Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.05.2013, 11:18   #1
Cherry250
 
Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen - Standard

Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen



Ich habe mich gestern abend in mein Online-Banking eingeloggt und sofort tauchte ein Fenster auf, in dem ich sämtliche TANs eingeben sollte, was ich natürlich nicht gemacht habe. Ich habe in einem Thread von euch gelesen, dass die Suche mit dem Malwarebytes Tool gemacht werden soll (Antivir hatte nichts angezeigt). Das Tool hat auch tatsächlich 3 Infektionen gefunden, die ich dann gelöscht habe, anbei ist das Logfile. Da ich zuerst nur den Schnellscan gemacht habe, habe ich dann nochmal den vollständigen Suchlauf gemacht (keine infizierten Dateien mehr). Dann wollte ich einen Scan mit dem OTL Modul machen, das hängt sich aber immer wieder - auch nach Neustarts - bei "Scanning FireFox Settings" auf. Hab ich den Trojaner beseitigt? Muss ich sämtliche Passwörter ändern oder hab ich Glück und der Trojaner hatte es nur auf die TANs abgesehen?

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.03.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Cherry :: CHERRY-HP [Administrator]

Schutz: Aktiviert

03.05.2013 22:07:54
mbam-log-2013-05-03 (22-07-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 215668
Laufzeit: 9 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Cherry\AppData\Roaming\Olohu\heza.exe (Trojan.Zbot.ACgen) -> 9012 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ehqeoxetwy (Trojan.Zbot.ACgen) -> Daten: C:\Users\Cherry\AppData\Roaming\Olohu\heza.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Cherry\AppData\Roaming\Olohu\heza.exe (Trojan.Zbot.ACgen) -> Löschen bei Neustart.

(Ende)
         

Alt 04.05.2013, 15:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen - Standard

Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 04.05.2013, 20:33   #3
Cherry250
 
Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen - Standard

Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen



Hallo,

vielen Dank schonmal für die schnelle Antwort! Es existieren leider keine weiteren Logs. Antivir hat nichts gefunden und Spybot hatte mich zwar gewarnt, dass ein Registryeintrag geändert werden sollte (den Zugriff hatte ich verweigert, hatte aber wohl nichts gebracht), aber da existiert kein Logfile. Ich hatte mit Malwarebytes davor schon einen Quickscan gemacht; brachte das gleiche Ergebnis, konnte die infizierten Dateien nur nicht löschen. Meintest du einen bestimmten Log?
__________________

Alt 04.05.2013, 22:19   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen - Standard

Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.05.2013, 23:23   #5
Cherry250
 
Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen - Standard

Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen



Ich fürchte, ich hänge schon bei den ersten Schritten... OTL.exe hängt sich jedes mal auf, sobald "Scanning FireFox Settings" durchgeführt wird. Ich hab Neustarts probiert, hat aber nicht geholfen. Soll ich FireFox erstmal deinstallieren und dann OTL.exe nochmal durchführen?


Alt 04.05.2013, 23:51   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen - Standard

Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen



Probier es bitte im abgesicherten Modus:


Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________
--> Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen

Alt 05.05.2013, 19:33   #7
Cherry250
 
Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen - Standard

Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen



OTL ist leider trotz abgesichertem Modus beim gleichen Schritt hängen geblieben. Ich hab Firefox jetzt mal deinstalliert und nutze erstmal Internet Explorer. Dafür hab ich jetzt endlich Logfiles hinbekommen:

Hier der OTL.txt:

Code:
ATTFilter
OTL logfile created on: 05.05.2013 19:53:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cherry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,60 Gb Total Physical Memory | 5,71 Gb Available Physical Memory | 75,12% Memory free
15,21 Gb Paging File | 12,99 Gb Available in Paging File | 85,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,46 Gb Total Space | 196,12 Gb Free Space | 69,43% Space Free | Partition Type: NTFS
Drive D: | 15,33 Gb Total Space | 1,81 Gb Free Space | 11,77% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: CHERRY-HP | User Name: Cherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Cherry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Cherry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (XobniService) -- C:\Program Files (x86)\Xobni\XobniService.exe (Xobni Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe (SiSoftware)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4178832551-1403670798-3646192628-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-4178832551-1403670798-3646192628-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020
IE - HKU\S-1-5-21-4178832551-1403670798-3646192628-1001\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-4178832551-1403670798-3646192628-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE - HKU\S-1-5-21-4178832551-1403670798-3646192628-1001\..\SearchScopes\{5678D749-9707-4244-87B8-9BBF25CDC73A}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
IE - HKU\S-1-5-21-4178832551-1403670798-3646192628-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKU\S-1-5-21-4178832551-1403670798-3646192628-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-4178832551-1403670798-3646192628-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4178832551-1403670798-3646192628-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.02.27 19:16:32 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DKB-Cashback) - {11111111-1111-1111-1111-110111611150} - C:\Program Files (x86)\DKB-Cashback\DKB-Cashback.dll (dkbbrowserextension)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKU\S-1-5-21-4178832551-1403670798-3646192628-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4178832551-1403670798-3646192628-1001..\Run: [77Zip973867.exe] "C:\Users\Cherry\AppData\Local\Temp\77Zip973867.exe" /XML="C:\Users\Cherry\AppData\Local\Temp\A8DC.tmp" /STP=0:2 File not found
O4 - HKU\S-1-5-21-4178832551-1403670798-3646192628-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Cherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Cherry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3562BB59-7A1B-4960-A049-C701739357E0}: DhcpNameServer = 192.168.44.1 192.168.44.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9CCD3C2-87A4-4DD2-82F4-0E05DB4A177D}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.03 22:16:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cherry\Desktop\OTL.exe
[2013.05.03 22:05:42 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Roaming\Malwarebytes
[2013.05.03 22:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.03 22:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.03 22:05:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.03 22:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.03 20:58:02 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Roaming\Ukwa
[2013.05.03 20:58:01 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Roaming\Pogo
[2013.05.03 20:58:01 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Roaming\Olohu
[2013.04.28 19:16:06 | 000,000,000 | ---D | C] -- C:\Users\Cherry\Desktop\Neuer Ordner
[2013.04.11 20:31:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.11 20:31:32 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.11 20:31:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.11 20:31:30 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.11 20:31:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.11 20:31:30 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.11 20:31:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.11 20:31:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.11 20:31:30 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.11 20:31:30 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.11 20:31:30 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.11 20:31:29 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.11 20:31:26 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.11 20:31:26 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.11 20:31:25 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.11 20:27:25 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.11 20:27:24 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.11 20:27:23 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.11 20:27:23 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.11 20:27:23 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.11 20:27:23 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.11 20:27:13 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.11 20:27:12 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.11 20:27:11 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.11 20:27:11 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.11 20:27:11 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.11 20:27:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.09 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\Cherry\Documents\Turbo Lister Backup
[2013.04.09 19:20:39 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.04.09 19:20:38 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.04.09 19:20:38 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.09 19:20:38 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.04.09 19:20:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.09 19:20:38 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.09 19:20:38 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.09 19:20:37 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.09 19:20:37 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.09 19:20:37 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.09 19:20:37 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.09 19:20:37 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.09 19:20:36 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.09 19:20:36 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.09 19:20:36 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.09 19:20:36 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.09 19:20:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.09 19:20:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.09 19:20:35 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.09 19:20:35 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.09 19:20:35 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.09 19:20:35 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.09 19:20:35 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.09 19:20:35 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.09 19:20:35 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.09 19:20:34 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.09 19:20:34 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.09 19:20:34 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.04.09 19:20:34 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.09 19:20:34 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.09 19:20:34 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.09 19:20:34 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.09 19:20:34 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.09 19:20:34 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.09 19:20:34 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.09 19:20:34 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.09 19:20:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.09 19:20:34 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.09 19:20:33 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.09 19:20:33 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.09 19:20:33 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.09 19:20:33 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.09 19:20:33 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.09 19:20:33 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.09 19:20:32 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.09 19:20:32 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.09 19:20:32 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.09 19:20:32 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.09 19:20:32 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.09 19:20:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.09 19:20:32 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.09 19:20:32 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.09 19:20:31 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.07 20:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.05 19:51:13 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.05 19:51:06 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.05 19:44:22 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.05 19:44:22 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.05 19:41:38 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.05 19:41:38 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.05 19:41:38 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.05 19:41:38 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.05 19:41:38 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.05 19:37:05 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.05.05 19:36:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.05 19:36:16 | 1828,904,959 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.05 00:07:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.03 22:16:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cherry\Desktop\OTL.exe
[2013.05.03 22:05:32 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.19 18:31:12 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCherry.job
[2013.04.11 20:48:53 | 000,417,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.09 19:20:39 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.04.09 19:20:38 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.04.09 19:20:38 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.09 19:20:38 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.04.09 19:20:38 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.09 19:20:38 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.09 19:20:38 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.09 19:20:37 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.09 19:20:37 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.09 19:20:37 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.09 19:20:37 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.09 19:20:37 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.09 19:20:36 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.09 19:20:36 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.09 19:20:36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.09 19:20:36 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.09 19:20:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.09 19:20:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.09 19:20:36 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.09 19:20:35 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.09 19:20:35 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.09 19:20:35 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.09 19:20:35 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.09 19:20:35 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.09 19:20:35 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.09 19:20:35 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.09 19:20:34 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.09 19:20:34 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.09 19:20:34 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.04.09 19:20:34 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.09 19:20:34 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.09 19:20:34 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.09 19:20:34 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.09 19:20:34 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.09 19:20:34 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.09 19:20:34 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.09 19:20:34 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.09 19:20:34 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.09 19:20:34 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.09 19:20:34 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.09 19:20:33 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.09 19:20:33 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.09 19:20:33 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.09 19:20:33 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.09 19:20:33 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.09 19:20:33 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.09 19:20:32 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.09 19:20:32 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.09 19:20:32 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.09 19:20:32 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.09 19:20:32 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.09 19:20:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.09 19:20:32 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.09 19:20:32 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.09 19:20:31 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
 
