846,414 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.07 23:38:48 | 000,007,607 | ---- | M] () -- C:\Users\BAUDI\AppData\Local\Resmon.ResmonCfg
 
========== Files Created - No Company Name ==========
 
[2013.04.23 07:10:00 | 000,619,461 | ---- | C] () -- C:\Users\BAUDI\Desktop\adwcleaner.exe
[2013.04.22 15:41:23 | 000,000,512 | ---- | C] () -- C:\Users\BAUDI\Desktop\MBR.dat
[2013.04.20 17:17:59 | 000,000,000 | ---- | C] () -- C:\Users\BAUDI\defogger_reenable
[2013.04.20 17:10:58 | 000,377,856 | ---- | C] () -- C:\Users\BAUDI\Desktop\gmer_2.1.19163.exe
[2013.04.20 17:08:47 | 000,050,477 | ---- | C] () -- C:\Users\BAUDI\Desktop\Defogger.exe
[2013.04.07 23:38:48 | 000,007,607 | ---- | C] () -- C:\Users\BAUDI\AppData\Local\Resmon.ResmonCfg
[2012.12.18 14:23:12 | 000,281,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.18 14:22:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.08 07:12:18 | 000,741,889 | ---- | C] () -- C:\Users\BAUDI\C00FIUYA5ANK1336644988195.jpg
[2012.11.08 07:12:18 | 000,713,018 | ---- | C] () -- C:\Users\BAUDI\4TE2DY6M0A8J1336644987730.jpg
[2012.11.08 07:12:18 | 000,080,767 | ---- | C] () -- C:\Users\BAUDI\385655_361131910612039_855087110_n.jpg
[2012.09.14 19:08:51 | 000,017,408 | ---- | C] () -- C:\Users\BAUDI\AppData\Local\WebpageIcons.db
[2012.09.14 18:48:26 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2012.09.14 18:44:56 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Extras

