Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.05.2013, 16:20   #1
Mischer
 
Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - Standard

Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe



Hallo,

ich hoffe hier auf kompetente Hilfe bei einem Problem, welches ich seit 4 Tagen habe. Offenbar scheine ich mir beim Surfen Malware eingefangen zu haben. Die Suche hier im Forum hat bereits einen Thread hervorgebracht, wo jemand offenbar das Gleiche Problem hat. Leider gab es dort noch keinen konkreten Lösungsvorschlag.
http://www.trojaner-board.de/134789-...-maleware.html

Als Antivirensoftware nutze ich eine Avast Vollversion, den Avira Free Antivirus und lasse außerdem in unregelmäßigen Abständen auch noch Antimalwarebytes mitlaufen.
Seit nun 4 Tagen bekomme ich bei jedem Systemstart die Meldung von Avast, das eine unerwünschte Anwedung/Prozess blockiert wurde.
Da ich nun bei Avast mittlerweile schon 9 Dateien im Viruscontainer habe und die Meldung beim Systemstart immer wieder auftaucht, wende ich mich hilfesuchend an Euch.

Die von Avast als Win32:Malware-gen identifizierten Dateien befanden sich alle in C:\Users\Atelco\AppData\Local\Temp

Den Prozess meldete Avast ausgehend von c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Die Suchläufe von Avira und Antimalwarebytes ergaben keine Funde.



Eure Anleitung zum Posten von Logs habe ich Schritt für Schritt befolgt und die Logs wurden diesem Post angehängt. Außerdem habe ich mir erlaubt den TDSSKiller ebenfalls auszuführen, was von dem betreuenden Helfer des, am Anfang meines Beitrags erwähnten Threads, empfohlen wurde. Diesen Log habe ich ebenfalls in den Anhang des Beitrages geladen.

Ich bin für jede Hilfe dankbar!

Gruß

Alt 11.05.2013, 16:24   #2
markusg
/// Malware-holic
 
Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - Standard

Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe



Hi
bitte deinstaliere avast oder Avira, immer nur ein antimalware programm auf einmal, sonst kanns probleme geben.
poste bitte die Avast Fundmeldungen.
mit genauen Pfadangaben
__________________

__________________

Alt 11.05.2013, 16:43   #3
Mischer
 
Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - Standard

Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe



Zitat:
Zitat von markusg Beitrag anzeigen
Hi
bitte deinstaliere avast oder Avira, immer nur ein antimalware programm auf einmal, sonst kanns probleme geben.
poste bitte die Avast Fundmeldungen.
mit genauen Pfadangaben
Hallo und danke für die rasche Antwort.

Ich habe deinen Rat befolgt und Avira so eben deinstalliert.

Da ich nun schon ein paar Neustarts hinter mir habe, sind es mehr Dateien geworden, dank besagter Problematik. Da ich ein bißchen doof bin ( ) und die Copy-Paste Funktion bei Avast nicht finde habe ich ein jpeg angehängt.
__________________
Miniaturansicht angehängter Grafiken
Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe-avast.jpg  

Alt 11.05.2013, 16:51   #4
markusg
/// Malware-holic
 
Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - Standard

Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe



bitte mal als text posten, kanns so nicht lesen.
wenns immer die selben Pfade sind, musst du den nur einmal posten und evtl. 2 3 dateinamen.
Danach:

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.05.2013, 17:41   #5
Mischer
 
Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - Standard

Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe



Hallo,

alles erledigt, wie gewünscht.

Code:
ATTFilter
Prozess:
c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Dateinamen (4 von 13):

2jpmfbf0.dll
h4otot3c.dll
owom1zlf.dll
ydukdklz.dll

Ursprünglicher Ort der Dateien wird von Avast als:

c:\Users\Atelco\AppData\Local\Temp

angegeben.
         


OTL
Code:
ATTFilter
OTL logfile created on: 11.05.2013 18:26:39 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Atelco\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 13,80 Gb Available Physical Memory | 86,36% Memory free
31,95 Gb Paging File | 29,79 Gb Available in Paging File | 93,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 618,39 Gb Total Space | 497,94 Gb Free Space | 80,52% Space Free | Partition Type: NTFS
Drive D: | 618,59 Gb Total Space | 615,04 Gb Free Space | 99,43% Space Free | Partition Type: NTFS
Drive E: | 625,94 Gb Total Space | 447,98 Gb Free Space | 71,57% Space Free | Partition Type: NTFS
 
Computer Name: AELTHRED | User Name: Atelco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Atelco\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - D:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe ()
PRC - E:\Trust Gaming Mouse\Mouse.exe ()
PRC - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Users\Atelco\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()
MOD - D:\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe ()
MOD - E:\Trust Gaming Mouse\Mouse.exe ()
MOD - C:\Windows\twain_32\Samsung\SCX3200\SSOle.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (CGVPNCliSrvc) -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (DokanMounter) -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe ()
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Realtek11nCU) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- D:\Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTLE8023x64) -- C:\Windows\SysNative\drivers\Rtenic64.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (Dokan) -- C:\Windows\SysNative\drivers\dokan.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (trustms) -- C:\Windows\SysNative\drivers\trustms.sys ()
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-678325235-554912938-2678598872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-21-678325235-554912938-2678598872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-678325235-554912938-2678598872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-678325235-554912938-2678598872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 C1 E8 FB B0 7D CC 01  [binary data]
IE - HKU\S-1-5-21-678325235-554912938-2678598872-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-678325235-554912938-2678598872-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-678325235-554912938-2678598872-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-678325235-554912938-2678598872-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Adobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.11 17:53:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: D:\Firefox\components [2013.05.09 11:18:35 | 000,000,000 | ---D | M]
 
[2011.09.23 13:27:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Atelco\AppData\Roaming\mozilla\Extensions
[2013.05.08 18:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Atelco\AppData\Roaming\mozilla\Firefox\Profiles\92poh4uw.default-1355154101686\extensions
[2012.12.10 17:43:49 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Atelco\AppData\Roaming\mozilla\firefox\profiles\92poh4uw.default-1355154101686\extensions\testpilot@labs.mozilla.com.xpi
[2013.05.08 18:19:12 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Atelco\AppData\Roaming\mozilla\firefox\profiles\92poh4uw.default-1355154101686\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.14 14:31:00 | 000,000,911 | ---- | M] () -- C:\Users\Atelco\AppData\Roaming\mozilla\firefox\profiles\92poh4uw.default-1355154101686\searchplugins\11-suche.xml
[2012.12.14 14:31:00 | 000,002,273 | ---- | M] () -- C:\Users\Atelco\AppData\Roaming\mozilla\firefox\profiles\92poh4uw.default-1355154101686\searchplugins\englische-ergebnisse.xml
[2012.12.14 14:31:00 | 000,010,563 | ---- | M] () -- C:\Users\Atelco\AppData\Roaming\mozilla\firefox\profiles\92poh4uw.default-1355154101686\searchplugins\gmx-suche.xml
[2012.12.14 14:31:00 | 000,002,432 | ---- | M] () -- C:\Users\Atelco\AppData\Roaming\mozilla\firefox\profiles\92poh4uw.default-1355154101686\searchplugins\lastminute.xml
[2012.12.14 14:31:00 | 000,005,545 | ---- | M] () -- C:\Users\Atelco\AppData\Roaming\mozilla\firefox\profiles\92poh4uw.default-1355154101686\searchplugins\webde-suche.xml
[2013.05.11 17:53:42 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\Atelco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Atelco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Atelco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [CNAP2 Launcher] C:\Windows\SysNative\spool\drivers\x64\3\CNAP2LAK.EXE (CANON INC.)
O4:64bit: - HKLM..\Run: [KiesTrayAgent] D:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [3200 Scan2PC] C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [GrooveMonitor] D:\Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] D:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SCX3200_Scan2Pc] C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe ()
O4 - HKLM..\Run: [TQ566808] "F:\Setup.exe" File not found
O4 - HKLM..\Run: [Trust Gaming Mouse] E:\Trust Gaming Mouse\Mouse.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-678325235-554912938-2678598872-1000..\Run: [Akamai NetSession Interface] C:\Users\Atelco\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-678325235-554912938-2678598872-1000..\Run: [EADM] E:\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-678325235-554912938-2678598872-1000..\Run: [KiesHelper] D:\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-678325235-554912938-2678598872-1000..\Run: [KiesPDLR] D:\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-678325235-554912938-2678598872-1000..\Run: [Steam] E:\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-678325235-554912938-2678598872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-678325235-554912938-2678598872-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-678325235-554912938-2678598872-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-678325235-554912938-2678598872-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-678325235-554912938-2678598872-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31DB8712-863D-4708-9D69-5AE161D3146A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65CE0C9C-D16C-48B7-97DF-FF0F5148CB93}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{01d2faec-8333-11e1-901b-f46d04ac6819}\Shell - "" = AutoRun
O33 - MountPoints2\{01d2faec-8333-11e1-901b-f46d04ac6819}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{01d2fb07-8333-11e1-901b-f46d04ac6819}\Shell - "" = AutoRun
O33 - MountPoints2\{01d2fb07-8333-11e1-901b-f46d04ac6819}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{0fc9d403-887d-11e1-9d06-f46d04ac6819}\Shell - "" = AutoRun
O33 - MountPoints2\{0fc9d403-887d-11e1-9d06-f46d04ac6819}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{a0fa27d9-2104-11e1-aade-002683195149}\Shell - "" = AutoRun
O33 - MountPoints2\{a0fa27d9-2104-11e1-aade-002683195149}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{a348dba2-e5c2-11e0-b1a9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a348dba2-e5c2-11e0-b1a9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{e373e0c0-4a1f-11e2-be75-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e373e0c0-4a1f-11e2-be75-806e6f6e6963}\Shell\AutoRun\command - "" = I:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.11 17:53:44 | 000,022,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013.05.11 17:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus
[2013.05.01 15:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.14 09:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.05.30 19:13:06 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Atelco\AppData\Roaming\pcouffin.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.11 18:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.11 18:02:22 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.11 18:02:21 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.11 18:00:54 | 001,501,208 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.11 18:00:54 | 000,655,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.11 18:00:54 | 000,617,116 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.11 18:00:54 | 000,130,074 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.11 18:00:54 | 000,106,298 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.11 17:54:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.11 17:54:44 | 4276,781,054 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.11 17:53:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.05.11 17:52:23 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2013.05.11 17:41:50 | 000,190,605 | ---- | M] () -- C:\Users\Atelco\Desktop\avast.jpg
[2013.05.11 16:00:51 | 001,889,560 | ---- | M] () -- C:\Users\Atelco\Desktop\Unbenannt.png
[2013.05.11 15:20:32 | 000,000,020 | ---- | M] () -- C:\Users\Atelco\defogger_reenable
[2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.05.09 10:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.05.09 10:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.05.09 10:59:06 | 000,022,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.09 10:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.05.09 09:45:09 | 000,000,202 | ---- | M] () -- C:\Users\Atelco\Desktop\Cities XL Platinum.url
[2013.05.09 08:42:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.01 15:32:40 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.21 10:06:33 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.21 10:06:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.20 15:51:56 | 000,000,729 | ---- | M] () -- C:\Users\Atelco\Desktop\WIC.lnk
[2013.04.14 09:51:12 | 000,001,239 | ---- | M] () -- C:\Users\Atelco\Desktop\DVDVideoSoft Free Studio.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.11 17:52:23 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2013.05.11 17:38:28 | 000,190,605 | ---- | C] () -- C:\Users\Atelco\Desktop\avast.jpg
[2013.05.11 16:00:51 | 001,889,560 | ---- | C] () -- C:\Users\Atelco\Desktop\Unbenannt.png
[2013.05.11 15:20:32 | 000,000,020 | ---- | C] () -- C:\Users\Atelco\defogger_reenable
[2013.05.09 09:45:09 | 000,000,202 | ---- | C] () -- C:\Users\Atelco\Desktop\Cities XL Platinum.url
[2013.05.09 08:42:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.01 15:32:40 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.12.20 17:05:39 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012.12.20 17:05:38 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.12.20 17:05:38 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.12.20 17:05:38 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.12.20 17:05:37 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.12.20 01:17:22 | 000,280,792 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.20 01:17:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.31 11:04:32 | 000,003,491 | ---- | C] () -- C:\Users\Atelco\.recently-used.xbel
[2012.05.30 19:13:06 | 000,099,384 | ---- | C] () -- C:\Users\Atelco\AppData\Roaming\inst.exe
[2012.05.30 19:13:06 | 000,007,859 | ---- | C] () -- C:\Users\Atelco\AppData\Roaming\pcouffin.cat
[2012.05.30 19:13:06 | 000,001,167 | ---- | C] () -- C:\Users\Atelco\AppData\Roaming\pcouffin.inf
[2012.05.30 19:11:50 | 000,001,057 | ---- | C] () -- C:\Users\Atelco\AppData\Roaming\vso_ts_preview.xml
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.04.17 17:46:29 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.04.17 17:45:44 | 000,143,872 | ---- | C] () -- C:\Windows\Wiainst64.exe
[2012.03.11 16:51:07 | 001,197,521 | ---- | C] () -- C:\Windows\unins000.exe
[2012.03.11 16:51:07 | 000,015,048 | ---- | C] () -- C:\Windows\unins000.dat
[2012.03.01 00:13:03 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2011.12.30 01:25:36 | 000,007,597 | ---- | C] () -- C:\Users\Atelco\AppData\Local\Resmon.ResmonCfg
[2011.12.19 15:52:19 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.09.23 15:21:51 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2011.09.23 11:24:44 | 000,040,051 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.09.23 11:23:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.09.23 11:23:49 | 000,027,946 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.16 21:34:21 | 001,599,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.06.04 21:20:23 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\BANDISOFT
[2012.12.01 23:24:43 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.06.22 18:19:18 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\DAEMON Tools Lite
[2013.04.14 09:51:05 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\DVDVideoSoft
[2012.04.03 11:23:10 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.05 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Fatshark
[2012.03.03 16:39:10 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Firefly Studios
[2012.11.03 14:02:25 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\FreeFLVConverter
[2012.10.27 12:20:09 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\globalip
[2012.05.31 11:04:32 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\gtk-2.0
[2012.10.07 16:27:56 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Guitar Pro 6
[2012.12.09 23:36:50 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Kalypso Media
[2012.08.05 21:33:00 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Mumble
[2012.11.08 21:59:35 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Natural Selection 2
[2012.04.05 17:01:45 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Need for Speed World
[2013.03.06 15:42:31 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Omerta
[2013.03.05 14:03:43 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Omerta Demo
[2012.12.03 14:49:36 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Origin
[2013.03.24 20:11:35 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\PDAppFlex
[2012.05.30 14:11:15 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\PDF Writer
[2012.05.30 13:51:49 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\pdfforge
[2012.06.07 10:59:15 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Publish Providers
[2012.03.04 17:04:19 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\RotMG.Production
[2012.12.18 19:47:55 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\S.A.D
[2012.06.27 13:49:23 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Samsung
[2012.02.22 14:15:10 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Screaming Bee
[2012.06.07 10:59:14 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Sony
[2012.03.11 18:19:10 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Stardock
[2012.06.27 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Temp
[2011.11.06 14:24:04 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\The Creative Assembly
[2013.05.09 10:20:51 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Tropico 4
[2013.03.09 20:59:46 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\TS3Client
[2013.03.05 23:54:21 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\ts3overlay
[2013.02.09 17:05:00 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\ts3overlay_hook_win64
[2012.06.09 15:05:27 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\TuneUp Software
[2012.06.08 15:49:03 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Vso
[2012.08.28 21:02:26 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\wargaming.net
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.02.05 10:09:40 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013.05.11 15:40:52 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011.09.23 11:21:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.09.23 11:25:10 | 000,000,000 | ---D | M] -- C:\Intel
[2012.12.04 19:29:19 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.05.11 15:47:18 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.05.11 17:30:18 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.05.11 17:30:18 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.09.23 11:21:41 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.23 13:10:43 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.09.23 18:47:58 | 000,000,000 | ---D | M] -- C:\Samsung
[2013.05.11 18:27:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.09.13 22:20:57 | 000,000,000 | ---D | M] -- C:\Temp
[2013.01.03 19:30:03 | 000,000,000 | R--D | M] -- C:\Users
[2013.05.11 17:53:42 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.14 19:18:38 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.05.31 11:04:32 | 000,003,491 | ---- | M] () -- C:\Users\Atelco\.recently-used.xbel
[2013.05.11 15:20:32 | 000,000,020 | ---- | M] () -- C:\Users\Atelco\defogger_reenable
[2013.05.11 18:26:31 | 004,194,304 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat
[2013.05.11 18:26:31 | 000,262,144 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat.LOG1
[2011.09.23 11:21:45 | 000,000,000 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat.LOG2
[2011.09.23 11:30:09 | 000,065,536 | -HS- | M] () -- C:\Users\Atelco\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.09.23 11:30:09 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.09.23 11:30:09 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.06.08 13:40:26 | 000,065,536 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{365b0baf-b158-11e1-85cf-f46d04ac6819}.TM.blf
[2012.06.08 13:40:26 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{365b0baf-b158-11e1-85cf-f46d04ac6819}.TMContainer00000000000000000001.regtrans-ms
[2012.06.08 13:40:26 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{365b0baf-b158-11e1-85cf-f46d04ac6819}.TMContainer00000000000000000002.regtrans-ms
[2012.06.08 12:40:34 | 000,065,536 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{4b369f76-b156-11e1-b6b9-002683195149}.TM.blf
[2012.06.08 12:40:34 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{4b369f76-b156-11e1-b6b9-002683195149}.TMContainer00000000000000000001.regtrans-ms
[2012.06.08 12:40:34 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{4b369f76-b156-11e1-b6b9-002683195149}.TMContainer00000000000000000002.regtrans-ms
[2012.06.08 12:09:37 | 000,065,536 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{81bdeb81-b151-11e1-84e1-f46d04ac6819}.TM.blf
[2012.06.08 12:09:37 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{81bdeb81-b151-11e1-84e1-f46d04ac6819}.TMContainer00000000000000000001.regtrans-ms
[2012.06.08 12:09:37 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{81bdeb81-b151-11e1-84e1-f46d04ac6819}.TMContainer00000000000000000002.regtrans-ms
[2012.06.09 03:50:21 | 000,065,536 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{af1b90e4-b173-11e1-9a73-002683195149}.TM.blf
[2012.06.09 03:50:21 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{af1b90e4-b173-11e1-9a73-002683195149}.TMContainer00000000000000000001.regtrans-ms
[2012.06.09 03:50:21 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{af1b90e4-b173-11e1-9a73-002683195149}.TMContainer00000000000000000002.regtrans-ms
[2011.09.23 11:21:45 | 000,000,020 | -HS- | M] () -- C:\Users\Atelco\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         