========== Files Created - No Company Name ==========
 
[2013.05.03 22:05:32 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.09 19:20:35 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.09 19:20:34 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.01.31 23:48:51 | 000,000,064 | ---- | C] () -- C:\Users\Cherry\AppData\Roaming\Sandra.ldb
[2013.01.31 23:43:47 | 013,131,776 | ---- | C] () -- C:\Users\Cherry\AppData\Roaming\Sandra.mdb
[2012.06.26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.06.26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.06.26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.06.26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.03.23 09:47:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.08.02 13:44:53 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2011.07.05 12:47:06 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
und der Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 05.05.2013 19:53:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cherry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,60 Gb Total Physical Memory | 5,71 Gb Available Physical Memory | 75,12% Memory free
15,21 Gb Paging File | 12,99 Gb Available in Paging File | 85,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,46 Gb Total Space | 196,12 Gb Free Space | 69,43% Space Free | Partition Type: NTFS
Drive D: | 15,33 Gb Total Space | 1,81 Gb Free Space | 11,77% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: CHERRY-HP | User Name: Cherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0847DDE0-27BE-4D41-8BC5-560A3890F096}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C47EB69-5551-4093-A2FD-BC08C04731DC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{13C942FC-C405-41AE-929E-88DF5017CBD6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{189B2257-4D8D-4FFB-9206-B7C86CCF4C57}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2A812812-2327-49EA-B3A1-679568F524FD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{46D8D771-81E3-46C8-A51B-4A52EBEFF6C1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{494BBA27-349F-4D8E-AA1C-D7B5E214BCEF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4B02C326-8CA7-4F5D-B58C-C391CE6E0CCC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{58DD478E-B9C4-4A0D-B402-42E8C32F3920}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6495EAF2-77BF-4E2E-9A79-443F9620DECE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{689A266F-C418-46D1-B0C1-F51CAA8BBE19}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{70E0A4BD-C6F3-410C-88E7-8EDBF5DA6EDD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{82140209-D49F-4A57-A29C-8B8051618263}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{836C5B36-BD96-416D-B366-3C16B0FBA841}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{89187A91-A0DA-4583-B348-C71027E0668D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9172DC13-C2DB-43AF-AD94-BA5E77A41CD8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{9A37CE5B-2E73-4448-B179-EE8AC8043B3E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A9511D3C-CB67-4EEF-9B3A-5A2FCA294839}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AB4EF69A-F148-4766-9A4E-3CE7D3D3CF6B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B33C7017-0FA9-47FF-9573-2369F8BDC48B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013.sp1\wnt500x64\rpcsandrasrv.exe | 
"{BB82CEB2-B043-4515-AEEE-4A772838DE96}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BD916276-8E61-41A0-9AB7-C795B3428102}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D9CE7731-C5CC-4E0C-8D21-90F8714F8279}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013.sp1\rpcagentsrv.exe | 
"{DB7DBB96-C23B-4C9B-AEE4-EAE38193F237}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E8B09FBD-4A60-4596-B11C-50819B057713}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E913F6B9-9032-4590-BEE7-C301CD4E56FC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F431AEBB-1026-4189-B025-30B50B7F697D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F49E4692-C7EE-4A78-B404-7B2CA7E39580}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04820917-3338-4CEF-BE44-40239AA53399}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{0A6BDA83-3BE6-441C-8782-7FA9E01D91DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2515DE67-94E5-4FD3-B021-7AA18FC12E57}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{2638AAC3-B16F-4722-BB11-1D464BA27B95}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{33B8DEAB-0FB8-45C9-8871-0666FF06AB1B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3719E8FD-1719-4440-9E4E-9EED6863D03B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{538B68FE-D4FA-407F-B1BD-5658942504E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C74CC86-A7A6-42F7-B307-2B370127F37E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5D118626-AAEA-4362-A703-3E7955A8BFF4}" = protocol=6 | dir=out | app=system | 
"{63ACF0BF-983B-44A9-B065-B17E1D9394EE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{64ADE60E-E7B5-4088-B478-B0412DBB2742}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{6A38C072-0227-490B-AE42-C2674DB7AEA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{701F9A80-4FF2-4128-AD50-B927975D015A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{74EE7B7A-6407-4F05-AEB9-91F69570B754}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7971A40D-499C-4C97-92B1-3B26BF52E59F}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{885CC52A-77A2-400C-AF42-82FACFC7E0AD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{89333FD0-7579-41AC-9B7B-7EA219387179}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8CACCCCC-ACAA-4F06-81C7-575A2F3141A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{901E5535-134B-496C-B1AB-ED6B9F9EFC9A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{90269C9E-7F51-46DB-A0D6-51197822883C}" = protocol=17 | dir=in | app=c:\users\cherry\appdata\roaming\dropbox\bin\dropbox.exe | 
"{952FFC4F-C8B5-4278-83AD-4BB404A3BBE1}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{979C10FE-A664-40FD-BE1C-D74F62BCBE94}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A96505BE-07B4-4F94-9A97-EB9E84935130}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{AAE43456-F49E-4962-A53F-8E96F07FA0F3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B48886A1-F9F8-42EC-AD0F-7A6F02A06130}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BB17A611-4B6F-4640-A801-297C6F9861F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BD568346-DD8A-41EA-9F66-53CD3C76A051}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BDBD2178-9B8C-455B-A6B3-5A4ECFEF209D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BF6CC672-9850-44C4-89A5-8B010784ACEF}" = protocol=6 | dir=in | app=c:\users\cherry\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C16DEAD5-DFE4-4A37-BECF-90BC347B6EB7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C511E6E7-3151-43AA-A7AC-6B62FB7CD190}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{CF088093-BC99-45C7-820B-7401E247037F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D6B2F317-3118-4A55-A168-0D9AAFC0F124}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{D74795FF-0F97-48A7-BF54-6961677355D1}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{D803CB79-39FF-4573-92B3-ED86FF7F7864}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{DC9917EA-23EA-4D78-ACD3-D8AFB0280446}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{DE4A1533-997D-4E26-BDDF-91895AE16E69}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E673193A-3321-475C-BB2E-FFB10A35A163}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F4AB5B41-AB77-4A1D-9B6F-767245B52A35}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{F81650E6-BEF5-4FA7-AD1E-43989091D4BB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{E6C8C79E-263D-47D5-A245-750F286FF659}C:\users\cherry\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\cherry\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{F03EF178-5CEA-4936-ABC0-63729221BC50}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"UDP Query User{AD69ABA2-6470-4AB1-923A-489F50E5BBB3}C:\users\cherry\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\cherry\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{DF16B3E1-0EB6-422F-9CD6-0C4EC18525B8}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{48C46F0E-7B86-AC31-ACFC-2B40F1C90ACE}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6153098B-60DB-6A9F-EA0F-B006A96B57D5}" = ATI Catalyst Install Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{AADE02D5-DCBF-04C3-CD05-ABA83D28BC4A}" = AMD Fuel
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2013.SP1
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBA2849B-6C95-9FD2-7ACC-BF456F1958AA}" = AMD Media Foundation Decoders
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HaoZip" = HaoZip
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics TouchPad Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E73CF7-3B8E-49F6-B09C-3FB122B3938A}" = HP Software Framework
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display
"{15412249-0AFA-D2A1-E7E2-E57AE1A96781}" = CCC Help Swedish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19EAB36E-A979-0870-F58F-6F4F34017D29}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2070F457-B044-FCEE-B6DA-CB2C12CD76A5}" = CCC Help German
"{224CA902-F494-FD2A-4211-771454ED464B}" = CCC Help English
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{252FC4D1-4056-7237-6B19-4C66D0CF45A9}" = CCC Help Dutch
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}" = HP Documentation
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BE2E4AA-C164-FEB5-6C82-BBBC90C88915}" = CCC Help Hungarian
"{44D822AA-DA6D-1915-4B64-60D06AE613CE}" = CCC Help Danish
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A917E5E-2567-C01E-7F41-AF09DAE523A1}" = AMD VISION Engine Control Center
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5377D0E6-0B77-5C94-A3F8-2A7C0E5791A1}" = CCC Help French
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5FE625A7-E8D6-2E41-4693-F6AC6310C467}" = CCC Help Polish
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F076041-F337-5F67-75E7-6C1324D43EC6}" = CCC Help Japanese
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FA82763-D04B-A656-159B-BD8847176377}" = CCC Help Russian
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{955CB8C1-F5F9-B649-FC65-FD65F9EC0459}" = CCC Help Korean
"{97E33108-2206-087B-9399-29F5201AAC98}" = CCC Help Portuguese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3CC933-5EF7-A868-7B74-1A227394566E}" = CCC Help Finnish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}" = HP Support Assistant
"{A1ACD45F-0D8E-0566-0EC0-530CDCD7E8F4}" = Catalyst Control Center Graphics Previews Common
"{A3D1D38D-9C85-7BEB-5AC8-EC2D90E2882A}" = CCC Help Czech
"{A440179F-D169-B9DA-B478-6CE97FDB3D4C}" = CCC Help Greek
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B898ABBB-4723-84B5-04C4-32A15F9DBD48}" = CCC Help Chinese Standard
"{B91459FD-63A9-71E3-68F1-82352B0892B3}" = Catalyst Control Center Localization All
"{B976E52C-93A3-5CD1-FF67-658877850EDD}" = CCC Help Italian
"{B97E3520-C726-475E-BC0C-7561952633AB}" = HP Power Manager
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BEDC570A-C947-D0C8-3014-A1EAA042779D}" = CCC Help Turkish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2EE0EA6-826F-63EA-8751-E2F3714DBA40}" = CCC Help Thai
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5441D19-417C-8C34-3F31-CCBD563C946E}" = Catalyst Control Center InstallProxy
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EA8CC2F2-BC30-141C-92B6-CC870B4B2977}" = CCC Help Spanish
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F8FBF4C7-5ADA-66B1-6509-09E05C257963}" = CCC Help Norwegian
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Ashampoo Burning Studio 2012 CBE_is1" = Ashampoo Burning Studio 2012 CBE v.11.0.4
"Avira AntiVir Desktop" = Avira Free Antivirus
"DKB-Cashback" = DKB-Cashback
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ElsterFormular" = ElsterFormular
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MISEC" = Monkey Island™ Special Edition Collection
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087490" = Jewel Quest Solitaire
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089460" = Mystery P.I. - The London Caper
"WT089484" = Namco All-Stars PAC-MAN
"WT089492" = Crazy Chicken Kart 2
"WT089493" = Fishdom
"WT089497" = Big Rig Europe
"WTA-04ee5ddf-2cfa-4e0e-a182-8dbb20291f10" = Gardenscapes 2 Collector's Edition
"WTA-06c3240c-b684-4ff1-be05-12e00876cf7c" = Charm Tale Quest
"WTA-8852d09a-c22b-4096-babe-d0fd8b80f7a0" = Barn Yarn Collector's Edition
"WTA-8fa18577-dff2-43ba-86d9-d9c71766f5f9" = Gardenscapes: Mansion Makeover
"WTA-95382aef-de1e-4d6f-9502-4737d8f7f30a" = Boutique Boulevard
"WTA-c1b6c298-c95a-4218-8c20-01eb657ecc18" = Big City Adventures Paris
"WTA-fb05a84d-43e0-4090-bd04-b4de66860ce9" = Sisters Secrecy: Arcanum Bloodlines Premium Edition
"XobniMain" = Xobni
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4178832551-1403670798-3646192628-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.04.2013 13:24:12 | Computer Name = Cherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1467
 