Code:
ATTFilter
OTL Extras logfile created on: 23.04.2013 07:19:31 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\BAUDI\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,64% Memory free
16,00 Gb Paging File | 14,16 Gb Available in Paging File | 88,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 697,05 Gb Free Space | 74,84% Space Free | Partition Type: NTFS
Drive D: | 1,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 6,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BAUDI-PC | User Name: BAUDI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1808996237-2003877586-2120010000-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F9B5861-D2BF-4F2B-9570-C33408D7ABF6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{202A66D3-49B0-4D40-9AE6-DDF761A869C3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{22BB3F82-72E8-4336-BBF3-593C869486BE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{52CB76FE-0BCE-410E-BB11-4461E5E28AAE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{566E875E-0059-4CB0-B755-514BC41E3DDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{64648F29-BF7F-4738-8887-FF2B804FAE84}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6847EB08-6410-4DAE-8D0E-28E2C6E603DC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{75648BFC-044D-4F14-BA6D-615B0C1FBEFC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7B4D4541-F275-41EF-B0A0-549980383694}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8165261A-93BD-4E1B-99E0-E81A30E64698}" = lport=57314 | protocol=6 | dir=in | name=pando media booster | 
"{8B38A5C4-E5FC-4B83-A918-FF4D9E5E172A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8F313916-18DF-4842-B23A-40A78A98D6A7}" = lport=57314 | protocol=17 | dir=in | name=pando media booster | 
"{9FFA0B6E-2BC9-410D-93B0-175C5B269702}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A46168D2-A1BE-4F36-8426-A2E6B2AEA545}" = lport=57314 | protocol=17 | dir=in | name=pando media booster | 
"{ACF08328-133A-4554-9DA6-B60F96934F79}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B8AF867D-D99A-4B0A-8B67-0A8D8CBDC45E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BF7CF3E9-FAD1-4ABC-BBAB-F9609FD16356}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C307699C-0291-4749-BF67-36162399365E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C52791CC-DA0E-4D25-AB15-3F2D754849E5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C866C5C5-8C58-422C-9B98-4BBC88D76AED}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CDACE959-7CFB-43A9-8C14-DDA3C8E2B284}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D85FF033-549D-477B-99B0-22DB991D4835}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E0143E99-8C5A-4A01-9F42-72369E636609}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F29F804C-D286-484C-8651-1BA5FBE976B9}" = lport=57314 | protocol=6 | dir=in | name=pando media booster | 
"{F504AE2E-126B-4FA3-BE92-1C1C73F3608A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{F58E63CB-7EB9-4EAD-8960-1B17954A7AEA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FB89078C-0F4D-4446-A422-929C26EC130C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E1C45E-6AB4-4C1F-9AD9-AC03D121B840}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{070A9B84-52BA-4D37-9C1D-7E817074D248}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{0909E070-4747-428E-8A8D-38E9965CC306}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0AD4869E-1B7C-403F-83F5-9643FDE73D5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{0B60BB7A-96CD-4D01-B39F-91D11CCF8DAF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1106E236-CCE7-45CB-982A-3438E2B82FB7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{14292E12-E62F-43C6-926B-753223E8B015}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{1CBBA2C1-97AB-4A6D-91FE-2334DAE4CCB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D4C4F3D-BF6F-4224-94A3-B6D3CFB468D4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{208AC5C4-CBAC-47B9-96BB-4CD531B239F8}" = protocol=6 | dir=out | app=system | 
"{2971495F-F614-40AD-BBA6-D5CEF8FA666A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{2E6BAF00-4193-4544-A8BA-9114DF28EED4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe | 
"{3035ADF6-6FAE-4FF9-B33F-674110B8A596}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{349509C8-F126-475A-92B4-D2D5AA432532}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3A0A69A8-D18A-48E6-8841-F2796D752A02}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{3CFD4A01-6550-4141-A6AB-0A2024B70D04}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe | 
"{3F7E9DDD-4E2A-4AE7-B133-F074DB019931}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{41E267CA-9D05-444A-BB67-ECAAEBBFBCE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{435369B1-25E2-4AC0-847D-10F4A5853B20}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{442FAF4C-57EB-4745-87CD-112A81C31AB5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{44574194-120B-4257-8BFC-063712DA4426}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{4ECDA534-B37D-42FD-AB06-23EAE0CD136B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | 
"{5214798B-91BA-4D21-B6E5-2AC72CEA8E6D}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe | 
"{55A31A16-DE04-4238-AC5E-4F84ED6087C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{590BCD9F-D0CC-4371-97EC-2687EE81D4BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe | 