Extra
Code:
ATTFilter
OTL Extras logfile created on: 11.05.2013 18:26:39 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Atelco\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 13,80 Gb Available Physical Memory | 86,36% Memory free
31,95 Gb Paging File | 29,79 Gb Available in Paging File | 93,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 618,39 Gb Total Space | 497,94 Gb Free Space | 80,52% Space Free | Partition Type: NTFS
Drive D: | 618,59 Gb Total Space | 615,04 Gb Free Space | 99,43% Space Free | Partition Type: NTFS
Drive E: | 625,94 Gb Total Space | 447,98 Gb Free Space | 71,57% Space Free | Partition Type: NTFS
 
Computer Name: AELTHRED | User Name: Atelco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-678325235-554912938-2678598872-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AC8AF6E-64AE-4A10-AAE5-671910E55AD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1DE9E5E2-7564-48CE-8CCF-0AB6DC09045B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1FDD38BD-E24C-4E70-9129-D6C4EC80F865}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2CD3CEB0-F34D-4F7B-B7F2-6E2B065C68CA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{467F4E9B-3937-4DE9-83E5-9BBCA987DC71}" = lport=49176 | protocol=6 | dir=in | name=akamai netsession interface | 
"{47745BDD-DC4E-4DAB-9FFF-C980623BDF2C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4BC16F4F-EEBA-4E36-A078-5C8BE80DFDE6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe | 
"{820B6713-C680-482F-B635-2C56AFDC2AB4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{86367BA1-50FD-4821-92C6-5461918C8281}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8DC9AB99-BA2C-4756-9BC7-E3D3E183CD24}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9D8135B6-BBDD-4C10-B68B-4E1244E8BEB4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A82CEAE9-AB0E-42DE-A5D6-CA1DFAF8332C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{AD233EC0-56BE-4C47-B783-3FC66F090B66}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B9C3A85B-3AEB-4F32-9268-9BBBBEBC99EB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BE37CD09-60BC-4F00-8868-DE1B5779F5A2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D7D97E6A-E606-49B5-AAD7-72AE6812AFD6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EDF2A350-EBAA-4178-B87E-4182981AB570}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032457CF-B903-487A-831F-3D3BA49A0DF6}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{0921E332-DB65-4F39-AF82-D34468D7F9D9}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{0B5E1CDB-875A-4072-BBAC-2730C1E22ED8}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\sins of a solar empire rebellion\sins of a solar empire rebellion.exe | 
"{107EB519-A2BE-4AA0-A0A2-4D8F8C54F3B3}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{10C15F06-1D89-45EB-AD6A-2B7E0F81FDF2}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\sins of a solar empire rebellion\sins of a solar empire rebellion.exe | 
"{13F89833-682B-4AA6-A9B0-1863AC4DBFD1}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{18940C7F-8581-4E54-A332-87E508772109}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{19EAA435-9B25-4C65-B13F-AB5BBD6E1E1D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1D58FF58-B553-443F-8A13-C1E35EA9BCE4}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{229F5078-44E6-4C39-9256-76DDE81A6B3F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\f1 2012\f1_2012.exe | 
"{23AF46E0-AB1D-4AFF-9DD2-857161FF429E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{24985B4C-9605-47BB-BEE1-EBBE7181742D}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{2BECB248-025C-4987-9BD5-47C293670488}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3200\sscan2io.exe | 
"{318C9D19-4455-4BF4-B70F-68D51242C26A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\war of the roses\run_game.exe | 
"{3601523E-DF68-4EA0-8A75-ACA9472CB406}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{3C014410-6B5D-4CC8-9628-929384A7CB5E}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{3DEEF178-4716-42D1-8AF3-6CDBA53CB7A5}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{4A61D5CC-6D28-412F-AD10-54B2ACC7754A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{4FD1204E-A7AD-49BE-8709-25A40FC4A3FC}" = protocol=6 | dir=in | app=c:\program files (x86)\scan assistant\usdagent.exe | 
"{501878BB-763A-4085-AB86-37AEE8D31E35}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{50689C6F-45AE-4B5C-A47A-32CE5793560A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{526A98C2-92E5-47BD-9301-760FF926CBA7}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\metro 2033\metro2033.exe | 
"{534A7F9E-CD11-4AE4-8AD0-CBD4AF96669A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\cities xl platinum\citiesxl_platinum.exe | 
"{55D0BA0A-C861-47EE-9B31-40BDCFD553B0}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\tropico 4\tropico4.exe | 
"{5F7D77D7-E5B7-4DF3-B712-818F535DC369}" = protocol=17 | dir=in | app=c:\program files (x86)\scan assistant\usdagent.exe | 
"{6517DB9F-977D-4770-AB0E-34D2C77BCB37}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\omerta\omertasteam.exe | 
"{6642F46D-E677-4F14-999B-AF0E1CB7D6C0}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{69C95620-D326-4410-A376-24A7725A6023}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3200\scan2pc.exe | 
"{6ADC5D7A-DA94-46E7-9FCE-F2C77632C2D6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6DBE46A7-FD46-4074-BCAB-02981DAA7E1A}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{6EDD837E-0E61-4F9F-97B8-EABEB8330398}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\stronghold crusader extreme\stronghold crusader.exe | 
"{70162EB9-1227-4C2A-BEE4-35DAF3E6A877}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe | 
"{733FC8E2-51D8-4F00-B48A-E4217609E0E5}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{73CAB0B8-D7D2-4D31-BBCC-06B5973A7D65}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\wormsrevolution\wormsrevolution.exe | 
"{745A2D0E-A5E3-42CF-85C1-241DDA31FB9B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\metro 2033\metro2033.exe | 
"{748CFFDC-7E6A-4DAF-A236-D026882A4D61}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\patrician iii\patrician3.exe | 
"{74E6FB70-C67A-4C90-8D72-5CBE35FAF159}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\empire total war\empire.exe | 
"{79376592-40D5-4586-8618-F3DFAD4B2248}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\medieval ii total war\launcher.exe | 
"{7A7A7BA9-E032-47C8-8868-31847A4AAC90}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{7DEE995E-EEDA-4489-A18F-B13D8BA5815D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\wormsrevolution\wormsrevolution.exe | 
"{80AACDCC-1ADF-41CE-A5A4-C306C6E43973}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\empire total war\empire.exe | 
"{8222092C-B49C-4990-A792-450963612B83}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\medieval ii total war\launcher.exe | 
"{8C39A5CF-9734-4408-96BE-18B2C2EEF40F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\omerta\omertasteam.exe | 
"{8CDA743D-ADB7-4372-BCA7-58DD1CB127D6}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe | 
"{93B6BCA6-04A1-4085-B038-4CEEF4B29A51}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{982EE07C-5FAC-4325-983F-687F543D5342}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | 
"{9BD325A7-BDE7-4AB7-B767-CB4919DC2AFF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9D8D6581-830F-45D0-ACC3-AEF4ADAA4B36}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\stronghold crusader extreme\stronghold_crusader_extreme.exe | 
"{9E984995-8BF2-471D-82C9-B3EC8E1E879A}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\eve online\eve.exe | 
"{A0B1E28F-47C1-43A6-9EAC-9C2D32C3CDC4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{ACD19568-C955-4F62-AA35-28FD8244ACED}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B027CCD1-7801-4C69-A8AD-75B5E5275379}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{BE10FE25-B322-4358-A54C-7F6C159C4283}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{C0D22683-DF78-41BB-95EF-DB9B1AA615A2}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\f1 2012\f1_2012.exe | 
"{C4D4031A-78A2-43E0-A056-0C534B9A90CF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C65270EE-8FC1-4466-A8FC-D707A0F003F2}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\tropico 4\tropico4.exe | 
"{D06D83CA-CAA9-45DC-8647-32F37A0E632C}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | 
"{D0CFF205-0C68-4BAB-BD4C-E179BF8BE6CB}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\patrician iii\patrician3.exe | 
"{D13A4604-A54E-4F17-81F5-3BC84487E230}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3200\sscan2io.exe | 
"{D1C5A27A-B0FC-4CE6-8F05-E5E3FE36CFC2}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\stronghold crusader extreme\stronghold_crusader_extreme.exe | 
"{D39B7666-E5A3-403C-B028-DAECEFF2EC1D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{D5A5DA80-70C4-4AFF-B8C5-23739EE8078C}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{D74A105C-3C7B-4BED-99DF-584612B88F1E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\stronghold crusader extreme\stronghold crusader.exe | 
"{DA8C0E62-2360-4224-89BF-69378AEF7D3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DE083255-8551-4283-BDCD-9785A6AB5290}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\war of the roses\run_game.exe | 
"{E2BDE047-215C-4091-8E53-46B3594EFDB0}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{E4573C02-7938-4590-B691-EDFA4D397736}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E81D858A-E2A0-4478-BFDE-14B73AE9450A}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{F5C33F14-715F-43B4-87DF-A3622618BBCC}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3200\scan2pc.exe | 
"{FA3435B9-1DBD-4352-8E7C-18039669F2FE}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\cities xl platinum\citiesxl_platinum.exe | 
"{FA599893-5865-4518-89CE-53BE2A5B5BE5}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{FC0DB3B8-CE31-435E-B8D8-2CFC9A623ADA}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\eve online\eve.exe | 
"{FCE421D8-FA50-48EC-919B-FBEEB215BCDB}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"TCP Query User{1A04429E-EC48-40C2-A50D-6491303F7C32}C:\users\atelco\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\atelco\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{4AC72E85-7314-4A58-9EAB-83387765D1A7}E:\steam\steam.exe" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"TCP Query User{966D1FAF-6842-4FB0-83D7-07ED63687C96}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{A8C59981-EE4B-4413-9E31-5918376DD754}C:\users\atelco\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\atelco\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{DA71D2AD-8530-44A9-A09A-0F6FC3FB5FDC}E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{DC31A2DB-53AB-46AC-AE24-A2BA9987D828}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{275BD99D-7083-4655-A80F-0EE93DB3C34F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{3ED80836-1163-45AA-B47D-602FE70619B8}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{9B07A835-69A3-4277-A5DB-345B5148712B}E:\steam\steam.exe" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"UDP Query User{A1743AB8-B998-42B8-8C8D-7A05B42C8D33}E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{B8D26B00-035B-48D8-A4DB-6A17BA090E08}C:\users\atelco\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\atelco\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{F411A0B5-1172-4E51-8158-678136669B9D}C:\users\atelco\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\atelco\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1406
"Canon LBP5050" = Canon LBP5050
"CyberGhost VPN_is1" = CyberGhost VPN
"Logitech Unifying" = Logitech Unifying-Software 2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java(TM) 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}" = OLYMPUS Digital Camera Updater
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AA9D712-182E-409C-ABBE-8E47CF05D926}_is1" = Trust Gaming Mouse Driver V1.1
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{797808CA-1563-4EA0-A280-1371AC2F2310}" = OLYMPUS Viewer 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = REALTEK Wireless LAN Driver and Utility
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D8A751-F5E6-11E0-9DE8-005056C00008}" = MSVCRT Redists
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE806AF0-F384-11E0-9EE7-F04DA23A5C58}" = Vegas Movie Studio HD Platinum 11.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E163BB62-2840-4C55-9A8E-5C5B9E9FF86C}" = Armageddon
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT: SOVIET ASSAULT
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Pro Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"DokanLibrary" = Dokan Library 0.6.0
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.6.0
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Postal 2 Apocalypse Weekend Expansion Pack" = Postal 2 Apocalypse Weekend Expansion Pack
"Postal 2 Share The Pain" = Postal 2 Share The Pain
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung SCX-3200 Series" = Samsung SCX-3200 Series
"Steam App 104310" = Red Orchestra 2 SDK
"Steam App 104320" = Red Orchestra 2: Heroes of Stalingrad Beta
"Steam App 10500" = Empire: Total War
"Steam App 200170" = Worms Revolution
"Steam App 204880" = Sins of a Solar Empire: Rebellion
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 208500" = F1 2012
"Steam App 208520" = Omerta - City of Gangsters
"Steam App 231140" = Cities XL Platinum
"Steam App 33570" = Patrician III
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 40970" = Stronghold Crusader + Extreme
"Steam App 43110" = Metro 2033
"Steam App 4560" = Company of Heroes
"Steam App 4700" = Medieval II: Total War
"Steam App 4780" = Medieval II: Total War Kingdoms
"Steam App 49520" = Borderlands 2
"Steam App 57690" = Tropico 4
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 91600" = Sanctum
"Steam App 9340" = Company of Heroes: Opposing Fronts
"TripleAVersion1_3_2_2" = TripleA Version 1_3_2_2
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Video Thumbnails Maker" = Video Thumbnails Maker by Scorp (remove only)
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-678325235-554912938-2678598872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.11.2012 08:06:15 | Computer Name = Aelthred | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 5.10.0.116 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 17cc    Startzeit:
 01cdcc973e49e855    Endzeit: 43    Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe

Berichts-ID:
 c590bb70-388a-11e2-84ac-002683195149  
 
Error - 27.11.2012 09:22:21 | Computer Name = Aelthred | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.4.0, Zeitstempel:
 0x507c71cd  Name des fehlerhaften Moduls: vlc.exe, Version: 2.0.4.0, Zeitstempel:
 0x507c71cd  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001665  ID des fehlerhaften Prozesses:
 0x14b8  Startzeit der fehlerhaften Anwendung: 0x01cdcca23a3173e2  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Berichtskennung: 78e2ad3b-3895-11e2-84ac-002683195149
 
Error - 28.11.2012 05:01:12 | Computer Name = Aelthred | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.11.2012 05:05:49 | Computer Name = Aelthred | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddCoreCsiFiles : GetNextFileMapContent() failed.  System
 Error: Falscher Parameter.  .
 
Error - 28.11.2012 05:05:50 | Computer Name = Aelthred | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddCoreCsiFiles : GetNextFileMapContent() failed.  System
 Error: Falscher Parameter.  .
 
Error - 28.11.2012 07:33:48 | Computer Name = Aelthred | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.11.2012 02:43:32 | Computer Name = Aelthred | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.11.2012 05:51:31 | Computer Name = Aelthred | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.11.2012 06:28:07 | Computer Name = Aelthred | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.4.0, Zeitstempel:
 0x507c71cd  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften Prozesses:
 0x1630  Startzeit der fehlerhaften Anwendung: 0x01cdce1c23305263  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 7690c7cc-3a0f-11e2-95ba-f46d04ac6819
 
Error - 29.11.2012 11:49:38 | Computer Name = Aelthred | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 11.05.2013 11:30:29 | Computer Name = Aelthred | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 11.05.2013 11:31:13 | Computer Name = Aelthred | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 11.05.2013 11:33:00 | Computer Name = Aelthred | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 11.05.2013 11:33:00 | Computer Name = Aelthred | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 11.05.2013 11:33:06 | Computer Name = Aelthred | Source = WMPNetworkSvc | ID = 866287
Description = 
 
Error - 11.05.2013 11:54:54 | Computer Name = Aelthred | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 11.05.2013 11:55:35 | Computer Name = Aelthred | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 11.05.2013 11:57:18 | Computer Name = Aelthred | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 11.05.2013 11:57:18 | Computer Name = Aelthred | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 11.05.2013 11:57:20 | Computer Name = Aelthred | Source = WMPNetworkSvc | ID = 866287
Description = 
 
 
< End of report >
         


Alt 11.05.2013, 18:05   #6
markusg
/// Malware-holic
 
Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - Standard

Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe



danke und sorry für die extra Arbeit.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Alt 11.05.2013, 18:12   #7
Mischer
 
Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - Standard

Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe



Hallo, habe ich wie gewünscht erledigt. Hier ist der dazugehörige Log.
Und - das muss mal gesagt werden - vielen, vielen Dank, dass Du dir soviel Zeit nimmst!