Error - 09.04.2013 13:24:12 | Computer Name = Cherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1467
 
Error - 09.04.2013 13:24:14 | Computer Name = Cherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.04.2013 13:24:14 | Computer Name = Cherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4353
 
Error - 09.04.2013 13:24:14 | Computer Name = Cherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4353
 
Error - 09.04.2013 14:00:17 | Computer Name = Cherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.04.2013 14:00:17 | Computer Name = Cherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1575
 
Error - 09.04.2013 14:00:17 | Computer Name = Cherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1575
 
Error - 11.04.2013 14:15:00 | Computer Name = Cherry-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.04.2013 14:49:07 | Computer Name = Cherry-HP | Source = WinMgmt | ID = 10
Description = 
 
[ HP Wireless Assistant Events ]
Error - 16.06.2012 07:57:05 | Computer Name = Cherry-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 16.06.2012 07:58:10 | Computer Name = Cherry-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 16.06.2012 07:58:15 | Computer Name = Cherry-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 16.06.2012 07:59:20 | Computer Name = Cherry-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 16.06.2012 07:59:26 | Computer Name = Cherry-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 06.01.2013 13:34:25 | Computer Name = Cherry-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unerwarteter Fehler     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

   bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio)

   bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

   bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 05.02.2013 15:22:50 | Computer Name = Cherry-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 05.02.2013 15:22:51 | Computer Name = Cherry-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 04.03.2013 15:50:26 | Computer Name = Cherry-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 04.03.2013 15:50:28 | Computer Name = Cherry-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
[ System Events ]
Error - 25.11.2012 16:12:35 | Computer Name = Cherry-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 26.11.2012 17:28:35 | Computer Name = Cherry-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 26.11.2012 17:29:27 | Computer Name = Cherry-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 XobniService erreicht.
 
Error - 26.11.2012 17:29:27 | Computer Name = Cherry-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "XobniService" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 26.11.2012 17:29:43 | Computer Name = Cherry-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 27.11.2012 12:28:21 | Computer Name = Cherry-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 27.11.2012 13:55:50 | Computer Name = Cherry-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Atheros Bt&Wlan Coex Agent erreicht.
 
Error - 27.11.2012 13:56:01 | Computer Name = Cherry-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 28.11.2012 08:16:37 | Computer Name = Cherry-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 28.11.2012 15:55:37 | Computer Name = Cherry-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
 
< End of report >
         

Alt 06.05.2013, 10:47   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen - Standard

Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.05.2013, 12:13   #9
Cherry250
 
Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen - Standard

Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen



Gmer:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-06 12:35:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000064 WDC_WD32 rev.01.0 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Cherry\AppData\Local\Temp\fxdirkoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              00000000768a1465 2 bytes [8A, 76]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             00000000768a14bb 2 bytes [8A, 76]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2692] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                  00000000768a1465 2 bytes [8A, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2692] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                 00000000768a14bb 2 bytes [8A, 76]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3252] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                  00000000768a1465 2 bytes [8A, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3252] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                 00000000768a14bb 2 bytes [8A, 76]
.text   ...                                                                                                                                          * 2
.text   C:\Users\Cherry\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                       00000000768a1465 2 bytes [8A, 76]
.text   C:\Users\Cherry\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                      00000000768a14bb 2 bytes [8A, 76]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          00000000768a1465 2 bytes [8A, 76]
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         00000000768a14bb 2 bytes [8A, 76]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          00000000768a1465 2 bytes [8A, 76]
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         00000000768a14bb 2 bytes [8A, 76]
.text   ...                                                                                                                                          * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [4024:5404]                                                                                                  000007fee88b9688
Thread   [552:860]                                                                                                                                   000007feeeb4cc10
Thread   [552:5952]                                                                                                                                  000007feeea0b564
Thread   [552:4748]                                                                                                                                  000000007735aec0
Thread   [552:1872]                                                                                                                                  000000007735fbc0
Thread   [552:5440]                                                                                                                                  000007fefb7c2a7c
Thread   [552:7756]                                                                                                                                  000000007735fbc0

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{F35C7E9F-0243-48A0-88A1-2B8449B297FB}\Connection@Name  isatap.{C5D19B5A-D83D-4C0B-AC9A-31C3F5197604}
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011675625ac                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70dd3b856                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70dd3b856@0013efff8aea                                                     0x09 0xEE 0x82 0x9B ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{F35C7E9F-0243-48A0-88A1-2B8449B297FB}@InterfaceName                       isatap.{C5D19B5A-D83D-4C0B-AC9A-31C3F5197604}
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{F35C7E9F-0243-48A0-88A1-2B8449B297FB}@ReusableType                        0
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011675625ac (not active ControlSet)                                              
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70dd3b856 (not active ControlSet)                                              
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70dd3b856@0013efff8aea                                                         0x09 0xEE 0x82 0x9B ...

---- EOF - GMER 2.1 ----
         
und mbar (es war kein cleanup nötig):

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.06.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Cherry:: CHERRY-HP [administrator]

06.05.2013 13:03:12
mbar-log-2013-05-06 (13-03-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30229
Time elapsed: 14 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 06.05.2013, 12:26   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen - Standard

Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.05.2013, 23:36   #11
Cherry250
 
Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen - Standard

Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen



Der Scan im Programm aswMBR ist mittendrin abgebrochen und das Programm hat sich geschlossen.

Der Scan mit TDSS-Killer brachte folgendes Ergebnis:

Code:
ATTFilter
00:29:09.0560 8052  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:29:10.0013 8052  ============================================================
00:29:10.0013 8052  Current date / time: 2013/05/07 00:29:10.0013
00:29:10.0013 8052  SystemInfo:
00:29:10.0013 8052  
00:29:10.0013 8052  OS Version: 6.1.7601 ServicePack: 1.0
00:29:10.0013 8052  Product type: Workstation
00:29:10.0013 8052  ComputerName: CHERRY-HP
00:29:10.0013 8052  UserName: Cherry
00:29:10.0013 8052  Windows directory: C:\Windows
00:29:10.0013 8052  System windows directory: C:\Windows
00:29:10.0013 8052  Running under WOW64
00:29:10.0013 8052  Processor architecture: Intel x64
00:29:10.0013 8052  Number of processors: 2
00:29:10.0013 8052  Page size: 0x1000
00:29:10.0013 8052  Boot type: Normal boot
00:29:10.0013 8052  ============================================================
00:29:10.0669 8052  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:29:10.0685 8052  ============================================================
00:29:10.0685 8052  \Device\Harddisk0\DR0:
00:29:10.0685 8052  MBR partitions:
00:29:10.0685 8052  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
00:29:10.0685 8052  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x234EB800
00:29:10.0685 8052  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2354F800, BlocksNum 0x1EAB000
00:29:10.0685 8052  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
00:29:10.0685 8052  ============================================================
00:29:10.0700 8052  C: <-> \Device\Harddisk0\DR0\Partition2
00:29:10.0747 8052  D: <-> \Device\Harddisk0\DR0\Partition3
00:29:10.0747 8052  ============================================================
00:29:10.0747 8052  Initialize success
00:29:10.0747 8052  ============================================================
00:30:15.0731 8456  ============================================================
00:30:15.0731 8456  Scan started
00:30:15.0731 8456  Mode: Manual; SigCheck; TDLFS; 
00:30:15.0731 8456  ============================================================
00:30:16.0339 8456  ================ Scan system memory ========================
00:30:16.0339 8456  System memory - ok
00:30:16.0339 8456  ================ Scan services =============================
00:30:16.0620 8456  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
00:30:16.0823 8456  1394ohci - ok
00:30:16.0870 8456  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:30:16.0901 8456  ACPI - ok
00:30:16.0932 8456  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:30:16.0995 8456  AcpiPmi - ok
00:30:17.0151 8456  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:30:17.0182 8456  AdobeARMservice - ok
00:30:17.0338 8456  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:30:17.0369 8456  AdobeFlashPlayerUpdateSvc - ok
00:30:17.0431 8456  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
00:30:17.0478 8456  adp94xx - ok
00:30:17.0509 8456  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
00:30:17.0541 8456  adpahci - ok
00:30:17.0572 8456  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
00:30:17.0603 8456  adpu320 - ok
00:30:17.0650 8456  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:30:17.0728 8456  AeLookupSvc - ok
00:30:17.0790 8456  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
00:30:17.0837 8456  AERTFilters - ok
00:30:17.0931 8456  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
00:30:17.0993 8456  AFD - ok
00:30:18.0040 8456  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
00:30:18.0071 8456  agp440 - ok
00:30:18.0102 8456  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
00:30:18.0149 8456  ALG - ok
00:30:18.0196 8456  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:30:18.0211 8456  aliide - ok
00:30:18.0258 8456  [ 715B02B892C5BA46471EFC8DCD2AE934 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:30:18.0367 8456  AMD External Events Utility - ok
00:30:18.0445 8456  AMD FUEL Service - ok
00:30:18.0523 8456  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
00:30:18.0539 8456  amdide - ok
00:30:18.0586 8456  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
00:30:18.0617 8456  amdiox64 - ok
00:30:18.0664 8456  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
00:30:18.0695 8456  AmdK8 - ok
00:30:18.0976 8456  [ 7054D5D028B6CA727D0575192D633FA9 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
00:30:19.0303 8456  amdkmdag - ok
00:30:19.0366 8456  [ 1CD2BC11467FD5FC7BE9827A9F3D8566 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
00:30:19.0397 8456  amdkmdap - ok
00:30:19.0428 8456  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
00:30:19.0459 8456  AmdPPM - ok
00:30:19.0506 8456  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:30:19.0522 8456  amdsata - ok
00:30:19.0553 8456  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
00:30:19.0584 8456  amdsbs - ok
00:30:19.0615 8456  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:30:19.0647 8456  amdxata - ok
00:30:19.0662 8456  [ F9D46B6B322708BD5AFCC8767EBDC901 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
00:30:19.0678 8456  amd_sata - ok
00:30:19.0709 8456  [ 329CC9C7E20DEEBCD4CD10816193EF14 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
00:30:19.0725 8456  amd_xata - ok
00:30:19.0818 8456  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:30:19.0849 8456  AntiVirSchedulerService - ok
00:30:19.0881 8456  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:30:19.0912 8456  AntiVirService - ok
00:30:19.0959 8456  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
00:30:20.0021 8456  AppID - ok
00:30:20.0068 8456  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:30:20.0146 8456  AppIDSvc - ok
00:30:20.0177 8456  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
00:30:20.0239 8456  Appinfo - ok
00:30:20.0317 8456  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:30:20.0364 8456  Apple Mobile Device - ok
00:30:20.0411 8456  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
00:30:20.0442 8456  arc - ok
00:30:20.0458 8456  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
00:30:20.0489 8456  arcsas - ok
00:30:20.0536 8456  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:30:20.0598 8456  AsyncMac - ok
00:30:20.0629 8456  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
00:30:20.0645 8456  atapi - ok
00:30:20.0692 8456  [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
00:30:20.0739 8456  AthBTPort - ok
00:30:20.0817 8456  [ 4C4A576818EA028257C624AE36FF7A03 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
00:30:20.0863 8456  Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - warning
00:30:20.0863 8456  Atheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic (1)
00:30:20.0879 8456  [ 684B36CA4067DA7000CF95771A3CF0E7 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
00:30:20.0910 8456  AtherosSvc ( UnsignedFile.Multi.Generic ) - warning
00:30:20.0910 8456  AtherosSvc - detected UnsignedFile.Multi.Generic (1)
00:30:21.0004 8456  [ 7C2D67E273E76ADC3ADB621B8404C5FB ] athr            C:\Windows\system32\DRIVERS\athrx.sys
00:30:21.0144 8456  athr - ok
00:30:21.0222 8456  [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
00:30:21.0253 8456  AtiHDAudioService - ok
00:30:21.0300 8456  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:30:21.0394 8456  AudioEndpointBuilder - ok
00:30:21.0409 8456  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:30:21.0487 8456  AudioSrv - ok
00:30:21.0519 8456  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
00:30:21.0534 8456  avgntflt - ok
00:30:21.0581 8456  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
00:30:21.0612 8456  avipbb - ok
00:30:21.0628 8456  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
00:30:21.0659 8456  avkmgr - ok
00:30:21.0706 8456  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:30:21.0831 8456  AxInstSV - ok
00:30:21.0878 8456  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
00:30:21.0956 8456  b06bdrv - ok
00:30:21.0988 8456  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:30:22.0034 8456  b57nd60a - ok
00:30:22.0112 8456  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
00:30:22.0175 8456  BCM43XX - ok
00:30:22.0237 8456  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:30:22.0268 8456  BDESVC - ok
00:30:22.0268 8456  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:30:22.0346 8456  Beep - ok
00:30:22.0409 8456  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
00:30:22.0487 8456  BFE - ok
00:30:22.0534 8456  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
00:30:22.0627 8456  BITS - ok
00:30:22.0674 8456  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
00:30:22.0690 8456  blbdrive - ok
00:30:22.0768 8456  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:30:22.0799 8456  Bonjour Service - ok
00:30:22.0861 8456  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:30:22.0909 8456  bowser - ok
00:30:22.0925 8456  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
00:30:22.0971 8456  BrFiltLo - ok
00:30:22.0987 8456  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
00:30:23.0018 8456  BrFiltUp - ok
00:30:23.0049 8456  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
00:30:23.0096 8456  Browser - ok
00:30:23.0112 8456  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:30:23.0159 8456  Brserid - ok
00:30:23.0190 8456  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:30:23.0237 8456  BrSerWdm - ok
00:30:23.0252 8456  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:30:23.0283 8456  BrUsbMdm - ok
00:30:23.0330 8456  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:30:23.0361 8456  BrUsbSer - ok
00:30:23.0393 8456  [ 227C8F308DE4AF4808E587465CEAB838 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
00:30:23.0439 8456  BTATH_A2DP - ok
00:30:23.0471 8456  [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
00:30:23.0533 8456  BTATH_BUS - ok
00:30:23.0580 8456  [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
00:30:23.0642 8456  BTATH_HCRP - ok
00:30:23.0673 8456  [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
00:30:23.0705 8456  BTATH_LWFLT - ok
00:30:23.0720 8456  [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
00:30:23.0767 8456  BTATH_RCP - ok
00:30:23.0814 8456  [ FF8B065F96E4D9525AA7227299FBD05C ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
00:30:23.0893 8456  BtFilter - ok
00:30:23.0940 8456  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
00:30:24.0018 8456  BthEnum - ok
00:30:24.0064 8456  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
00:30:24.0111 8456  BTHMODEM - ok
00:30:24.0142 8456  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
00:30:24.0220 8456  BthPan - ok
00:30:24.0283 8456  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
00:30:24.0330 8456  BTHPORT - ok
00:30:24.0376 8456  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
00:30:24.0470 8456  bthserv - ok
00:30:24.0517 8456  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
00:30:24.0532 8456  BTHUSB - ok
00:30:24.0579 8456  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:30:24.0657 8456  cdfs - ok
00:30:24.0688 8456  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:30:24.0720 8456  cdrom - ok
00:30:24.0766 8456  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
00:30:24.0844 8456  CertPropSvc - ok
00:30:24.0876 8456  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
00:30:24.0908 8456  circlass - ok
00:30:24.0939 8456  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
00:30:24.0986 8456  CLFS - ok
00:30:25.0048 8456  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:30:25.0079 8456  clr_optimization_v2.0.50727_32 - ok
00:30:25.0126 8456  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:30:25.0142 8456  clr_optimization_v2.0.50727_64 - ok
00:30:25.0235 8456  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:30:25.0267 8456  clr_optimization_v4.0.30319_32 - ok
00:30:25.0298 8456  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:30:25.0313 8456  clr_optimization_v4.0.30319_64 - ok
00:30:25.0360 8456  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
00:30:25.0391 8456  clwvd - ok
00:30:25.0423 8456  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
00:30:25.0454 8456  CmBatt - ok
00:30:25.0469 8456  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:30:25.0501 8456  cmdide - ok
00:30:25.0547 8456  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
00:30:25.0594 8456  CNG - ok
00:30:25.0625 8456  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
00:30:25.0657 8456  Compbatt - ok
00:30:25.0688 8456  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
00:30:25.0719 8456  CompositeBus - ok
00:30:25.0735 8456  COMSysApp - ok
00:30:25.0781 8456  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
00:30:25.0797 8456  crcdisk - ok
00:30:25.0875 8456  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:30:25.0906 8456  CryptSvc - ok
00:30:25.0969 8456  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:30:26.0047 8456  DcomLaunch - ok
00:30:26.0078 8456  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