"{5B217B27-0973-47C7-B5C9-E8CBE4BE626E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{5B5F1157-A03C-4DD7-893B-5D12C8332839}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{60356305-9BF5-4462-B25B-AA1C0A5384E3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6136DB32-8BB5-4D5F-9C0D-DEDFFDCF0942}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{619184E8-ACED-4D7C-B57D-A899DA95E8AF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{62330DF0-A8E1-490B-B729-871128BF4A52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{69BD0236-DB49-40D2-9355-A0FBC4A722C9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6AA8243D-A3ED-47AE-9301-213E43E18335}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{6AC58EED-0AE4-4AE0-807E-ACE64A93D12B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{6D817CA5-D686-4705-8DB7-EF6AF502078D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe | 
"{6F9D4C34-16C9-43E1-B602-1D93C745AB3A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rusty hearts\clientlauncher.exe | 
"{73D79FC1-7721-4C36-BD46-CA1AAA28137B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{82211BBD-A446-46B9-B068-78046855E1CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{8843ADA9-B509-460B-8202-A0F439D7D8AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{88464F4B-9626-4142-851B-16B5612AB59C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{990EE185-5B04-4A4B-AE0F-67736CBF4C08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{9B0A6916-CAE0-4FCA-A492-09D5852060DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{9E9349C2-CA42-4C09-89CE-CD9D0B1256D1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9FDE286E-AA1F-4F0D-946E-34BEC1AE6183}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{A2167C20-C3DB-4961-9FFC-34F43CE16519}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A2B110A1-2727-46A7-B37A-85F01B694182}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{A75AB379-2622-49C7-8020-67734A807231}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | 
"{AEF5649D-388D-46D9-8943-17BDFD56415E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{B457AF09-6D1B-4CC1-8E75-BBFCABEBFE21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{BDA8DCB7-067B-407B-A3A0-B117C49459D3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C14E9611-DA60-4DA1-806A-512FCA8B9CDB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C3411B0A-D93F-4627-ADA9-20312B5346F0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C4C68CE6-ACB3-4B2B-9C3E-ACBA76E434D4}" = protocol=58 | dir=in | app=system | 
"{C54D7DCD-0292-4AE5-991C-3E28A71513AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe | 
"{C8B95484-94CB-45D4-9E05-EF8CCC60EA04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rusty hearts\clientlauncher.exe | 
"{C93A0A03-F996-4C6C-9663-AD1D073F4388}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CCC35E99-A432-4266-8530-D3E7FEEF618B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{D119BA35-A96A-4E82-8E78-4BE445BC6B6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1C2764F-6381-44D9-B05E-AAFA005C24BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{D2AA593A-1ACD-43BF-B524-B19824E64D44}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{D5B4797F-DE55-4DBE-BA42-6E35CA3F5AB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{D609DBB2-A25C-4C58-B966-5577FA7B10CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D61AB4D2-62C2-4BBD-BFA7-C22652F5274A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D7A2F105-2D84-485D-99A4-E0B0D9709916}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D8517A7F-5FA5-4039-B6DD-B463C179E536}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{DDA62776-847E-4809-9B57-FE44C8ACF122}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{DE5571C7-A704-4E77-B5FB-0074F7247924}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DFF4EA7F-D8E3-4596-9B1C-FEF48A91E490}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{E07D1244-95C8-4FF8-8A13-0193C379131E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E111A3A5-CCDB-481D-BE27-5EBCA9720AA6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E290EDAC-27F4-4964-9270-1AA7760E5136}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E995DBDD-C540-4B76-9D5B-0F6EBB25A2BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{EEDAC0E1-82A3-43BF-ABD4-6D0327004898}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FB22F3D2-0B8A-4D71-930B-9B0CE154F1F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FDBD4BC5-A2E7-4714-A9B3-A07743B62206}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{FE2421F0-88D5-459F-B3BC-65854967E4AA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FF855142-12A2-4202-B691-3BEE2C5211D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{D7ECB73B-5582-4EF0-A117-EA52D15EBC55}C:\program files (x86)\drivethelife\drivethelife.exe" = protocol=6 | dir=in | app=c:\program files (x86)\drivethelife\drivethelife.exe | 
"UDP Query User{F1B5C911-AA14-48A3-9187-DAECF1EA06A0}C:\program files (x86)\drivethelife\drivethelife.exe" = protocol=17 | dir=in | app=c:\program files (x86)\drivethelife\drivethelife.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.23
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ASIO4ALL" = ASIO4ALL
"Diablo III" = Diablo III
"FL Studio 10" = FL Studio 10
"Guild Wars 2" = Guild Wars 2
"IL Download Manager" = IL Download Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"SpeedFan" = SpeedFan (remove only)
"Steam App 104320" = Red Orchestra 2: Heroes of Stalingrad Beta
"Steam App 110800" = L.A. Noire
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 203160" = Tomb Raider
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 227300" = Euro Truck Simulator 2
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 36630" = Rusty Hearts
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 49520" = Borderlands 2
"Steam App 55230" = Saints Row: The Third
"Steam App 730" = Counter-Strike: Global Offensive
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinLiveSuite" = Windows Live Essentials
 