Code:
ATTFilter
19:07:24.0824 2400  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:07:25.0058 2400  ============================================================
19:07:25.0058 2400  Current date / time: 2013/05/11 19:07:25.0058
19:07:25.0058 2400  SystemInfo:
19:07:25.0058 2400  
19:07:25.0058 2400  OS Version: 6.1.7601 ServicePack: 1.0
19:07:25.0058 2400  Product type: Workstation
19:07:25.0058 2400  ComputerName: AELTHRED
19:07:25.0058 2400  UserName: Atelco
19:07:25.0058 2400  Windows directory: C:\Windows
19:07:25.0058 2400  System windows directory: C:\Windows
19:07:25.0058 2400  Running under WOW64
19:07:25.0058 2400  Processor architecture: Intel x64
19:07:25.0058 2400  Number of processors: 8
19:07:25.0058 2400  Page size: 0x1000
19:07:25.0058 2400  Boot type: Normal boot
19:07:25.0058 2400  ============================================================
19:07:25.0869 2400  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:07:25.0901 2400  ============================================================
19:07:25.0901 2400  \Device\Harddisk0\DR0:
19:07:25.0901 2400  MBR partitions:
19:07:25.0901 2400  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:07:25.0901 2400  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4D4C8000
19:07:25.0901 2400  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4D4FA800, BlocksNum 0x4D52C800
19:07:25.0901 2400  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x9AA27000, BlocksNum 0x4E3E1000
19:07:25.0901 2400  ============================================================
19:07:25.0979 2400  C: <-> \Device\Harddisk0\DR0\Partition2
19:07:26.0041 2400  D: <-> \Device\Harddisk0\DR0\Partition3
19:07:26.0072 2400  E: <-> \Device\Harddisk0\DR0\Partition4
19:07:26.0072 2400  ============================================================
19:07:26.0072 2400  Initialize success
19:07:26.0072 2400  ============================================================
19:08:08.0286 3284  ============================================================
19:08:08.0286 3284  Scan started
19:08:08.0286 3284  Mode: Manual; SigCheck; TDLFS; 
19:08:08.0286 3284  ============================================================
19:08:08.0551 3284  ================ Scan system memory ========================
19:08:08.0551 3284  System memory - ok
19:08:08.0551 3284  ================ Scan services =============================
19:08:08.0629 3284  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:08:08.0723 3284  1394ohci - ok
19:08:08.0738 3284  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:08:08.0754 3284  ACPI - ok
19:08:08.0769 3284  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:08:08.0801 3284  AcpiPmi - ok
19:08:08.0894 3284  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:08:08.0910 3284  AdobeARMservice - ok
19:08:09.0019 3284  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:08:09.0035 3284  AdobeFlashPlayerUpdateSvc - ok
19:08:09.0050 3284  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:08:09.0081 3284  adp94xx - ok
19:08:09.0097 3284  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:08:09.0097 3284  adpahci - ok
19:08:09.0113 3284  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:08:09.0128 3284  adpu320 - ok
19:08:09.0144 3284  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:08:09.0175 3284  AeLookupSvc - ok
19:08:09.0206 3284  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:08:09.0237 3284  AFD - ok
19:08:09.0269 3284  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:08:09.0269 3284  agp440 - ok
19:08:09.0393 3284  [ C7074BD8D4B8F564859ED373433030AE ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
19:08:09.0393 3284  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
19:08:09.0409 3284  Akamai ( HiddenFile.Multi.Generic ) - warning
19:08:09.0409 3284  Akamai - detected HiddenFile.Multi.Generic (1)
19:08:09.0409 3284  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:08:09.0456 3284  ALG - ok
19:08:09.0471 3284  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:08:09.0471 3284  aliide - ok
19:08:09.0487 3284  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:08:09.0487 3284  amdide - ok
19:08:09.0503 3284  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:08:09.0518 3284  AmdK8 - ok
19:08:09.0534 3284  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:08:09.0549 3284  AmdPPM - ok
19:08:09.0581 3284  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:08:09.0596 3284  amdsata - ok
19:08:09.0627 3284  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:08:09.0643 3284  amdsbs - ok
19:08:09.0659 3284  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:08:09.0659 3284  amdxata - ok
19:08:09.0674 3284  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:08:09.0737 3284  AppID - ok
19:08:09.0752 3284  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:08:09.0783 3284  AppIDSvc - ok
19:08:09.0799 3284  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:08:09.0846 3284  Appinfo - ok
19:08:09.0877 3284  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:08:09.0877 3284  arc - ok
19:08:09.0893 3284  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:08:09.0908 3284  arcsas - ok
19:08:09.0955 3284  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
19:08:09.0971 3284  aswFsBlk - ok
19:08:10.0033 3284  [ 890918D53B80B474CFAFB48995B85AF3 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
19:08:10.0049 3284  aswKbd - ok
19:08:10.0095 3284  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
19:08:10.0111 3284  aswMonFlt - ok
19:08:10.0127 3284  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
19:08:10.0142 3284  aswRdr - ok
19:08:10.0173 3284  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
19:08:10.0189 3284  aswRvrt - ok
19:08:10.0236 3284  [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
19:08:10.0251 3284  aswSnx - ok
19:08:10.0298 3284  [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP           C:\Windows\system32\drivers\aswSP.sys
19:08:10.0314 3284  aswSP - ok
19:08:10.0314 3284  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
19:08:10.0329 3284  aswTdi - ok
19:08:10.0361 3284  [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
19:08:10.0376 3284  aswVmm - ok
19:08:10.0407 3284  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:08:10.0439 3284  AsyncMac - ok
19:08:10.0454 3284  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:08:10.0454 3284  atapi - ok
19:08:10.0485 3284  [ AAAE03F8EDA817EC28C5445193EA8BF3 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
19:08:10.0501 3284  AthBTPort - ok
19:08:10.0517 3284  [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU          C:\Windows\system32\Drivers\AthDfu.sys
19:08:10.0517 3284  ATHDFU - ok
19:08:10.0563 3284  [ C34B28D6285EAD94B3A2FABA84E90DA5 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
19:08:10.0595 3284  AtherosSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0595 3284  AtherosSvc - detected UnsignedFile.Multi.Generic (1)
19:08:10.0626 3284  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
19:08:10.0641 3284  atksgt - ok
19:08:10.0673 3284  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:08:10.0704 3284  AudioEndpointBuilder - ok
19:08:10.0719 3284  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:08:10.0735 3284  AudioSrv - ok
19:08:10.0829 3284  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:08:10.0844 3284  avast! Antivirus - ok
19:08:10.0875 3284  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:08:10.0922 3284  AxInstSV - ok
19:08:10.0953 3284  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:08:10.0985 3284  b06bdrv - ok
19:08:10.0985 3284  Scan interrupted by user!
19:08:10.0985 3284  ================ Scan global ===============================
19:08:10.0985 3284  Scan interrupted by user!
19:08:10.0985 3284  ================ Scan MBR ==================================
19:08:10.0985 3284  Scan interrupted by user!
19:08:10.0985 3284  ================ Scan VBR ==================================
19:08:10.0985 3284  Scan interrupted by user!
19:08:10.0985 3284  ============================================================
19:08:10.0985 3284  Scan finished
19:08:10.0985 3284  ============================================================
19:08:11.0000 2452  Detected object count: 2
19:08:11.0000 2452  Actual detected object count: 2
19:08:15.0462 2452  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:08:15.0462 2452  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
19:08:15.0462 2452  AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:15.0462 2452  AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:08:25.0867 3672  ============================================================
19:08:25.0867 3672  Scan started
19:08:25.0867 3672  Mode: Manual; SigCheck; TDLFS; 
19:08:25.0867 3672  ============================================================
19:08:26.0304 3672  ================ Scan system memory ========================
19:08:26.0304 3672  System memory - ok
19:08:26.0304 3672  ================ Scan services =============================
19:08:26.0460 3672  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:08:26.0491 3672  1394ohci - ok
19:08:26.0507 3672  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:08:26.0522 3672  ACPI - ok
19:08:26.0522 3672  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:08:26.0538 3672  AcpiPmi - ok
19:08:26.0600 3672  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:08:26.0616 3672  AdobeARMservice - ok
19:08:26.0694 3672  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:08:26.0709 3672  AdobeFlashPlayerUpdateSvc - ok
19:08:26.0741 3672  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:08:26.0756 3672  adp94xx - ok
19:08:26.0772 3672  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:08:26.0787 3672  adpahci - ok
19:08:26.0803 3672  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:08:26.0803 3672  adpu320 - ok
19:08:26.0819 3672  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:08:26.0850 3672  AeLookupSvc - ok
19:08:26.0865 3672  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:08:26.0881 3672  AFD - ok
19:08:26.0881 3672  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:08:26.0897 3672  agp440 - ok
19:08:26.0975 3672  [ C7074BD8D4B8F564859ED373433030AE ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
19:08:26.0975 3672  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
19:08:26.0990 3672  Akamai ( HiddenFile.Multi.Generic ) - warning
19:08:26.0990 3672  Akamai - detected HiddenFile.Multi.Generic (1)
19:08:26.0990 3672  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:08:27.0021 3672  ALG - ok
19:08:27.0021 3672  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:08:27.0037 3672  aliide - ok
19:08:27.0053 3672  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:08:27.0068 3672  amdide - ok
19:08:27.0084 3672  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:08:27.0099 3672  AmdK8 - ok
19:08:27.0115 3672  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:08:27.0115 3672  AmdPPM - ok
19:08:27.0131 3672  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:08:27.0146 3672  amdsata - ok
19:08:27.0177 3672  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:08:27.0177 3672  amdsbs - ok
19:08:27.0193 3672  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:08:27.0193 3672  amdxata - ok
19:08:27.0209 3672  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:08:27.0240 3672  AppID - ok
19:08:27.0240 3672  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:08:27.0271 3672  AppIDSvc - ok
19:08:27.0287 3672  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:08:27.0302 3672  Appinfo - ok
19:08:27.0318 3672  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:08:27.0318 3672  arc - ok
19:08:27.0333 3672  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:08:27.0333 3672  arcsas - ok
19:08:27.0365 3672  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
19:08:27.0365 3672  aswFsBlk - ok
19:08:27.0396 3672  [ 890918D53B80B474CFAFB48995B85AF3 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
19:08:27.0411 3672  aswKbd - ok
19:08:27.0443 3672  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
19:08:27.0458 3672  aswMonFlt - ok
19:08:27.0458 3672  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
19:08:27.0474 3672  aswRdr - ok
19:08:27.0489 3672  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
19:08:27.0505 3672  aswRvrt - ok
19:08:27.0521 3672  [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
19:08:27.0552 3672  aswSnx - ok
19:08:27.0567 3672  [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP           C:\Windows\system32\drivers\aswSP.sys
19:08:27.0583 3672  aswSP - ok
19:08:27.0599 3672  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
19:08:27.0599 3672  aswTdi - ok
19:08:27.0614 3672  [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
19:08:27.0614 3672  aswVmm - ok
19:08:27.0630 3672  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:08:27.0645 3672  AsyncMac - ok
19:08:27.0661 3672  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:08:27.0661 3672  atapi - ok
19:08:27.0692 3672  [ AAAE03F8EDA817EC28C5445193EA8BF3 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
19:08:27.0692 3672  AthBTPort - ok
19:08:27.0708 3672  [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU          C:\Windows\system32\Drivers\AthDfu.sys
19:08:27.0708 3672  ATHDFU - ok
19:08:27.0739 3672  [ C34B28D6285EAD94B3A2FABA84E90DA5 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
19:08:27.0739 3672  AtherosSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:27.0739 3672  AtherosSvc - detected UnsignedFile.Multi.Generic (1)
19:08:27.0755 3672  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
19:08:27.0755 3672  atksgt - ok
19:08:27.0770 3672  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:08:27.0801 3672  AudioEndpointBuilder - ok
19:08:27.0801 3672  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:08:27.0833 3672  AudioSrv - ok
19:08:27.0989 3672  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:08:28.0004 3672  avast! Antivirus - ok
19:08:28.0004 3672  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:08:28.0020 3672  AxInstSV - ok
19:08:28.0035 3672  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:08:28.0051 3672  b06bdrv - ok
19:08:28.0082 3672  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:08:28.0113 3672  b57nd60a - ok
19:08:28.0145 3672  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:08:28.0176 3672  BDESVC - ok
19:08:28.0191 3672  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:08:28.0223 3672  Beep - ok
19:08:28.0269 3672  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:08:28.0332 3672  BFE - ok
19:08:28.0347 3672  bhuybimy - ok
19:08:28.0363 3672  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:08:28.0410 3672  BITS - ok
19:08:28.0472 3672  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:08:28.0535 3672  blbdrive - ok
19:08:28.0566 3672  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:08:28.0597 3672  bowser - ok
19:08:28.0628 3672  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:08:28.0644 3672  BrFiltLo - ok
19:08:28.0659 3672  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:08:28.0675 3672  BrFiltUp - ok
19:08:28.0706 3672  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:08:28.0722 3672  Browser - ok
19:08:28.0722 3672  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:08:28.0769 3672  Brserid - ok
19:08:28.0784 3672  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:08:28.0815 3672  BrSerWdm - ok
19:08:28.0815 3672  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:08:28.0831 3672  BrUsbMdm - ok
19:08:28.0847 3672  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:08:28.0862 3672  BrUsbSer - ok
19:08:28.0878 3672  [ 3B1B573371B206D1D5F25E0EF5FCD6D6 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
19:08:28.0893 3672  BTATH_A2DP - ok
19:08:28.0925 3672  [ 2D0446336D9DB55A742B999EC16ADF15 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
19:08:28.0940 3672  BTATH_BUS - ok
19:08:28.0956 3672  [ 9A9694BBEB2849EAF95DFFCAE5DF02AD ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
19:08:28.0956 3672  BTATH_HCRP - ok
19:08:28.0971 3672  [ FC0A8075DDF2E9C66267AEC91E0676F9 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
19:08:28.0971 3672  BTATH_LWFLT - ok
19:08:28.0987 3672  [ 5EB4815CBDDBA4541F2380DAE6E269AB ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
19:08:28.0987 3672  BTATH_RCP - ok
19:08:29.0003 3672  [ 0ECEDE7B33CFD9A52A61220ABBD09A50 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
19:08:29.0018 3672  BtFilter - ok
19:08:29.0065 3672  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
19:08:29.0096 3672  BthEnum - ok
19:08:29.0112 3672  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:08:29.0159 3672  BTHMODEM - ok
19:08:29.0174 3672  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:08:29.0190 3672  BthPan - ok
19:08:29.0221 3672  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
19:08:29.0252 3672  BTHPORT - ok
19:08:29.0283 3672  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:08:29.0330 3672  bthserv - ok
19:08:29.0346 3672  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
19:08:29.0361 3672  BTHUSB - ok
19:08:29.0393 3672  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:08:29.0439 3672  cdfs - ok
19:08:29.0455 3672  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:08:29.0471 3672  cdrom - ok
19:08:29.0486 3672  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:08:29.0533 3672  CertPropSvc - ok
19:08:29.0627 3672  [ 213B6EC3DE19E35373A1906397588429 ] CGVPNCliSrvc    C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
19:08:29.0689 3672  CGVPNCliSrvc - ok
19:08:29.0705 3672  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:08:29.0751 3672  circlass - ok
19:08:29.0767 3672  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:08:29.0783 3672  CLFS - ok
19:08:29.0861 3672  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:08:29.0892 3672  clr_optimization_v2.0.50727_32 - ok
19:08:30.0017 3672  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:08:30.0032 3672  clr_optimization_v2.0.50727_64 - ok
19:08:30.0110 3672  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:08:30.0126 3672  clr_optimization_v4.0.30319_32 - ok
19:08:30.0141 3672  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:08:30.0157 3672  clr_optimization_v4.0.30319_64 - ok
19:08:30.0173 3672  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:08:30.0204 3672  CmBatt - ok
19:08:30.0219 3672  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:08:30.0235 3672  cmdide - ok
19:08:30.0282 3672  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:08:30.0313 3672  CNG - ok
19:08:30.0313 3672  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:08:30.0313 3672  Compbatt - ok
19:08:30.0344 3672  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:08:30.0360 3672  CompositeBus - ok
19:08:30.0360 3672  COMSysApp - ok
19:08:30.0375 3672  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:08:30.0375 3672  crcdisk - ok
19:08:30.0407 3672  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:08:30.0438 3672  CryptSvc - ok
19:08:30.0469 3672  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:08:30.0531 3672  DcomLaunch - ok
19:08:30.0563 3672  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:08:30.0578 3672  defragsvc - ok
19:08:30.0594 3672  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:08:30.0625 3672  DfsC - ok
19:08:30.0656 3672  dgderdrv - ok
19:08:30.0687 3672  DgiVecp - ok
19:08:30.0703 3672  [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
19:08:30.0719 3672  dg_ssudbus - ok
19:08:30.0734 3672  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:08:30.0781 3672  Dhcp - ok
19:08:30.0797 3672  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:08:30.0828 3672  discache - ok
19:08:30.0843 3672  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:08:30.0859 3672  Disk - ok