00:30:26.0187 8456  defragsvc - ok
00:30:26.0218 8456  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:30:26.0296 8456  DfsC - ok
00:30:26.0327 8456  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:30:26.0374 8456  Dhcp - ok
00:30:26.0390 8456  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
00:30:26.0468 8456  discache - ok
00:30:26.0499 8456  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
00:30:26.0530 8456  Disk - ok
00:30:26.0561 8456  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:30:26.0608 8456  Dnscache - ok
00:30:26.0639 8456  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:30:26.0717 8456  dot3svc - ok
00:30:26.0733 8456  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
00:30:26.0811 8456  DPS - ok
00:30:26.0858 8456  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:30:26.0905 8456  drmkaud - ok
00:30:26.0951 8456  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:30:26.0998 8456  DXGKrnl - ok
00:30:27.0029 8456  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
00:30:27.0107 8456  EapHost - ok
00:30:27.0201 8456  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
00:30:27.0341 8456  ebdrv - ok
00:30:27.0388 8456  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
00:30:27.0419 8456  EFS - ok
00:30:27.0482 8456  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:30:27.0544 8456  ehRecvr - ok
00:30:27.0560 8456  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
00:30:27.0607 8456  ehSched - ok
00:30:27.0669 8456  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
00:30:27.0700 8456  elxstor - ok
00:30:27.0731 8456  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:30:27.0809 8456  ErrDev - ok
00:30:27.0887 8456  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
00:30:27.0965 8456  EventSystem - ok
00:30:28.0012 8456  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
00:30:28.0090 8456  exfat - ok
00:30:28.0121 8456  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:30:28.0184 8456  fastfat - ok
00:30:28.0231 8456  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
00:30:28.0309 8456  Fax - ok
00:30:28.0355 8456  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
00:30:28.0387 8456  fdc - ok
00:30:28.0402 8456  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
00:30:28.0480 8456  fdPHost - ok
00:30:28.0496 8456  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:30:28.0574 8456  FDResPub - ok
00:30:28.0605 8456  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:30:28.0621 8456  FileInfo - ok
00:30:28.0652 8456  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:30:28.0730 8456  Filetrace - ok
00:30:28.0745 8456  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
00:30:28.0792 8456  flpydisk - ok
00:30:28.0823 8456  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:30:28.0855 8456  FltMgr - ok
00:30:28.0933 8456  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
00:30:28.0995 8456  FontCache - ok
00:30:29.0057 8456  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:30:29.0089 8456  FontCache3.0.0.0 - ok
00:30:29.0135 8456  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:30:29.0151 8456  FsDepends - ok
00:30:29.0182 8456  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:30:29.0213 8456  Fs_Rec - ok
00:30:29.0276 8456  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:30:29.0354 8456  fvevol - ok
00:30:29.0384 8456  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
00:30:29.0426 8456  gagp30kx - ok
00:30:29.0516 8456  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
00:30:29.0554 8456  GamesAppService - ok
00:30:29.0601 8456  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:30:29.0624 8456  GEARAspiWDM - ok
00:30:29.0676 8456  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
00:30:29.0764 8456  gpsvc - ok
00:30:29.0816 8456  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:30:29.0841 8456  gupdate - ok
00:30:29.0859 8456  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:30:29.0884 8456  gupdatem - ok
00:30:29.0919 8456  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:30:29.0946 8456  gusvc - ok
00:30:29.0986 8456  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:30:30.0041 8456  hcw85cir - ok
00:30:30.0078 8456  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:30:30.0126 8456  HdAudAddService - ok
00:30:30.0158 8456  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
00:30:30.0191 8456  HDAudBus - ok
00:30:30.0218 8456  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
00:30:30.0246 8456  HidBatt - ok
00:30:30.0263 8456  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
00:30:30.0313 8456  HidBth - ok
00:30:30.0331 8456  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
00:30:30.0363 8456  HidIr - ok
00:30:30.0396 8456  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
00:30:30.0471 8456  hidserv - ok
00:30:30.0513 8456  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
00:30:30.0538 8456  HidUsb - ok
00:30:30.0576 8456  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:30:30.0661 8456  hkmsvc - ok
00:30:30.0676 8456  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:30:30.0726 8456  HomeGroupListener - ok
00:30:30.0761 8456  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:30:30.0791 8456  HomeGroupProvider - ok
00:30:30.0876 8456  [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
00:30:30.0898 8456  HP Wireless Assistant Service - ok
00:30:30.0978 8456  [ 03431817C7236371433D3C860810FE8A ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
00:30:31.0001 8456  HPDrvMntSvc.exe - ok
00:30:31.0041 8456  [ CC518F83732860997C3FAF56D15627A7 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
00:30:31.0081 8456  hpqwmiex - ok
00:30:31.0133 8456  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:30:31.0158 8456  HpSAMD - ok
00:30:31.0223 8456  [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
00:30:31.0243 8456  HPWMISVC - ok
00:30:31.0283 8456  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:30:31.0368 8456  HTTP - ok
00:30:31.0388 8456  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:30:31.0411 8456  hwpolicy - ok
00:30:31.0441 8456  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
00:30:31.0471 8456  i8042prt - ok
00:30:31.0516 8456  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:30:31.0551 8456  iaStorV - ok
00:30:31.0666 8456  [ E4693409D06785477A49FB34AFAE1B92 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
00:30:31.0813 8456  IconMan_R ( UnsignedFile.Multi.Generic ) - warning
00:30:31.0813 8456  IconMan_R - detected UnsignedFile.Multi.Generic (1)
00:30:31.0871 8456  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:30:31.0916 8456  idsvc - ok
00:30:31.0954 8456  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
00:30:31.0977 8456  iirsp - ok
00:30:32.0024 8456  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
00:30:32.0112 8456  IKEEXT - ok
00:30:32.0199 8456  [ 336C3A6BF14D5A9AF35AF07C6B6B29CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:30:32.0347 8456  IntcAzAudAddService - ok
00:30:32.0379 8456  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
00:30:32.0402 8456  intelide - ok
00:30:32.0434 8456  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
00:30:32.0474 8456  intelppm - ok
00:30:32.0507 8456  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:30:32.0582 8456  IPBusEnum - ok
00:30:32.0607 8456  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:30:32.0682 8456  IpFilterDriver - ok
00:30:32.0739 8456  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:30:32.0834 8456  iphlpsvc - ok
00:30:32.0867 8456  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:30:32.0894 8456  IPMIDRV - ok
00:30:32.0927 8456  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:30:33.0019 8456  IPNAT - ok
00:30:33.0089 8456  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
00:30:33.0124 8456  iPod Service - ok
00:30:33.0149 8456  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:30:33.0209 8456  IRENUM - ok
00:30:33.0254 8456  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:30:33.0279 8456  isapnp - ok
00:30:33.0302 8456  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:30:33.0332 8456  iScsiPrt - ok
00:30:33.0384 8456  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
00:30:33.0409 8456  kbdclass - ok
00:30:33.0432 8456  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
00:30:33.0477 8456  kbdhid - ok
00:30:33.0509 8456  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
00:30:33.0537 8456  KeyIso - ok
00:30:33.0582 8456  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:30:33.0607 8456  KSecDD - ok
00:30:33.0627 8456  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:30:33.0654 8456  KSecPkg - ok
00:30:33.0682 8456  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:30:33.0759 8456  ksthunk - ok
00:30:33.0807 8456  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:30:33.0887 8456  KtmRm - ok
00:30:33.0927 8456  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:30:34.0002 8456  LanmanServer - ok
00:30:34.0037 8456  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:30:34.0109 8456  LanmanWorkstation - ok
00:30:34.0144 8456  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:30:34.0214 8456  lltdio - ok
00:30:34.0264 8456  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:30:34.0347 8456  lltdsvc - ok
00:30:34.0407 8456  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:30:34.0492 8456  lmhosts - ok
00:30:34.0544 8456  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
00:30:34.0569 8456  LSI_FC - ok
00:30:34.0604 8456  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
00:30:34.0632 8456  LSI_SAS - ok
00:30:34.0657 8456  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
00:30:34.0682 8456  LSI_SAS2 - ok
00:30:34.0709 8456  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
00:30:34.0739 8456  LSI_SCSI - ok
00:30:34.0769 8456  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
00:30:34.0839 8456  luafv - ok
00:30:34.0879 8456  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
00:30:34.0902 8456  MBAMProtector - ok
00:30:34.0993 8456  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:30:35.0028 8456  MBAMScheduler - ok
00:30:35.0078 8456  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:30:35.0120 8456  MBAMService - ok
00:30:35.0178 8456  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:30:35.0215 8456  Mcx2Svc - ok
00:30:35.0268 8456  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
00:30:35.0290 8456  megasas - ok
00:30:35.0340 8456  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
00:30:35.0373 8456  MegaSR - ok
00:30:35.0448 8456  Microsoft SharePoint Workspace Audit Service - ok
00:30:35.0498 8456  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
00:30:35.0568 8456  MMCSS - ok
00:30:35.0588 8456  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
00:30:35.0665 8456  Modem - ok
00:30:35.0720 8456  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:30:35.0753 8456  monitor - ok
00:30:35.0783 8456  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:30:35.0808 8456  mouclass - ok
00:30:35.0848 8456  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
00:30:35.0886 8456  mouhid - ok
00:30:35.0913 8456  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:30:35.0941 8456  mountmgr - ok
00:30:35.0973 8456  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:30:36.0001 8456  mpio - ok
00:30:36.0013 8456  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:30:36.0083 8456  mpsdrv - ok
00:30:36.0133 8456  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:30:36.0221 8456  MpsSvc - ok
00:30:36.0246 8456  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:30:36.0283 8456  MRxDAV - ok
00:30:36.0321 8456  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:30:36.0366 8456  mrxsmb - ok
00:30:36.0403 8456  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:30:36.0448 8456  mrxsmb10 - ok
00:30:36.0473 8456  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:30:36.0503 8456  mrxsmb20 - ok
00:30:36.0528 8456  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
00:30:36.0551 8456  msahci - ok
00:30:36.0591 8456  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:30:36.0621 8456  msdsm - ok
00:30:36.0646 8456  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
00:30:36.0683 8456  MSDTC - ok
00:30:36.0713 8456  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:30:36.0786 8456  Msfs - ok
00:30:36.0811 8456  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:30:36.0901 8456  mshidkmdf - ok
00:30:36.0936 8456  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:30:36.0961 8456  msisadrv - ok
00:30:36.0996 8456  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:30:37.0068 8456  MSiSCSI - ok
00:30:37.0078 8456  msiserver - ok
00:30:37.0118 8456  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:30:37.0188 8456  MSKSSRV - ok
00:30:37.0206 8456  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:30:37.0288 8456  MSPCLOCK - ok
00:30:37.0301 8456  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:30:37.0371 8456  MSPQM - ok