< End of report >
         

Alt 23.04.2013, 16:00   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) - Standard

Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.04.2013, 12:16   #11
Supreme12
 
Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) - Standard

Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)



Beide Scans haben nichts gefunden.

MBAM
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.24.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
BAUDI :: BAUDI-PC [Administrator]

24.04.2013 06:44:24
mbam-log-2013-04-24 (06-44-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 229832
Laufzeit: 1 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a43b8777a92e474db03459a3b71e7191
# engine=13681
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-24 05:35:17
# local_time=2013-04-24 07:35:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1285 16777214 100 98 87528 63105667 0 0
# compatibility_mode=5893 16776574 100 94 19101108 119187388 0 0
# scanned=173483
# found=0
# cleaned=0
# scan_time=2677
         

Alt 24.04.2013, 13:47   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) - Standard

Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.04.2013, 14:21   #13
Supreme12
 
Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) - Standard

Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)



Danke für die gute Hilfe, Ansonsten gibt es keine weiteren Probleme. Das mit dem HostFile werd ich mir mal ansehen.

Vielen Dank nochmal !

Bis hoffentlich nicht so bald !

Alt 24.04.2013, 14:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) - Standard

Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)



Dann wären wir durch!


Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/



Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)
anleitung, einfach, erfahrungen, erneut, erneute, firefox, garnicht, gen, gesuch, gesucht, gmer, hoffe, innerhalb, kleine, leitung, nicht mehr, problem, random, scrollen, stunde, stunden, tab, thread, wahrscheinlich, öffnet



Ähnliche Themen: Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)


  1. Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...]
    Log-Analyse und Auswertung - 22.08.2014 (19)
  2. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad Öffnet mehrere Seiten im Firefox
    Plagegeister aller Art und deren Bekämpfung - 07.08.2014 (9)
  3. http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal
    Plagegeister aller Art und deren Bekämpfung - 06.08.2014 (18)
  4. Windows 7: Firefox öffnet http://98uj8.de/s3brsn5ba66mgfzeinrum#noad
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (2)
  5. Firefox öffnet http://static.icmapp.com und rvzr-a.akamaihd.net Seiten
    Plagegeister aller Art und deren Bekämpfung - 19.01.2014 (8)
  6. http://www_getwindowinfo/ öffnet sich im IE automatisch
    Plagegeister aller Art und deren Bekämpfung - 26.09.2013 (15)
  7. Win7 - 64bit: Öffnen von http://serve.bannersdontwork.com/text/javascript und http://serve.bannersdontwork.com/&m=true in Firefox
    Log-Analyse und Auswertung - 13.08.2013 (17)
  8. e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite
    Log-Analyse und Auswertung - 19.05.2013 (10)
  9. e.ligatus.com 34088 Poppup
    Log-Analyse und Auswertung - 10.05.2013 (30)
  10. Firefox öffnet eigenständig ein Tab(http://e.ligatus.com/LigatusFallback.gif?ids=34088)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (1)
  11. e.ligatus.com Virus, Tab in Firefox öffnet sich
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (11)
  12. Firefox öffnet "e.ligatus..." automatisch
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (26)
  13. Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (16)
  14. Firefox öffnet eigenständig Tabs mit dem Link http://www.xn--34-jfa70azaif3a3ko249a.com/
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (2)
  15. Firefox öffnet eigenständig neuen Tab mit http://e.ligatus.com/LigatusFallback.gif?ids=34088
    Plagegeister aller Art und deren Bekämpfung - 29.03.2013 (1)
  16. Firefox öffnet Tab von http://www.delta-credit.de...
    Log-Analyse und Auswertung - 13.01.2012 (1)
  17. http://zinkwink.com bei firefox
    Log-Analyse und Auswertung - 17.10.2011 (29)

Zum Thema Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) - Hallo, da ich hier schon einmal gute Erfahrungen gemacht habe wende ich mich mit meinen Problem erneut an euch. Das Problem beschreibt der Threadtitel ganz gut, Firefox öffnet random besagten - Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)...
Archiv
Du betrachtest: Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.