19:08:30.0875 3672  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:08:30.0890 3672  Dnscache - ok
19:08:30.0937 3672  [ FA122BC1451B1B35B7814FBE1ACF1924 ] Dokan           C:\Windows\system32\drivers\dokan.sys
19:08:30.0953 3672  Dokan - ok
19:08:30.0984 3672  [ 8C856E531A1170F53AC6844E89CD0B5F ] DokanMounter    C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
19:08:31.0015 3672  DokanMounter ( UnsignedFile.Multi.Generic ) - warning
19:08:31.0015 3672  DokanMounter - detected UnsignedFile.Multi.Generic (1)
19:08:31.0031 3672  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:08:31.0062 3672  dot3svc - ok
19:08:31.0078 3672  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:08:31.0124 3672  DPS - ok
19:08:31.0156 3672  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:08:31.0171 3672  drmkaud - ok
19:08:31.0187 3672  [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:08:31.0187 3672  dtsoftbus01 - ok
19:08:31.0202 3672  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:08:31.0218 3672  DXGKrnl - ok
19:08:31.0234 3672  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:08:31.0280 3672  EapHost - ok
19:08:31.0327 3672  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:08:31.0405 3672  ebdrv - ok
19:08:31.0436 3672  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:08:31.0436 3672  EFS - ok
19:08:31.0546 3672  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:08:31.0561 3672  ehRecvr - ok
19:08:31.0577 3672  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:08:31.0608 3672  ehSched - ok
19:08:31.0639 3672  ekbmcvpa - ok
19:08:31.0670 3672  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:08:31.0686 3672  elxstor - ok
19:08:31.0702 3672  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:08:31.0717 3672  ErrDev - ok
19:08:31.0733 3672  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:08:31.0780 3672  EventSystem - ok
19:08:31.0811 3672  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:08:31.0842 3672  exfat - ok
19:08:31.0858 3672  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:08:31.0904 3672  fastfat - ok
19:08:31.0920 3672  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:08:31.0951 3672  Fax - ok
19:08:31.0967 3672  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:08:31.0998 3672  fdc - ok
19:08:32.0014 3672  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:08:32.0045 3672  fdPHost - ok
19:08:32.0045 3672  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:08:32.0107 3672  FDResPub - ok
19:08:32.0107 3672  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:08:32.0123 3672  FileInfo - ok
19:08:32.0138 3672  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:08:32.0170 3672  Filetrace - ok
19:08:32.0185 3672  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:08:32.0185 3672  flpydisk - ok
19:08:32.0201 3672  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:08:32.0216 3672  FltMgr - ok
19:08:32.0248 3672  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
19:08:32.0294 3672  FontCache - ok
19:08:32.0326 3672  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:08:32.0341 3672  FontCache3.0.0.0 - ok
19:08:32.0341 3672  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:08:32.0357 3672  FsDepends - ok
19:08:32.0372 3672  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
19:08:32.0372 3672  fssfltr - ok
19:08:32.0466 3672  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:08:32.0513 3672  fsssvc - ok
19:08:32.0528 3672  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:08:32.0544 3672  Fs_Rec - ok
19:08:32.0560 3672  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:08:32.0575 3672  fvevol - ok
19:08:32.0575 3672  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:08:32.0591 3672  gagp30kx - ok
19:08:32.0606 3672  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:08:32.0638 3672  gpsvc - ok
19:08:32.0669 3672  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
19:08:32.0669 3672  hamachi - ok
19:08:32.0684 3672  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:08:32.0700 3672  hcw85cir - ok
19:08:32.0716 3672  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:08:32.0747 3672  HdAudAddService - ok
19:08:32.0778 3672  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:08:32.0809 3672  HDAudBus - ok
19:08:32.0809 3672  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:08:32.0825 3672  HidBatt - ok
19:08:32.0840 3672  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:08:32.0856 3672  HidBth - ok
19:08:32.0872 3672  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:08:32.0887 3672  HidIr - ok
19:08:32.0903 3672  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:08:32.0918 3672  hidserv - ok
19:08:32.0950 3672  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:08:32.0950 3672  HidUsb - ok
19:08:32.0981 3672  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:08:33.0012 3672  hkmsvc - ok
19:08:33.0028 3672  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:08:33.0043 3672  HomeGroupListener - ok
19:08:33.0074 3672  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:08:33.0090 3672  HomeGroupProvider - ok
19:08:33.0106 3672  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:08:33.0121 3672  HpSAMD - ok
19:08:33.0137 3672  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:08:33.0168 3672  HTTP - ok
19:08:33.0184 3672  hwdatacard - ok
19:08:33.0199 3672  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:08:33.0199 3672  hwpolicy - ok
19:08:33.0215 3672  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:08:33.0230 3672  i8042prt - ok
19:08:33.0246 3672  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:08:33.0262 3672  iaStorV - ok
19:08:33.0293 3672  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:08:33.0324 3672  idsvc - ok
19:08:33.0340 3672  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:08:33.0355 3672  iirsp - ok
19:08:33.0371 3672  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:08:33.0402 3672  IKEEXT - ok
19:08:33.0480 3672  [ DAB7318CCFA8081200D5B7B486793F74 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:08:33.0511 3672  IntcAzAudAddService - ok
19:08:33.0527 3672  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:08:33.0527 3672  intelide - ok
19:08:33.0542 3672  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:08:33.0558 3672  intelppm - ok
19:08:33.0589 3672  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:08:33.0620 3672  IPBusEnum - ok
19:08:33.0636 3672  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:08:33.0667 3672  IpFilterDriver - ok
19:08:33.0683 3672  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:08:33.0714 3672  iphlpsvc - ok
19:08:33.0745 3672  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:08:33.0776 3672  IPMIDRV - ok
19:08:33.0792 3672  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:08:33.0839 3672  IPNAT - ok
19:08:33.0870 3672  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:08:33.0886 3672  IRENUM - ok
19:08:33.0917 3672  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:08:33.0917 3672  isapnp - ok
19:08:33.0932 3672  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:08:33.0948 3672  iScsiPrt - ok
19:08:33.0948 3672  jdshbygw - ok
19:08:33.0964 3672  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:08:33.0964 3672  kbdclass - ok
19:08:33.0979 3672  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:08:33.0995 3672  kbdhid - ok
19:08:33.0995 3672  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:08:34.0010 3672  KeyIso - ok
19:08:34.0010 3672  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:08:34.0026 3672  KSecDD - ok
19:08:34.0042 3672  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:08:34.0057 3672  KSecPkg - ok
19:08:34.0057 3672  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:08:34.0088 3672  ksthunk - ok
19:08:34.0120 3672  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:08:34.0151 3672  KtmRm - ok
19:08:34.0182 3672  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:08:34.0213 3672  LanmanServer - ok
19:08:34.0244 3672  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:08:34.0307 3672  LanmanWorkstation - ok
19:08:34.0354 3672  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
19:08:34.0369 3672  lirsgt - ok
19:08:34.0385 3672  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:08:34.0432 3672  lltdio - ok
19:08:34.0447 3672  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:08:34.0494 3672  lltdsvc - ok
19:08:34.0510 3672  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:08:34.0572 3672  lmhosts - ok
19:08:34.0588 3672  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:08:34.0588 3672  LSI_FC - ok
19:08:34.0619 3672  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:08:34.0634 3672  LSI_SAS - ok
19:08:34.0650 3672  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:08:34.0650 3672  LSI_SAS2 - ok
19:08:34.0666 3672  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:08:34.0666 3672  LSI_SCSI - ok
19:08:34.0681 3672  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:08:34.0712 3672  luafv - ok
19:08:34.0744 3672  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:08:34.0744 3672  MBAMProtector - ok
19:08:34.0806 3672  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:08:34.0837 3672  MBAMScheduler - ok
19:08:34.0868 3672  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:08:34.0900 3672  MBAMService - ok
19:08:34.0931 3672  McComponentHostService - ok
19:08:34.0946 3672  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:08:34.0962 3672  Mcx2Svc - ok
19:08:34.0978 3672  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:08:34.0993 3672  megasas - ok
19:08:35.0009 3672  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:08:35.0024 3672  MegaSR - ok
19:08:35.0040 3672  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:08:35.0040 3672  MEIx64 - ok
19:08:35.0087 3672  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service D:\Office\Office12\GrooveAuditService.exe
19:08:35.0102 3672  Microsoft Office Groove Audit Service - ok
19:08:35.0118 3672  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:08:35.0180 3672  MMCSS - ok
19:08:35.0180 3672  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:08:35.0227 3672  Modem - ok
19:08:35.0258 3672  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:08:35.0290 3672  monitor - ok
19:08:35.0290 3672  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:08:35.0305 3672  mouclass - ok
19:08:35.0336 3672  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:08:35.0352 3672  mouhid - ok
19:08:35.0383 3672  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:08:35.0399 3672  mountmgr - ok
19:08:35.0461 3672  [ 37E6E36D776C69F88F139B07AB5A8475 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:08:35.0477 3672  MozillaMaintenance - ok
19:08:35.0477 3672  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:08:35.0492 3672  mpio - ok
19:08:35.0508 3672  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:08:35.0539 3672  mpsdrv - ok
19:08:35.0555 3672  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:08:35.0586 3672  MpsSvc - ok
19:08:35.0602 3672  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:08:35.0617 3672  MRxDAV - ok
19:08:35.0648 3672  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:08:35.0664 3672  mrxsmb - ok
19:08:35.0680 3672  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:08:35.0695 3672  mrxsmb10 - ok
19:08:35.0695 3672  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:08:35.0711 3672  mrxsmb20 - ok
19:08:35.0726 3672  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:08:35.0726 3672  msahci - ok
19:08:35.0742 3672  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:08:35.0758 3672  msdsm - ok
19:08:35.0773 3672  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:08:35.0789 3672  MSDTC - ok
19:08:35.0804 3672  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:08:35.0867 3672  Msfs - ok
19:08:35.0882 3672  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:08:35.0914 3672  mshidkmdf - ok
19:08:35.0945 3672  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:08:35.0960 3672  msisadrv - ok
19:08:35.0976 3672  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:08:36.0007 3672  MSiSCSI - ok
19:08:36.0007 3672  msiserver - ok
19:08:36.0023 3672  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:08:36.0054 3672  MSKSSRV - ok
19:08:36.0070 3672  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:08:36.0101 3672  MSPCLOCK - ok
19:08:36.0116 3672  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:08:36.0148 3672  MSPQM - ok
19:08:36.0148 3672  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:08:36.0163 3672  MsRPC - ok
19:08:36.0179 3672  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:08:36.0179 3672  mssmbios - ok
19:08:36.0179 3672  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:08:36.0210 3672  MSTEE - ok
19:08:36.0210 3672  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:08:36.0226 3672  MTConfig - ok
19:08:36.0241 3672  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:08:36.0241 3672  Mup - ok
19:08:36.0257 3672  [ 38B4C95E821528FB91DF16A78E04450F ] mv91xx          C:\Windows\system32\drivers\mv91xx.sys
19:08:36.0272 3672  mv91xx - ok
19:08:36.0288 3672  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:08:36.0335 3672  napagent - ok
19:08:36.0350 3672  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:08:36.0382 3672  NativeWifiP - ok
19:08:36.0428 3672  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:08:36.0460 3672  NDIS - ok
19:08:36.0460 3672  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:08:36.0491 3672  NdisCap - ok
19:08:36.0506 3672  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:08:36.0522 3672  NdisTapi - ok
19:08:36.0538 3672  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:08:36.0553 3672  Ndisuio - ok
19:08:36.0569 3672  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:08:36.0600 3672  NdisWan - ok
19:08:36.0616 3672  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:08:36.0647 3672  NDProxy - ok
19:08:36.0647 3672  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:08:36.0709 3672  NetBIOS - ok
19:08:36.0725 3672  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:08:36.0740 3672  NetBT - ok
19:08:36.0756 3672  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:08:36.0756 3672  Netlogon - ok
19:08:36.0787 3672  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:08:36.0818 3672  Netman - ok
19:08:36.0834 3672  [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:36.0850 3672  NetMsmqActivator - ok
19:08:36.0865 3672  [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:36.0865 3672  NetPipeActivator - ok
19:08:36.0881 3672  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:08:36.0928 3672  netprofm - ok
19:08:36.0928 3672  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:36.0943 3672  NetTcpActivator - ok
19:08:36.0943 3672  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:36.0943 3672  NetTcpPortSharing - ok
19:08:36.0959 3672  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:08:36.0974 3672  nfrd960 - ok
19:08:36.0990 3672  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:08:37.0006 3672  NlaSvc - ok
19:08:37.0021 3672  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:08:37.0052 3672  Npfs - ok
19:08:37.0052 3672  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:08:37.0068 3672  nsi - ok
19:08:37.0084 3672  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:08:37.0115 3672  nsiproxy - ok
19:08:37.0162 3672  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:08:37.0208 3672  Ntfs - ok
19:08:37.0224 3672  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:08:37.0255 3672  Null - ok
19:08:37.0271 3672  [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
19:08:37.0271 3672  nusb3hub - ok
19:08:37.0286 3672  [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:08:37.0302 3672  nusb3xhc - ok
19:08:37.0333 3672  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
19:08:37.0364 3672  NVENETFD - ok
19:08:37.0411 3672  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
19:08:37.0427 3672  NVHDA - ok
19:08:37.0583 3672  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:08:37.0676 3672  nvlddmkm - ok
19:08:37.0708 3672  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:08:37.0723 3672  nvraid - ok
19:08:37.0739 3672  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:08:37.0739 3672  nvstor - ok
19:08:37.0801 3672  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:08:37.0817 3672  nvsvc - ok
19:08:37.0879 3672  [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:08:37.0910 3672  nvUpdatusService - ok
19:08:37.0926 3672  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:08:37.0926 3672  nv_agp - ok
19:08:37.0988 3672  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:08:38.0020 3672  odserv - ok
19:08:38.0035 3672  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:08:38.0051 3672  ohci1394 - ok
19:08:38.0066 3672  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:08:38.0066 3672  ose - ok
19:08:38.0082 3672  othrhtsd - ok
19:08:38.0098 3672  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:08:38.0129 3672  p2pimsvc - ok
19:08:38.0144 3672  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:08:38.0176 3672  p2psvc - ok
19:08:38.0191 3672  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:08:38.0222 3672  Parport - ok
19:08:38.0238 3672  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:08:38.0254 3672  partmgr - ok
19:08:38.0254 3672  pbpdeuxl - ok
19:08:38.0269 3672  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:08:38.0300 3672  PcaSvc - ok
19:08:38.0300 3672  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:08:38.0316 3672  pci - ok
19:08:38.0347 3672  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:08:38.0347 3672  pciide - ok
19:08:38.0363 3672  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:08:38.0378 3672  pcmcia - ok
19:08:38.0394 3672  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:08:38.0410 3672  pcw - ok
19:08:38.0410 3672  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:08:38.0456 3672  PEAUTH - ok
19:08:38.0503 3672  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:08:38.0534 3672  PerfHost - ok
19:08:38.0581 3672  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:08:38.0659 3672  pla - ok
19:08:38.0690 3672  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:08:38.0737 3672  PlugPlay - ok
19:08:38.0753 3672  PnkBstrA - ok
19:08:38.0768 3672  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:08:38.0784 3672  PNRPAutoReg - ok
19:08:38.0800 3672  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:08:38.0815 3672  PNRPsvc - ok
19:08:38.0831 3672  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:08:38.0878 3672  PolicyAgent - ok
19:08:38.0893 3672  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:08:38.0924 3672  Power - ok
19:08:38.0956 3672  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:08:38.0987 3672  PptpMiniport - ok
19:08:39.0002 3672  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:08:39.0018 3672  Processor - ok
19:08:39.0034 3672  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:08:39.0065 3672  ProfSvc - ok
19:08:39.0080 3672  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:08:39.0080 3672  ProtectedStorage - ok
19:08:39.0096 3672  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:08:39.0127 3672  Psched - ok
19:08:39.0158 3672  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:08:39.0205 3672  ql2300 - ok
19:08:39.0205 3672  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:08:39.0221 3672  ql40xx - ok
19:08:39.0252 3672  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:08:39.0268 3672  QWAVE - ok
19:08:39.0268 3672  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:08:39.0299 3672  QWAVEdrv - ok