00:30:37.0398 8456  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:30:37.0438 8456  MsRPC - ok
00:30:37.0478 8456  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
00:30:37.0503 8456  mssmbios - ok
00:30:37.0513 8456  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:30:37.0593 8456  MSTEE - ok
00:30:37.0608 8456  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
00:30:37.0636 8456  MTConfig - ok
00:30:37.0646 8456  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
00:30:37.0673 8456  Mup - ok
00:30:37.0726 8456  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
00:30:37.0821 8456  napagent - ok
00:30:37.0863 8456  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:30:37.0906 8456  NativeWifiP - ok
00:30:37.0966 8456  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:30:38.0018 8456  NDIS - ok
00:30:38.0061 8456  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:30:38.0141 8456  NdisCap - ok
00:30:38.0176 8456  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:30:38.0246 8456  NdisTapi - ok
00:30:38.0278 8456  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:30:38.0348 8456  Ndisuio - ok
00:30:38.0361 8456  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:30:38.0431 8456  NdisWan - ok
00:30:38.0453 8456  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:30:38.0526 8456  NDProxy - ok
00:30:38.0536 8456  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:30:38.0611 8456  NetBIOS - ok
00:30:38.0636 8456  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:30:38.0708 8456  NetBT - ok
00:30:38.0718 8456  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
00:30:38.0751 8456  Netlogon - ok
00:30:38.0806 8456  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
00:30:38.0888 8456  Netman - ok
00:30:38.0906 8456  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
00:30:38.0988 8456  netprofm - ok
00:30:39.0033 8456  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:30:39.0056 8456  NetTcpPortSharing - ok
00:30:39.0091 8456  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
00:30:39.0116 8456  nfrd960 - ok
00:30:39.0143 8456  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:30:39.0178 8456  NlaSvc - ok
00:30:39.0216 8456  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:30:39.0286 8456  Npfs - ok
00:30:39.0326 8456  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
00:30:39.0396 8456  nsi - ok
00:30:39.0421 8456  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:30:39.0491 8456  nsiproxy - ok
00:30:39.0581 8456  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:30:39.0676 8456  Ntfs - ok
00:30:39.0698 8456  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
00:30:39.0773 8456  Null - ok
00:30:39.0816 8456  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
00:30:39.0866 8456  NVENETFD - ok
00:30:39.0906 8456  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:30:39.0936 8456  nvraid - ok
00:30:39.0961 8456  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:30:39.0991 8456  nvstor - ok
00:30:40.0031 8456  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:30:40.0061 8456  nv_agp - ok
00:30:40.0101 8456  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:30:40.0143 8456  ohci1394 - ok
00:30:40.0231 8456  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:30:40.0263 8456  ose - ok
00:30:40.0443 8456  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:30:40.0598 8456  osppsvc - ok
00:30:40.0713 8456  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:30:40.0801 8456  p2pimsvc - ok
00:30:40.0846 8456  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:30:40.0883 8456  p2psvc - ok
00:30:40.0908 8456  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
00:30:40.0938 8456  Parport - ok
00:30:40.0979 8456  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:30:41.0004 8456  partmgr - ok
00:30:41.0024 8456  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:30:41.0067 8456  PcaSvc - ok
00:30:41.0109 8456  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
00:30:41.0139 8456  pci - ok
00:30:41.0179 8456  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
00:30:41.0202 8456  pciide - ok
00:30:41.0232 8456  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
00:30:41.0262 8456  pcmcia - ok
00:30:41.0294 8456  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:30:41.0324 8456  pcw - ok
00:30:41.0419 8456  [ A1688A4FB2EC49D040C027EF6DC7A87B ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
00:30:41.0474 8456  PDF Architect Helper Service - ok
00:30:41.0532 8456  [ E23FF9B2F8EEAB2BDDA681C21C48E843 ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
00:30:41.0572 8456  PDF Architect Service - ok
00:30:41.0594 8456  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:30:41.0682 8456  PEAUTH - ok
00:30:41.0794 8456  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:30:41.0834 8456  PerfHost - ok
00:30:41.0922 8456  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
00:30:42.0049 8456  pla - ok
00:30:42.0104 8456  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:30:42.0152 8456  PlugPlay - ok
00:30:42.0169 8456  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:30:42.0209 8456  PNRPAutoReg - ok
00:30:42.0244 8456  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:30:42.0279 8456  PNRPsvc - ok
00:30:42.0317 8456  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:30:42.0417 8456  PolicyAgent - ok
00:30:42.0454 8456  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
00:30:42.0537 8456  Power - ok
00:30:42.0579 8456  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:30:42.0659 8456  PptpMiniport - ok
00:30:42.0699 8456  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
00:30:42.0732 8456  Processor - ok
00:30:42.0794 8456  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:30:42.0834 8456  ProfSvc - ok
00:30:42.0854 8456  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:30:42.0882 8456  ProtectedStorage - ok
00:30:42.0929 8456  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:30:43.0004 8456  Psched - ok
00:30:43.0089 8456  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
00:30:43.0182 8456  ql2300 - ok
00:30:43.0194 8456  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
00:30:43.0224 8456  ql40xx - ok
00:30:43.0259 8456  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
00:30:43.0302 8456  QWAVE - ok
00:30:43.0319 8456  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:30:43.0369 8456  QWAVEdrv - ok
00:30:43.0392 8456  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:30:43.0464 8456  RasAcd - ok
00:30:43.0509 8456  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:30:43.0582 8456  RasAgileVpn - ok
00:30:43.0602 8456  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
00:30:43.0694 8456  RasAuto - ok
00:30:43.0727 8456  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:30:43.0839 8456  Rasl2tp - ok
00:30:43.0864 8456  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
00:30:43.0944 8456  RasMan - ok
00:30:43.0972 8456  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:30:44.0047 8456  RasPppoe - ok
00:30:44.0079 8456  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:30:44.0152 8456  RasSstp - ok
00:30:44.0174 8456  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:30:44.0249 8456  rdbss - ok
00:30:44.0279 8456  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
00:30:44.0327 8456  rdpbus - ok
00:30:44.0357 8456  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:30:44.0429 8456  RDPCDD - ok
00:30:44.0447 8456  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:30:44.0524 8456  RDPENCDD - ok
00:30:44.0549 8456  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:30:44.0622 8456  RDPREFMP - ok
00:30:44.0669 8456  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:30:44.0699 8456  RDPWD - ok
00:30:44.0762 8456  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:30:44.0789 8456  rdyboost - ok
00:30:44.0832 8456  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:30:44.0924 8456  RemoteAccess - ok
00:30:44.0962 8456  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:30:45.0039 8456  RemoteRegistry - ok
00:30:45.0089 8456  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
00:30:45.0124 8456  RFCOMM - ok
00:30:45.0152 8456  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:30:45.0227 8456  RpcEptMapper - ok
00:30:45.0254 8456  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
00:30:45.0299 8456  RpcLocator - ok
00:30:45.0337 8456  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
00:30:45.0419 8456  RpcSs - ok
00:30:45.0467 8456  [ 546D7F426776090B90EF5F195B6AE662 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
00:30:45.0499 8456  RSPCIESTOR - ok
00:30:45.0547 8456  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:30:45.0619 8456  rspndr - ok
00:30:45.0664 8456  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
00:30:45.0702 8456  RTL8167 - ok
00:30:45.0719 8456  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
00:30:45.0759 8456  SamSs - ok
00:30:45.0914 8456  [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA          C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x64\Sandra.sys
00:30:45.0952 8456  SANDRA - ok
00:30:45.0989 8456  [ D5C3BE660BA6DB061C7D05BAFC1C4242 ] SandraAgentSrv  C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe
00:30:46.0004 8456  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
00:30:46.0004 8456  SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
00:30:46.0047 8456  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:30:46.0072 8456  sbp2port - ok
00:30:46.0177 8456  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
00:30:46.0252 8456  SBSDWSCService - ok
00:30:46.0289 8456  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:30:46.0367 8456  SCardSvr - ok
00:30:46.0384 8456  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:30:46.0472 8456  scfilter - ok
00:30:46.0517 8456  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
00:30:46.0609 8456  Schedule - ok
00:30:46.0647 8456  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:30:46.0717 8456  SCPolicySvc - ok
00:30:46.0759 8456  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
00:30:46.0809 8456  sdbus - ok
00:30:46.0839 8456  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:30:46.0889 8456  SDRSVC - ok
00:30:46.0932 8456  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:30:47.0004 8456  secdrv - ok
00:30:47.0024 8456  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
00:30:47.0114 8456  seclogon - ok
00:30:47.0134 8456  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
00:30:47.0209 8456  SENS - ok
00:30:47.0232 8456  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:30:47.0294 8456  SensrSvc - ok
00:30:47.0334 8456  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
00:30:47.0384 8456  Serenum - ok
00:30:47.0414 8456  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
00:30:47.0454 8456  Serial - ok
00:30:47.0492 8456  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
00:30:47.0529 8456  sermouse - ok
00:30:47.0589 8456  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
00:30:47.0677 8456  SessionEnv - ok
00:30:47.0719 8456  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:30:47.0757 8456  sffdisk - ok
00:30:47.0784 8456  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:30:47.0819 8456  sffp_mmc - ok
00:30:47.0859 8456  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:30:47.0899 8456  sffp_sd - ok
00:30:47.0947 8456  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
00:30:47.0983 8456  sfloppy - ok
00:30:48.0043 8456  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:30:48.0138 8456  SharedAccess - ok
00:30:48.0175 8456  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:30:48.0255 8456  ShellHWDetection - ok
00:30:48.0310 8456  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
00:30:48.0335 8456  SiSRaid2 - ok
00:30:48.0375 8456  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
00:30:48.0400 8456  SiSRaid4 - ok
00:30:48.0458 8456  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:30:48.0535 8456  Smb - ok
00:30:48.0588 8456  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:30:48.0633 8456  SNMPTRAP - ok
00:30:48.0650 8456  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:30:48.0675 8456  spldr - ok
00:30:48.0725 8456  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
00:30:48.0775 8456  Spooler - ok
00:30:48.0865 8456  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
00:30:49.0078 8456  sppsvc - ok
00:30:49.0108 8456  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:30:49.0200 8456  sppuinotify - ok
00:30:49.0240 8456  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:30:49.0290 8456  srv - ok
00:30:49.0323 8456  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:30:49.0358 8456  srv2 - ok
00:30:49.0400 8456  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:30:49.0433 8456  SrvHsfHDA - ok
00:30:49.0478 8456  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:30:49.0563 8456  SrvHsfV92 - ok
00:30:49.0598 8456  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:30:49.0640 8456  SrvHsfWinac - ok
00:30:49.0680 8456  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:30:49.0708 8456  srvnet - ok
00:30:49.0750 8456  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:30:49.0838 8456  SSDPSRV - ok
00:30:49.0858 8456  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:30:49.0933 8456  SstpSvc - ok
00:30:49.0953 8456  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
00:30:49.0978 8456  stexstor - ok
00:30:50.0028 8456  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
00:30:50.0058 8456  StillCam - ok
00:30:50.0095 8456  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
00:30:50.0150 8456  stisvc - ok
00:30:50.0180 8456  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
00:30:50.0205 8456  swenum - ok
00:30:50.0240 8456  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
00:30:50.0343 8456  swprv - ok
00:30:50.0393 8456  [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
00:30:50.0425 8456  SynTP - ok
00:30:50.0485 8456  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
00:30:50.0575 8456  SysMain - ok
00:30:50.0600 8456  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:30:50.0640 8456  TabletInputService - ok
00:30:50.0663 8456  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:30:50.0743 8456  TapiSrv - ok
00:30:50.0763 8456  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
00:30:50.0855 8456  TBS - ok
00:30:50.0960 8456  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:30:51.0068 8456  Tcpip - ok
00:30:51.0170 8456  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:30:51.0245 8456  TCPIP6 - ok
00:30:51.0298 8456  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:30:51.0325 8456  tcpipreg - ok
00:30:51.0368 8456  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:30:51.0438 8456  TDPIPE - ok
00:30:51.0465 8456  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:30:51.0503 8456  TDTCP - ok
00:30:51.0538 8456  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:30:51.0608 8456  tdx - ok
00:30:51.0640 8456  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
00:30:51.0665 8456  TermDD - ok
00:30:51.0713 8456  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
00:30:51.0815 8456  TermService - ok
00:30:51.0840 8456  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
00:30:51.0880 8456  Themes - ok
00:30:51.0918 8456  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
00:30:51.0990 8456  THREADORDER - ok
00:30:52.0008 8456  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
00:30:52.0085 8456  TrkWks - ok
00:30:52.0140 8456  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:30:52.0210 8456  TrustedInstaller - ok
00:30:52.0240 8456  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:30:52.0333 8456  tssecsrv - ok
00:30:52.0350 8456  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:30:52.0393 8456  TsUsbFlt - ok
00:30:52.0425 8456  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
00:30:52.0450 8456  TsUsbGD - ok
00:30:52.0495 8456  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:30:52.0568 8456  tunnel - ok
00:30:52.0595 8456  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
00:30:52.0620 8456  uagp35 - ok
00:30:52.0653 8456  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:30:52.0740 8456  udfs - ok
00:30:52.0790 8456  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:30:52.0823 8456  UI0Detect - ok
00:30:52.0860 8456  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:30:52.0885 8456  uliagpkx - ok
00:30:52.0928 8456  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:30:52.0955 8456  umbus - ok
00:30:52.0983 8456  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
00:30:53.0020 8456  UmPass - ok
00:30:53.0058 8456  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
00:30:53.0153 8456  upnphost - ok
00:30:53.0195 8456  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
00:30:53.0238 8456  USBAAPL64 - ok
00:30:53.0253 8456  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:30:53.0288 8456  usbccgp - ok
00:30:53.0318 8456  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:30:53.0350 8456  usbcir - ok
00:30:53.0393 8456  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
00:30:53.0418 8456  usbehci - ok
00:30:53.0473 8456  [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
00:30:53.0495 8456  usbfilter - ok
00:30:53.0518 8456  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
00:30:53.0550 8456  usbhub - ok
00:30:53.0565 8456  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:30:53.0593 8456  usbohci - ok
00:30:53.0625 8456  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:30:53.0668 8456  usbprint - ok
00:30:53.0728 8456  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:30:53.0770 8456  usbscan - ok
00:30:53.0810 8456  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:30:53.0873 8456  USBSTOR - ok
00:30:53.0893 8456  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
00:30:53.0933 8456  usbuhci - ok
00:30:53.0981 8456  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
00:30:54.0016 8456  usbvideo - ok
00:30:54.0046 8456  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
00:30:54.0121 8456  UxSms - ok
00:30:54.0141 8456  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
00:30:54.0171 8456  VaultSvc - ok
00:30:54.0189 8456  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:30:54.0216 8456  vdrvroot - ok
00:30:54.0276 8456  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
00:30:54.0369 8456  vds - ok
00:30:54.0409 8456  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:30:54.0441 8456  vga - ok
00:30:54.0466 8456  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:30:54.0536 8456  VgaSave - ok
00:30:54.0561 8456  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:30:54.0591 8456  vhdmp - ok
00:30:54.0616 8456  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:30:54.0641 8456  viaide - ok
00:30:54.0666 8456  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:30:54.0691 8456  volmgr - ok
00:30:54.0719 8456  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:30:54.0754 8456  volmgrx - ok
00:30:54.0781 8456  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:30:54.0816 8456  volsnap - ok
00:30:54.0871 8456  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
00:30:54.0899 8456  vsmraid - ok
00:30:54.0969 8456  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
00:30:55.0101 8456  VSS - ok
00:30:55.0141 8456  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
00:30:55.0174 8456  vwifibus - ok
00:30:55.0209 8456  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
00:30:55.0244 8456  vwififlt - ok
00:30:55.0284 8456  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
00:30:55.0321 8456  vwifimp - ok
00:30:55.0354 8456  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
00:30:55.0436 8456  W32Time - ok
00:30:55.0474 8456  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
00:30:55.0514 8456  WacomPen - ok
00:30:55.0549 8456  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:30:55.0619 8456  WANARP - ok
00:30:55.0631 8456  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:30:55.0701 8456  Wanarpv6 - ok
00:30:55.0784 8456  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
00:30:55.0864 8456  WatAdminSvc - ok
00:30:55.0919 8456  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
00:30:56.0001 8456  wbengine - ok
00:30:56.0029 8456  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:30:56.0074 8456  WbioSrvc - ok
00:30:56.0116 8456  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:30:56.0161 8456  wcncsvc - ok
00:30:56.0179 8456  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:30:56.0214 8456  WcsPlugInService - ok
00:30:56.0236 8456  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
00:30:56.0259 8456  Wd - ok
00:30:56.0309 8456  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:30:56.0364 8456  Wdf01000 - ok
00:30:56.0379 8456  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:30:56.0421 8456  WdiServiceHost - ok
00:30:56.0429 8456  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:30:56.0471 8456  WdiSystemHost - ok
00:30:56.0499 8456  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
00:30:56.0554 8456  WebClient - ok
00:30:56.0569 8456  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:30:56.0654 8456  Wecsvc - ok
00:30:56.0701 8456  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:30:56.0776 8456  wercplsupport - ok
00:30:56.0819 8456  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:30:56.0896 8456  WerSvc - ok
00:30:56.0944 8456  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:30:57.0014 8456  WfpLwf - ok
00:30:57.0039 8456  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:30:57.0061 8456  WIMMount - ok
00:30:57.0094 8456  WinDefend - ok
00:30:57.0109 8456  WinHttpAutoProxySvc - ok
00:30:57.0191 8456  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:30:57.0281 8456  Winmgmt - ok
00:30:57.0376 8456  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
00:30:57.0519 8456  WinRM - ok
00:30:57.0589 8456  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
00:30:57.0639 8456  WinUsb - ok
00:30:57.0694 8456  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:30:57.0751 8456  Wlansvc - ok
00:30:57.0879 8456  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:30:58.0006 8456  wlidsvc - ok
00:30:58.0051 8456  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
00:30:58.0079 8456  WmiAcpi - ok
00:30:58.0119 8456  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:30:58.0151 8456  wmiApSrv - ok
00:30:58.0201 8456  WMPNetworkSvc - ok
00:30:58.0236 8456  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:30:58.0271 8456  WPCSvc - ok
00:30:58.0296 8456  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:30:58.0331 8456  WPDBusEnum - ok
00:30:58.0349 8456  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:30:58.0434 8456  ws2ifsl - ok
00:30:58.0456 8456  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
00:30:58.0499 8456  wscsvc - ok
00:30:58.0554 8456  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
00:30:58.0586 8456  WSDPrintDevice - ok
00:30:58.0599 8456  WSearch - ok
00:30:58.0711 8456  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:30:58.0841 8456  wuauserv - ok
00:30:58.0886 8456  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:30:58.0924 8456  WudfPf - ok
00:30:58.0974 8456  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:30:59.0021 8456  WUDFRd - ok
00:30:59.0074 8456  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:30:59.0104 8456  wudfsvc - ok
00:30:59.0141 8456  [ CE8CF9DE9CBFDAA318BD04D8BE3FCADA ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:30:59.0189 8456  WwanSvc - ok
00:30:59.0256 8456  [ EB71EAE3FB76758DEB8DEFC2C1EA25E9 ] XobniService    C:\Program Files (x86)\Xobni\XobniService.exe
00:30:59.0276 8456  XobniService - ok
00:30:59.0316 8456  ================ Scan global ===============================
00:30:59.0344 8456  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:30:59.0386 8456  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:30:59.0401 8456  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:30:59.0434 8456  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:30:59.0476 8456  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:30:59.0486 8456  [Global] - ok
00:30:59.0486 8456  ================ Scan MBR ==================================
00:30:59.0509 8456  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:30:59.0939 8456  \Device\Harddisk0\DR0 - ok
00:30:59.0939 8456  ================ Scan VBR ==================================
00:30:59.0946 8456  [ E9C3138E709028B524E480F8703F2DA8 ] \Device\Harddisk0\DR0\Partition1
00:30:59.0949 8456  \Device\Harddisk0\DR0\Partition1 - ok
00:30:59.0991 8456  [ 7A5C513C60E8A23139D1478CD7565A50 ] \Device\Harddisk0\DR0\Partition2
00:30:59.0994 8456  \Device\Harddisk0\DR0\Partition2 - ok
00:31:00.0024 8456  [ 068210F4C767B46B28FA2D3FB5A58F9D ] \Device\Harddisk0\DR0\Partition3
00:31:00.0029 8456  \Device\Harddisk0\DR0\Partition3 - ok
00:31:00.0051 8456  [ AED2C89BB73EB449553ADF85D3FAA956 ] \Device\Harddisk0\DR0\Partition4
00:31:00.0051 8456  \Device\Harddisk0\DR0\Partition4 - ok
00:31:00.0056 8456  ============================================================
00:31:00.0056 8456  Scan finished
00:31:00.0056 8456  ============================================================
00:31:00.0086 7512  Detected object count: 4
00:31:00.0086 7512  Actual detected object count: 4
00:31:23.0491 7512  Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by user
00:31:23.0491 7512  Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:31:23.0498 7512  AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:31:23.0498 7512  AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:31:23.0506 7512  IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
00:31:23.0506 7512  IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:31:23.0508 7512  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
00:31:23.0508 7512  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:31:32.0393 5872  Deinitialize success
         