19:08:39.0346 3672  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
19:08:39.0361 3672  RapiMgr - ok
19:08:39.0377 3672  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:08:39.0408 3672  RasAcd - ok
19:08:39.0424 3672  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:08:39.0439 3672  RasAgileVpn - ok
19:08:39.0455 3672  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:08:39.0486 3672  RasAuto - ok
19:08:39.0502 3672  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:08:39.0533 3672  Rasl2tp - ok
19:08:39.0564 3672  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:08:39.0611 3672  RasMan - ok
19:08:39.0626 3672  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:08:39.0658 3672  RasPppoe - ok
19:08:39.0673 3672  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:08:39.0689 3672  RasSstp - ok
19:08:39.0704 3672  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:08:39.0736 3672  rdbss - ok
19:08:39.0736 3672  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:08:39.0751 3672  rdpbus - ok
19:08:39.0767 3672  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:08:39.0782 3672  RDPCDD - ok
19:08:39.0814 3672  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:08:39.0860 3672  RDPENCDD - ok
19:08:39.0876 3672  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:08:39.0892 3672  RDPREFMP - ok
19:08:39.0923 3672  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:08:39.0954 3672  RdpVideoMiniport - ok
19:08:39.0985 3672  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:08:40.0001 3672  RDPWD - ok
19:08:40.0032 3672  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:08:40.0032 3672  rdyboost - ok
19:08:40.0079 3672  [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nCU    C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
19:08:40.0094 3672  Realtek11nCU ( UnsignedFile.Multi.Generic ) - warning
19:08:40.0094 3672  Realtek11nCU - detected UnsignedFile.Multi.Generic (1)
19:08:40.0126 3672  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:08:40.0157 3672  RemoteAccess - ok
19:08:40.0172 3672  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:08:40.0219 3672  RemoteRegistry - ok
19:08:40.0235 3672  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:08:40.0266 3672  RFCOMM - ok
19:08:40.0266 3672  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:08:40.0297 3672  RpcEptMapper - ok
19:08:40.0313 3672  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:08:40.0344 3672  RpcLocator - ok
19:08:40.0360 3672  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:08:40.0391 3672  RpcSs - ok
19:08:40.0406 3672  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:08:40.0422 3672  rspndr - ok
19:08:40.0453 3672  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:08:40.0469 3672  RTL8167 - ok
19:08:40.0500 3672  [ A4F7F9BB5576BF1D3A57F785C5DBEDB7 ] RTL8192cu       C:\Windows\system32\DRIVERS\RTL8192cu.sys
19:08:40.0516 3672  RTL8192cu - ok
19:08:40.0531 3672  [ BA935BB90DE389D62A9C1212ECCA64BC ] RTLE8023x64     C:\Windows\system32\DRIVERS\Rtenic64.sys
19:08:40.0547 3672  RTLE8023x64 - ok
19:08:40.0547 3672  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:08:40.0562 3672  SamSs - ok
19:08:40.0562 3672  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:08:40.0578 3672  sbp2port - ok
19:08:40.0594 3672  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:08:40.0609 3672  SCardSvr - ok
19:08:40.0625 3672  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:08:40.0656 3672  scfilter - ok
19:08:40.0672 3672  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:08:40.0703 3672  Schedule - ok
19:08:40.0718 3672  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:08:40.0750 3672  SCPolicySvc - ok
19:08:40.0781 3672  [ 490B0B68BB938D5C628EC4A67277BE75 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
19:08:40.0796 3672  ScreamBAudioSvc - ok
19:08:40.0812 3672  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:08:40.0828 3672  SDRSVC - ok
19:08:40.0843 3672  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:08:40.0890 3672  secdrv - ok
19:08:40.0890 3672  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:08:40.0921 3672  seclogon - ok
19:08:40.0937 3672  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:08:40.0968 3672  SENS - ok
19:08:40.0968 3672  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:08:40.0999 3672  SensrSvc - ok
19:08:41.0015 3672  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:08:41.0015 3672  Serenum - ok
19:08:41.0046 3672  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:08:41.0077 3672  Serial - ok
19:08:41.0093 3672  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:08:41.0124 3672  sermouse - ok
19:08:41.0155 3672  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:08:41.0202 3672  SessionEnv - ok
19:08:41.0218 3672  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:08:41.0233 3672  sffdisk - ok
19:08:41.0249 3672  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:08:41.0264 3672  sffp_mmc - ok
19:08:41.0280 3672  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:08:41.0311 3672  sffp_sd - ok
19:08:41.0311 3672  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:08:41.0327 3672  sfloppy - ok
19:08:41.0342 3672  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:08:41.0374 3672  SharedAccess - ok
19:08:41.0389 3672  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:08:41.0420 3672  ShellHWDetection - ok
19:08:41.0436 3672  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:08:41.0452 3672  SiSRaid2 - ok
19:08:41.0467 3672  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:08:41.0483 3672  SiSRaid4 - ok
19:08:41.0545 3672  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:08:41.0561 3672  SkypeUpdate - ok
19:08:41.0576 3672  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:08:41.0608 3672  Smb - ok
19:08:41.0654 3672  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:08:41.0686 3672  SNMPTRAP - ok
19:08:41.0686 3672  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:08:41.0701 3672  spldr - ok
19:08:41.0732 3672  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:08:41.0748 3672  Spooler - ok
19:08:41.0795 3672  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:08:41.0904 3672  sppsvc - ok
19:08:41.0920 3672  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:08:41.0935 3672  sppuinotify - ok
19:08:41.0951 3672  sptd - ok
19:08:41.0982 3672  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:08:42.0013 3672  srv - ok
19:08:42.0013 3672  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:08:42.0044 3672  srv2 - ok
19:08:42.0044 3672  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:08:42.0044 3672  srvnet - ok
19:08:42.0076 3672  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:08:42.0107 3672  SSDPSRV - ok
19:08:42.0138 3672  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
19:08:42.0154 3672  SSPORT - ok
19:08:42.0154 3672  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:08:42.0185 3672  SstpSvc - ok
19:08:42.0216 3672  [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
19:08:42.0232 3672  ssudmdm - ok
19:08:42.0263 3672  Steam Client Service - ok
19:08:42.0325 3672  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:08:42.0341 3672  Stereo Service - ok
19:08:42.0356 3672  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:08:42.0372 3672  stexstor - ok
19:08:42.0388 3672  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
19:08:42.0419 3672  StillCam - ok
19:08:42.0450 3672  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:08:42.0481 3672  stisvc - ok
19:08:42.0512 3672  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:08:42.0512 3672  swenum - ok
19:08:42.0528 3672  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:08:42.0559 3672  swprv - ok
19:08:42.0590 3672  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:08:42.0653 3672  SysMain - ok
19:08:42.0668 3672  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:08:42.0684 3672  TabletInputService - ok
19:08:42.0700 3672  [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
19:08:42.0715 3672  tap0901 - ok
19:08:42.0746 3672  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:08:42.0778 3672  TapiSrv - ok
19:08:42.0793 3672  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:08:42.0824 3672  TBS - ok
19:08:42.0856 3672  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:08:42.0902 3672  Tcpip - ok
19:08:42.0965 3672  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:08:42.0996 3672  TCPIP6 - ok
19:08:43.0012 3672  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:08:43.0012 3672  tcpipreg - ok
19:08:43.0043 3672  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:08:43.0058 3672  TDPIPE - ok
19:08:43.0074 3672  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:08:43.0090 3672  TDTCP - ok
19:08:43.0121 3672  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:08:43.0136 3672  tdx - ok
19:08:43.0152 3672  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:08:43.0168 3672  TermDD - ok
19:08:43.0183 3672  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:08:43.0214 3672  TermService - ok
19:08:43.0246 3672  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:08:43.0261 3672  Themes - ok
19:08:43.0292 3672  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:08:43.0308 3672  THREADORDER - ok
19:08:43.0324 3672  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:08:43.0355 3672  TrkWks - ok
19:08:43.0386 3672  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:08:43.0417 3672  TrustedInstaller - ok
19:08:43.0448 3672  [ 2670B4F69E530C9DE602488CA8C55AD3 ] trustms         C:\Windows\system32\drivers\trustms.sys
19:08:43.0448 3672  trustms - ok
19:08:43.0464 3672  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:08:43.0495 3672  tssecsrv - ok
19:08:43.0526 3672  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:08:43.0558 3672  TsUsbFlt - ok
19:08:43.0573 3672  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:08:43.0604 3672  TsUsbGD - ok
19:08:43.0698 3672  [ 811A229718C85356BC81EB20F35EB7F6 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
19:08:43.0729 3672  TuneUp.UtilitiesSvc - ok
19:08:43.0745 3672  [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
19:08:43.0745 3672  TuneUpUtilitiesDrv - ok
19:08:43.0760 3672  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:08:43.0792 3672  tunnel - ok
19:08:43.0807 3672  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:08:43.0807 3672  uagp35 - ok
19:08:43.0823 3672  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:08:43.0854 3672  udfs - ok
19:08:43.0885 3672  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:08:43.0916 3672  UI0Detect - ok
19:08:43.0948 3672  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:08:43.0963 3672  uliagpkx - ok
19:08:43.0979 3672  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:08:43.0994 3672  umbus - ok
19:08:44.0026 3672  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:08:44.0041 3672  UmPass - ok
19:08:44.0072 3672  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:08:44.0104 3672  upnphost - ok
19:08:44.0135 3672  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:08:44.0135 3672  usbccgp - ok
19:08:44.0166 3672  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:08:44.0197 3672  usbcir - ok
19:08:44.0213 3672  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:08:44.0244 3672  usbehci - ok
19:08:44.0260 3672  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:08:44.0306 3672  usbhub - ok
19:08:44.0322 3672  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:08:44.0353 3672  usbohci - ok
19:08:44.0369 3672  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:08:44.0400 3672  usbprint - ok
19:08:44.0431 3672  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:08:44.0447 3672  usbscan - ok
19:08:44.0462 3672  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:08:44.0509 3672  USBSTOR - ok
19:08:44.0509 3672  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:08:44.0556 3672  usbuhci - ok
19:08:44.0572 3672  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:08:44.0618 3672  UxSms - ok
19:08:44.0634 3672  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:08:44.0650 3672  VaultSvc - ok
19:08:44.0665 3672  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:08:44.0665 3672  vdrvroot - ok
19:08:44.0696 3672  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:08:44.0728 3672  vds - ok
19:08:44.0759 3672  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:08:44.0790 3672  vga - ok
19:08:44.0806 3672  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:08:44.0852 3672  VgaSave - ok
19:08:44.0884 3672  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:08:44.0884 3672  vhdmp - ok
19:08:44.0899 3672  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:08:44.0915 3672  viaide - ok
19:08:44.0915 3672  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:08:44.0930 3672  volmgr - ok
19:08:44.0946 3672  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:08:44.0962 3672  volmgrx - ok
19:08:44.0977 3672  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:08:44.0977 3672  volsnap - ok
19:08:44.0993 3672  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:08:45.0008 3672  vsmraid - ok
19:08:45.0040 3672  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:08:45.0118 3672  VSS - ok
19:08:45.0133 3672  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:08:45.0164 3672  vwifibus - ok
19:08:45.0180 3672  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:08:45.0196 3672  vwififlt - ok
19:08:45.0211 3672  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:08:45.0227 3672  vwifimp - ok
19:08:45.0242 3672  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:08:45.0274 3672  W32Time - ok
19:08:45.0289 3672  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:08:45.0305 3672  WacomPen - ok
19:08:45.0320 3672  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:08:45.0367 3672  WANARP - ok
19:08:45.0367 3672  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:08:45.0383 3672  Wanarpv6 - ok
19:08:45.0430 3672  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:08:45.0461 3672  wbengine - ok
19:08:45.0492 3672  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:08:45.0508 3672  WbioSrvc - ok
19:08:45.0523 3672  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
19:08:45.0539 3672  WcesComm - ok
19:08:45.0554 3672  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:08:45.0570 3672  wcncsvc - ok
19:08:45.0586 3672  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:08:45.0617 3672  WcsPlugInService - ok
19:08:45.0632 3672  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:08:45.0648 3672  Wd - ok
19:08:45.0679 3672  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:08:45.0710 3672  Wdf01000 - ok
19:08:45.0710 3672  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:08:45.0742 3672  WdiServiceHost - ok
19:08:45.0742 3672  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:08:45.0757 3672  WdiSystemHost - ok
19:08:45.0757 3672  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:08:45.0788 3672  WebClient - ok
19:08:45.0804 3672  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:08:45.0851 3672  Wecsvc - ok
19:08:45.0851 3672  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:08:45.0882 3672  wercplsupport - ok
19:08:45.0898 3672  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:08:45.0913 3672  WerSvc - ok
19:08:45.0929 3672  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:08:45.0944 3672  WfpLwf - ok
19:08:45.0960 3672  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:08:45.0976 3672  WIMMount - ok
19:08:45.0976 3672  WinDefend - ok
19:08:45.0976 3672  WinHttpAutoProxySvc - ok
19:08:46.0022 3672  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:08:46.0038 3672  Winmgmt - ok
19:08:46.0069 3672  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:08:46.0132 3672  WinRM - ok
19:08:46.0163 3672  [ FE88B288356E7B47B74B13372ADD906D ] WINUSB          C:\Windows\system32\DRIVERS\WinUSB.SYS
19:08:46.0194 3672  WINUSB - ok
19:08:46.0225 3672  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:08:46.0288 3672  Wlansvc - ok
19:08:46.0350 3672  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:08:46.0366 3672  wlcrasvc - ok
19:08:46.0475 3672  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:08:46.0537 3672  wlidsvc - ok
19:08:46.0553 3672  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:08:46.0568 3672  WmiAcpi - ok
19:08:46.0568 3672  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:08:46.0600 3672  wmiApSrv - ok
19:08:46.0646 3672  WMPNetworkSvc - ok
19:08:46.0662 3672  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:08:46.0693 3672  WPCSvc - ok
19:08:46.0709 3672  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:08:46.0724 3672  WPDBusEnum - ok
19:08:46.0740 3672  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:08:46.0756 3672  ws2ifsl - ok
19:08:46.0771 3672  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:08:46.0787 3672  wscsvc - ok
19:08:46.0787 3672  WSearch - ok
19:08:46.0818 3672  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:08:46.0865 3672  wuauserv - ok
19:08:46.0896 3672  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:08:46.0912 3672  WudfPf - ok
19:08:46.0927 3672  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:08:46.0943 3672  WUDFRd - ok
19:08:46.0958 3672  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:08:46.0990 3672  wudfsvc - ok
19:08:46.0990 3672  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:08:47.0021 3672  WwanSvc - ok
19:08:47.0052 3672  [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
19:08:47.0068 3672  xusb21 - ok
19:08:47.0099 3672  ================ Scan global ===============================
19:08:47.0114 3672  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:08:47.0130 3672  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:08:47.0146 3672  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:08:47.0161 3672  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:08:47.0177 3672  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:08:47.0177 3672  [Global] - ok
19:08:47.0177 3672  ================ Scan MBR ==================================
19:08:47.0192 3672  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:08:47.0426 3672  \Device\Harddisk0\DR0 - ok
19:08:47.0426 3672  ================ Scan VBR ==================================
19:08:47.0426 3672  [ 7E0BE7C2D23F9D2275500A74C6F54C78 ] \Device\Harddisk0\DR0\Partition1
19:08:47.0426 3672  \Device\Harddisk0\DR0\Partition1 - ok
19:08:47.0458 3672  [ 411F6F9279349F5CF57E447725AF484A ] \Device\Harddisk0\DR0\Partition2
19:08:47.0458 3672  \Device\Harddisk0\DR0\Partition2 - ok
19:08:47.0489 3672  [ 491B12A1E95302BBE306359C700FF4D6 ] \Device\Harddisk0\DR0\Partition3
19:08:47.0489 3672  \Device\Harddisk0\DR0\Partition3 - ok
19:08:47.0504 3672  [ 41491C8E7360AAD9F91A947352553F4F ] \Device\Harddisk0\DR0\Partition4
19:08:47.0504 3672  \Device\Harddisk0\DR0\Partition4 - ok
19:08:47.0504 3672  ============================================================
19:08:47.0504 3672  Scan finished
19:08:47.0504 3672  ============================================================
19:08:47.0520 2460  Detected object count: 4
19:08:47.0520 2460  Actual detected object count: 4
19:09:18.0549 2460  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:09:18.0549 2460  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
19:09:18.0549 2460  AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0549 2460  AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0549 2460  DokanMounter ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0549 2460  DokanMounter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0549 2460  Realtek11nCU ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0549 2460  Realtek11nCU ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:22.0106 0200  Deinitialize success
         