Alt 07.05.2013, 10:23   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen - Standard

Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen



Zitat:
Der Scan im Programm aswMBR ist mittendrin abgebrochen und das Programm hat sich geschlossen.
Dazu gab es in der Anleitung von aswMBR einen Hinweis ganz unten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.05.2013, 11:13   #13
Cherry250
 
Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen - Standard

Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen



Mit AV Scan None gab es folgendes Ergebnis:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-07 12:08:11
-----------------------------
12:08:11.286    OS Version: Windows x64 6.1.7601 Service Pack 1
12:08:11.286    Number of processors: 2 586 0x200
12:08:11.286    ComputerName: CHERRY-HP  UserName: Cherry
12:08:12.487    Initialize success
12:08:36.777    AVAST engine defs: 13050601
12:09:10.727    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
12:09:10.727    Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 11
12:09:10.899    Disk 0 MBR read successfully
12:09:10.914    Disk 0 MBR scan
12:09:10.914    Disk 0 Windows 7 default MBR code
12:09:10.930    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
12:09:10.946    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       289239 MB offset 409600
12:09:10.992    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15702 MB offset 592771072
12:09:11.024    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 624928768
12:09:11.117    Disk 0 scanning C:\Windows\system32\drivers
12:09:27.513    Service scanning
12:10:06.246    Modules scanning
12:10:06.277    Disk 0 trace - called modules:
12:10:06.324    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys 
12:10:06.340    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80071b16b0]
12:10:06.355    3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800702a040]
12:10:06.371    5 amd_xata.sys[fffff8800115ba1d] -> nt!IofCallDriver -> [0xfffffa8007026970]
12:10:06.371    7 ACPI.sys[fffff88000f187a1] -> nt!IofCallDriver -> \Device\00000065[0xfffffa8007026060]
12:10:06.386    Scan finished successfully
12:10:25.263    Disk 0 MBR has been saved successfully to "C:\Users\Cherry\Desktop\MBR.dat"
12:10:25.278    The log file has been saved successfully to "C:\Users\Cherry\Desktop\aswMBR.txt"
         

Alt 07.05.2013, 12:08   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen - Standard

Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.05.2013, 13:52   #15
Cherry250
 
Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen - Standard

Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen



Code:
ATTFilter
ComboFix 13-05-07.02 - Cherry 07.05.2013  14:04:32.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.7787.5825 [GMT 2:00]
ausgeführt von:: c:\users\Cherry\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DKB-Cashback\DKB-cashback.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-07 bis 2013-05-07  ))))))))))))))))))))))))))))))
.
.
2013-05-07 12:16 . 2013-05-07 12:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-06 09:57 . 2013-05-06 09:57	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-03 20:05 . 2013-05-03 20:05	--------	d-----w-	c:\users\Cherry\AppData\Roaming\Malwarebytes
2013-05-03 20:05 . 2013-05-03 20:05	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-03 20:05 . 2013-05-03 20:05	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-03 20:05 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-05-03 18:58 . 2013-05-03 18:58	--------	d-----w-	c:\users\Cherry\AppData\Roaming\Ukwa
2013-05-03 18:58 . 2013-05-03 20:24	--------	d-----w-	c:\users\Cherry\AppData\Roaming\Olohu
2013-05-03 18:58 . 2013-05-03 20:19	--------	d-----w-	c:\users\Cherry\AppData\Roaming\Pogo
2013-05-03 15:00 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B642EF73-8A55-4C13-8DA5-A012014AD94C}\mpengine.dll
2013-04-26 11:55 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-11 18:27 . 2013-02-15 06:06	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-04-09 17:20 . 2013-04-09 17:20	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-07 18:53 . 2013-04-07 18:53	--------	d-----w-	c:\programdata\Fugazo
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-11 18:34 . 2012-06-16 12:48	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-27 19:52 . 2013-03-27 19:52	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-27 19:52 . 2012-06-17 20:41	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-03-27 19:52 . 2011-08-02 11:38	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-27 19:47 . 2013-03-27 19:48	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-27 19:47 . 2013-03-27 19:48	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-27 19:47 . 2013-03-27 19:48	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-14 22:07 . 2012-06-16 18:07	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 22:07 . 2012-06-16 18:07	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45 . 2013-03-14 22:06	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 22:06	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 22:06	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 22:06	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 22:06	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 22:06	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 20:25	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Cherry\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Cherry\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Cherry\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-05 336384]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-06 345312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Cherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Cherry\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-02-25 62184]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-06 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-06 298144]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-06 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-06 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-06 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-06 279200]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe [2008-12-27 68760]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-14 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-27 28600]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-06 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 365568]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-27 86752]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-06 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-06 53920]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2013-01-09 1324104]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2013-01-09 795208]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-07-13 114704]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-06 28832]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-02-09 31088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-30 44672]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 22:07]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 11:53]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 11:53]
.
2013-04-19 c:\windows\Tasks\HPCeeScheduleForCherry.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Cherry\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Cherry\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Cherry\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Cherry\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-06 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-06 379040]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110111611150} - c:\program files (x86)\DKB-Cashback\DKB-Cashback.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-07  14:28:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-07 12:28
.
Vor Suchlauf: 10 Verzeichnis(se), 209.638.817.792 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 210.236.784.640 Bytes frei
.
- - End Of File - - 58876C09DADA28275AE73C975384E9D8
         
Ich hab irgendwie jetzt echte Probleme mit dem Internet Explorer, ich komme nur noch über Umwege auf Seiten; sobald ich eine Adresse direkt eingebe und auch bei einigen Links kommt nur eine leere Seite; kann das an dem Combofix liegen?

Antwort

Themen zu Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen
administrator, anti-malware, antivir, appdata, autostart, code, dateien, e-banking, explorer, firefox, gelöscht, hängt, infizierte, löschen, malwarebytes, microsoft, modul, online-banking, passwörter, roaming, software, speicher, suche, tans, tool, trojaner, ändern



Ähnliche Themen: Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen


  1. Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.-
    Plagegeister aller Art und deren Bekämpfung - 12.04.2014 (23)
  2. Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (23)
  3. Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)
    Log-Analyse und Auswertung - 03.04.2013 (20)
  4. Trojan.Agent.IET / IPH.Trojan.Zbot.Rke / 100er Tan Abfrage OnlineBanking Deutsche Bank
    Log-Analyse und Auswertung - 27.03.2013 (10)
  5. wgsdgsdgdsgsd.exe - Trojaner und Trojan.Zbot.SXGen
    Plagegeister aller Art und deren Bekämpfung - 24.11.2012 (16)
  6. BKA-Trojaner Funde: Spyware.Zbot.DG Trojan.Ransom.Gen
    Plagegeister aller Art und deren Bekämpfung - 11.08.2012 (14)
  7. Trojaner? fragt nach Admin-Kennwort ...
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  8. PUP.OfferBundler.ST; Trojan.FakeTwain; Trojan.Zbot.Gen
    Log-Analyse und Auswertung - 22.05.2012 (5)
  9. mehrere Trojaner (Spy Banker, Stolen Data, Malware Gen/Trace, Trojan Passwords, Zbot)
    Log-Analyse und Auswertung - 20.12.2011 (21)
  10. Trojaner fragt nach TAN´s beim Online-Banking
    Log-Analyse und Auswertung - 03.01.2011 (34)
  11. Spyware.Zbot/Trojan Downloader/Trojan.Hiloti Viren Problem!
    Plagegeister aller Art und deren Bekämpfung - 04.10.2010 (3)
  12. Trojaner Trojan-Spy.Win32.Zbot.gen in C:\windows\system32\sdra64.exe
    Plagegeister aller Art und deren Bekämpfung - 19.03.2010 (4)
  13. Virus-scan fand trojan.Dropper, GayCodec.lookAlert...(vollständige liste im thread)
    Log-Analyse und Auswertung - 07.01.2010 (30)
  14. Plagegeist ohne Ahnung fragt Trojaner on board??
    Plagegeister aller Art und deren Bekämpfung - 15.10.2009 (19)
  15. Trojaner Trojan-Spy.Zbot.YETH: noch Gefahr?
    Plagegeister aller Art und deren Bekämpfung - 08.09.2009 (29)
  16. Trojaner gefunden - Trojan-Spy.Zbot.YETH
    Plagegeister aller Art und deren Bekämpfung - 27.08.2009 (1)
  17. 10-TAN Trojaner: Bank-Website fragt 10 PINs ab!
    Plagegeister aller Art und deren Bekämpfung - 08.01.2009 (2)

Zum Thema Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen - Ich habe mich gestern abend in mein Online-Banking eingeloggt und sofort tauchte ein Fenster auf, in dem ich sämtliche TANs eingeben sollte, was ich natürlich nicht gemacht habe. Ich habe - Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen...
Archiv
Du betrachtest: Trojaner fragt TAN-Liste ab: Trojan.Zbot.ACgen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.