Alt 11.05.2013, 18:21   #8
markusg
/// Malware-holic
 
Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - Standard

Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.05.2013, 18:40   #9
Mischer
 
Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - Standard

Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe



So, da wäre das Log.

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-05-11.01 - Atelco 11.05.2013  19:26:27.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.16361.14041 [GMT 2:00]
ausgeführt von:: c:\users\Atelco\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Atelco\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\Atelco\AppData\Roaming\inst.exe
c:\users\Atelco\AppData\Roaming\vso_ts_preview.xml
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\muzapp.exe
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-11 bis 2013-05-11  ))))))))))))))))))))))))))))))
.
.
2013-05-11 15:53 . 2013-05-09 08:59	22600	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2013-05-10 12:09 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9D7839F-6DBF-4114-9DC0-0DDA01BA5C8E}\mpengine.dll
2013-04-24 15:17 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-14 07:51 . 2013-04-14 07:51	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-10 12:04 . 2010-06-24 09:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-03-06 16:33	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-03-06 16:33	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2012-12-16 12:12	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-12-16 12:12	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-12-16 12:12	1025808	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2012-06-08 13:52	378432	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2012-12-16 12:12	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-12-16 12:12	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-12-16 12:12	41664	----a-w-	c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-12-16 12:12	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-21 08:06 . 2012-08-14 17:18	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-21 08:06 . 2012-08-14 17:18	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 19:01 . 2011-10-25 14:51	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-04 12:50 . 2012-07-17 15:27	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-19 06:04 . 2013-04-10 15:34	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 15:34	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 15:34	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 15:34	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 15:34	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 15:34	112640	----a-w-	c:\windows\system32\smss.exe
2013-03-09 18:11 . 2012-12-19 23:17	280792	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-03-09 18:11 . 2012-02-29 22:19	280792	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-03-09 18:10 . 2012-12-19 23:17	280856	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-03-09 09:09 . 2013-03-09 09:09	310688	----a-w-	c:\windows\system32\javaws.exe
2013-03-09 09:09 . 2013-03-09 09:09	1085344	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-09 09:09 . 2013-03-09 09:09	188832	----a-w-	c:\windows\system32\javaw.exe
2013-03-09 09:09 . 2013-03-09 09:09	188320	----a-w-	c:\windows\system32\java.exe
2013-03-09 09:09 . 2013-03-09 09:09	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-09 09:09 . 2011-09-28 10:21	963488	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-06 16:48 . 2013-03-06 16:48	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-06 16:47 . 2012-07-02 08:06	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-03-06 16:47 . 2011-10-25 15:01	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-01 03:36 . 2013-04-10 15:34	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-25 22:32 . 2013-02-25 22:32	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32	2505144	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32	15129960	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32	6262608	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32	2826040	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32	18055184	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2013-02-25 22:32	1107440	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2012-03-20 17:21	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	958120	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32	2720544	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	26929440	----a-w-	c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32	7932256	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32	2346784	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	245872	----a-w-	c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32	11036448	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-12-04 17:36	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	2904352	----a-w-	c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	20449056	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32	15053264	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32	7564040	----a-w-	c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32	1985824	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	12641992	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32	9390760	----a-w-	c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32	201576	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-02-22 06:57 . 2013-04-10 19:00	17817088	----a-w-	c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-10 19:00	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-10 19:00	2312704	----a-w-	c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-10 19:00	1346560	----a-w-	c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-10 19:00	1392128	----a-w-	c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-10 19:00	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-10 19:00	237056	----a-w-	c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-10 19:00	85504	----a-w-	c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-10 19:00	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-10 19:00	599040	----a-w-	c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-10 19:00	816640	----a-w-	c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-10 19:00	729088	----a-w-	c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-10 19:00	2147840	----a-w-	c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-10 19:00	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-10 19:00	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-10 19:00	248320	----a-w-	c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-10 19:00	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-10 19:00	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-10 19:00	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 19:00	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 19:00	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-10 19:00	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-02-12 05:45 . 2013-03-13 17:02	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 17:02	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 17:02	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 17:02	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 17:02	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 17:02	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-26 04:15	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 14:03	1310040	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\steam\steam.exe" [2013-05-03 1635752]
"Akamai NetSession Interface"="c:\users\Atelco\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]
"EADM"="e:\origin\Origin.exe" [2013-03-03 3494992]
"KiesHelper"="d:\kies\KiesHelper.exe" [2012-06-08 958392]
"KiesPDLR"="d:\kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"GrooveMonitor"="d:\office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Trust Gaming Mouse"="e:\trust gaming mouse\Mouse.exe" [2011-01-17 2245632]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SCX3200_Scan2Pc"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2011-06-21 1990144]
"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2011-06-21 1990144]
"KiesTrayAgent"="d:\kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="d:\quiktime\QTTask.exe" -atboottime
.
R1 bhuybimy;bhuybimy;c:\windows\system32\drivers\bhuybimy.sys [x]
R1 ekbmcvpa;ekbmcvpa;c:\windows\system32\drivers\ekbmcvpa.sys [x]
R1 jdshbygw;jdshbygw;c:\windows\system32\drivers\jdshbygw.sys [x]
R1 othrhtsd;othrhtsd;c:\windows\system32\drivers\othrhtsd.sys [x]
R1 pbpdeuxl;pbpdeuxl;c:\windows\system32\drivers\pbpdeuxl.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2010-08-12 748648]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [2011-01-14 335464]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
R4 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-11-22 303408]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 120408]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-10-28 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-19 279616]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
S3 trustms;Trust  Mouse;c:\windows\system32\drivers\trustms.sys [2010-11-15 12416]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 08:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2007-09-05 406944]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"KiesTrayAgent"="d:\kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - d:\office\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Atelco\AppData\Roaming\Mozilla\Firefox\Profiles\92poh4uw.default-1355154101686\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-TQ566808 - F:\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-678325235-554912938-2678598872-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:05,a6,ba,5d,8a,bb,d5,4a,7d,4b,29,9b,0e,65,08,a6,ac,50,c1,d6,68,7b,bc,
   27,91,bc,68,7e,27,9c,7d,a3,25,de,07,32,48,be,00,aa,32,9c,88,d8,96,69,47,95,\
"??"=hex:85,b9,e3,c5,ec,41,53,a1,1b,b1,52,f1,7d,d1,5c,d8
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-11  19:35:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-11 17:35
.
Vor Suchlauf: 10 Verzeichnis(se), 534.298.710.016 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 533.896.282.112 Bytes frei
.
- - End Of File - - 3B75B938BE783FA2DF38B443F57B66D3
         
--- --- ---

Alt 11.05.2013, 19:00   #10
markusg
/// Malware-holic
 
Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - Standard

Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe



bStart Programme zubehör, editor, reinkopieren:


Killall::
Driver::
bhuybimy
ekbmcvpa
jdshbygw
othrhtsd
pbpdeuxl
dgderdrv
McComponentHostService


Datei speichern unter, Typ:

Alle Dateien.
Ort:
dort wo sich Combofix.exe befindet.
Name:
Cfscript.txt

ziehe CFscript.txt auf das Combofix Symbol, Programm startet, Log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.05.2013, 19:16   #11
Mischer
 
Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - Standard

Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe



Wie angewiesen ausgeführt.

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-05-11.01 - Atelco 11.05.2013  20:05:51.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.16361.14190 [GMT 2:00]
ausgeführt von:: c:\users\Atelco\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Atelco\Downloads\Cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Atelco\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bhuybimy
-------\Service_dgderdrv
-------\Service_ekbmcvpa
-------\Service_jdshbygw
-------\Service_McComponentHostService
-------\Service_othrhtsd
-------\Service_pbpdeuxl
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-11 bis 2013-05-11  ))))))))))))))))))))))))))))))
.
.
2013-05-11 18:09 . 2013-05-11 18:09	--------	d-----w-	c:\users\UpdatusUser.Aelthred\AppData\Local\temp
2013-05-11 18:09 . 2013-05-11 18:09	--------	d-----w-	c:\users\hedev\AppData\Local\temp
2013-05-11 18:09 . 2013-05-11 18:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-11 15:53 . 2013-05-09 08:59	22600	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2013-05-10 12:09 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9D7839F-6DBF-4114-9DC0-0DDA01BA5C8E}\mpengine.dll
2013-04-24 15:17 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-14 07:51 . 2013-04-14 07:51	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-10 12:04 . 2010-06-24 09:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-03-06 16:33	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-03-06 16:33	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2012-12-16 12:12	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-12-16 12:12	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-12-16 12:12	1025808	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2012-06-08 13:52	378432	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2012-12-16 12:12	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-12-16 12:12	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-12-16 12:12	41664	----a-w-	c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-12-16 12:12	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-21 08:06 . 2012-08-14 17:18	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-21 08:06 . 2012-08-14 17:18	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 19:01 . 2011-10-25 14:51	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-04 12:50 . 2012-07-17 15:27	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-19 06:04 . 2013-04-10 15:34	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 15:34	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 15:34	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 15:34	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 15:34	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 15:34	112640	----a-w-	c:\windows\system32\smss.exe
2013-03-09 18:11 . 2012-12-19 23:17	280792	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-03-09 18:11 . 2012-02-29 22:19	280792	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-03-09 18:10 . 2012-12-19 23:17	280856	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-03-09 09:09 . 2013-03-09 09:09	310688	----a-w-	c:\windows\system32\javaws.exe
2013-03-09 09:09 . 2013-03-09 09:09	1085344	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-09 09:09 . 2013-03-09 09:09	188832	----a-w-	c:\windows\system32\javaw.exe
2013-03-09 09:09 . 2013-03-09 09:09	188320	----a-w-	c:\windows\system32\java.exe
2013-03-09 09:09 . 2013-03-09 09:09	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-09 09:09 . 2011-09-28 10:21	963488	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-06 16:48 . 2013-03-06 16:48	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-06 16:47 . 2012-07-02 08:06	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-03-06 16:47 . 2011-10-25 15:01	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-01 03:36 . 2013-04-10 15:34	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-25 22:32 . 2013-02-25 22:32	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32	2505144	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32	15129960	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32	6262608	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32	2826040	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32	18055184	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2013-02-25 22:32	1107440	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2012-03-20 17:21	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	958120	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32	2720544	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	26929440	----a-w-	c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32	7932256	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32	2346784	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	245872	----a-w-	c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32	11036448	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-12-04 17:36	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	2904352	----a-w-	c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	20449056	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32	15053264	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32	7564040	----a-w-	c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32	1985824	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	12641992	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32	9390760	----a-w-	c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32	201576	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-02-22 06:57 . 2013-04-10 19:00	17817088	----a-w-	c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-10 19:00	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-10 19:00	2312704	----a-w-	c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-10 19:00	1346560	----a-w-	c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-10 19:00	1392128	----a-w-	c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-10 19:00	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-10 19:00	237056	----a-w-	c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-10 19:00	85504	----a-w-	c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-10 19:00	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-10 19:00	599040	----a-w-	c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-10 19:00	816640	----a-w-	c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-10 19:00	729088	----a-w-	c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-10 19:00	2147840	----a-w-	c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-10 19:00	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-10 19:00	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-10 19:00	248320	----a-w-	c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-10 19:00	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-10 19:00	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-10 19:00	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 19:00	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 19:00	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-10 19:00	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-02-12 05:45 . 2013-03-13 17:02	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 17:02	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 17:02	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 17:02	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 17:02	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 17:02	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-26 04:15	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 14:03	1310040	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\steam\steam.exe" [2013-05-03 1635752]
"Akamai NetSession Interface"="c:\users\Atelco\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]
"EADM"="e:\origin\Origin.exe" [2013-03-03 3494992]
"KiesHelper"="d:\kies\KiesHelper.exe" [2012-06-08 958392]
"KiesPDLR"="d:\kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"GrooveMonitor"="d:\office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Trust Gaming Mouse"="e:\trust gaming mouse\Mouse.exe" [2011-01-17 2245632]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SCX3200_Scan2Pc"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2011-06-21 1990144]
"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2011-06-21 1990144]
"KiesTrayAgent"="d:\kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="d:\quiktime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2010-08-12 748648]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [2011-01-14 335464]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
R4 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-11-22 303408]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 120408]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-10-28 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-19 279616]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
S3 trustms;Trust  Mouse;c:\windows\system32\drivers\trustms.sys [2010-11-15 12416]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 08:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2007-09-05 406944]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"KiesTrayAgent"="d:\kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - d:\office\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Atelco\AppData\Roaming\Mozilla\Firefox\Profiles\92poh4uw.default-1355154101686\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-678325235-554912938-2678598872-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:05,a6,ba,5d,8a,bb,d5,4a,7d,4b,29,9b,0e,65,08,a6,ac,50,c1,d6,68,7b,bc,
   27,91,bc,68,7e,27,9c,7d,a3,25,de,07,32,48,be,00,aa,32,9c,88,d8,96,69,47,95,\
"??"=hex:85,b9,e3,c5,ec,41,53,a1,1b,b1,52,f1,7d,d1,5c,d8
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-11  20:14:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-11 18:14
ComboFix2.txt  2013-05-11 17:35
.
Vor Suchlauf: 13 Verzeichnis(se), 533.976.072.192 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 533.425.090.560 Bytes frei
.
- - End Of File - - CF4A4041F6ABF1632E8A654B7DD02FA9
         
--- --- ---

Alt 11.05.2013, 19:17   #12
markusg
/// Malware-holic
 
Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - Standard

Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe



hi,
1. poste alle bisher erstellten Malwarebytes Logs mit funden:
http://www.trojaner-board.de/125889-...en-posten.html
2.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.05.2013, 20:09   #13
Mischer
 
Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - Standard

Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe



So Suchlauf beendet - nichts wurde gefunden.


Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Atelco :: AELTHRED [Administrator]

11.05.2013 20:21:25
mbam-log-2013-05-11 (20-21-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 509463
Laufzeit: 46 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         


Edit: Nach Neustart meldet Avast erneut eine Bedrohung:

Zitat:
c:\Users\Atelco\AppDate\Local\Temp\uuz4smok.dll

Prozess: C:\Windows\Mircrosoft.NET\v4.0.30319\csc.exe

Geändert von Mischer (11.05.2013 um 20:16 Uhr)

Alt 11.05.2013, 20:21   #14
markusg
/// Malware-holic
 
Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - Standard

Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe



Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.05.2013, 20:37   #15
Mischer
 
Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - Standard

Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe



Code:
ATTFilter
7-Zip 9.20		11.12.2011		notwendig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	21.04.2013	6,00MB	11.7.700.169 notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	14.04.2013	6,00MB	11.7.700.169 notwendig
Adobe Reader X (10.1.6) - Deutsch	Adobe Systems Incorporated	23.02.2013	122MB	10.1.6 notwendig
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	12.07.2012		11.6.5.635 notwendig
Akamai NetSession Interface		24.02.2013		unbekannt
Akamai NetSession Interface Service		05.04.2012	unbekannt	
Apple Application Support	Apple Inc.	30.05.2012	61,0MB	2.1.7 unbekannt
Apple Software Update	Apple Inc.	30.05.2012	2,38MB	2.1.3.127 unbekannt
Armageddon		11.04.2012		unnötig
avast! Pro Antivirus	AVAST Software	11.05.2013 		8.0.1489.0 notwendig
Battlefield 3™	Electronic Arts	06.09.2012		1.4.0.0 notwendig
Battlelog Web Plugins	EA Digital Illusions CE AB	20.12.2012		2.1.2 notwendig
Bluetooth Win7 Suite (64)	Atheros Communications	23.09.2011	59,1MB	7.2.0.40 notwendig
Borderlands 2	Gearbox Software	19.03.2013		notwendig
Bullzip PDF Printer 8.2.0.1406	Bullzip	30.05.2012	9,25MB	8.2.0.1406 unnötig
Canon LBP5050		14.10.2011		notwendig
CCleaner	Piriform	23.04.2013		4.01 notwendig
Cisco EAP-FAST Module	Cisco Systems, Inc.	19.12.2011	1,55MB	2.2.14 unbekannt
Cisco LEAP Module	Cisco Systems, Inc.	19.12.2011	644KB	1.0.19 unbekannt
Cisco PEAP Module	Cisco Systems, Inc.	19.12.2011	1,23MB	1.1.6 unbekannt
Cities XL Platinum		09.05.2013		notwendig
Command & Conquer Die ersten 10 Jahre	Electronic Arts	13.03.2012		1.00.0000 unnötig
Company of Heroes	Relic	30.03.2012		notwendig
Company of Heroes: Opposing Fronts	Relic	30.03.2012	notwendig	
Company of Heroes: Tales of Valor	Relic	30.03.2012	notwendig	
CyberGhost VPN	CyberGhost S.R.L.	18.12.2012	64,2MB	notwendig
DAEMON Tools Lite	DT Soft Ltd	17.01.2012		4.45.1.0236 unnötig
DH Driver Cleaner Professional Edition	Ruud Ketelaars	19.03.2012		Version 1.5 notwendig
Dokan Library 0.6.0		04.09.2012	unbekannt	
Empire: Total War	The Creative Assembly	06.11.2011	 notwendig	
F1 2012	Codemasters	27.10.2012	notwendig	
FLV Player 2.0 (build 25)	Martijn de Visser	23.09.2011		2.0 (build 25) notwendig
Free YouTube Download version 3.2.0.128	DVDVideoSoft Ltd.	08.03.2013	76,7MB	3.2.0.128 unnötig
Free YouTube to MP3 Converter version 3.12.1.320	DVDVideoSoft Ltd.	14.04.2013	76,0MB	3.12.1.320 unnötig
Intel(R) Management Engine Components	Intel Corporation	23.09.2011		7.0.0.1144 unbekannt
Internet Explorer Toolbar 4.6 by SweetPacks	SweetIM Technologies Ltd.	02.11.2012	4,27MB	4.6.0004 unnötig
Java 7 Update 17	Oracle	06.03.2013	130MB	7.0.170 notwendig
Java 7 Update 17 (64-bit)	Oracle	09.03.2013	128MB	7.0.170 notwendig
Java(TM) 6 Update 39	Oracle	08.03.2013	97,8MB	6.0.390 notwendig
JDownloader 0.9	AppWork GmbH	02.11.2012		0.9 notwendig
K-Lite Mega Codec Pack 9.6.0		20.12.2012	90,7MB	9.6.0 notwendig
Logitech Unifying-Software 2.00	Logitech	17.04.2012	4,59MB	2.00.43 notwendig
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	11.05.2013	19,2MB	1.75.0.1300 notwendig
marvell 91xx driver	Marvell	23.09.2011		1.0.0.1051 unbekannt
Medieval II: Total War	The Creative Assembly	12.07.2012	 unnötig	
Medieval II: Total War Kingdoms	The Creative Assembly	12.07.2012	unnötig	
Metro 2033	THQ	26.05.2012	unnötig	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	25.12.2012	38,8MB	4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	27.06.2012	2,93MB	4.0.30320 unbekannt
Microsoft Chart Controls for Microsoft .NET Framework 3.5	Microsoft Corporation	24.04.2012	13,8MB	3.5.30730.0 unbekannt
Microsoft Games for Windows - LIVE	Microsoft Corporation	01.12.2012	8,19MB	3.0.89.0 unbekannt
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	01.12.2012	33,5MB	3.0.19.0 unbekannt
Microsoft Office 2010	Microsoft Corporation	16.05.2011	6,31MB	14.0.4763.1000 notwendig
Microsoft Office Enterprise 2007	Microsoft Corporation	21.02.2012		12.0.6612.1000 notwendig
Microsoft Office File Validation Add-In	Microsoft Corporation	14.03.2012	7,95MB	14.0.5130.5003 unbekannt
Microsoft Office Live Add-in 1.5	Microsoft Corporation	18.04.2012	508KB	2.0.4024.1 unbekannt
Microsoft Silverlight	Microsoft Corporation	13.03.2013	50,6MB	5.1.20125.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	16.05.2011	1,69MB	3.1.0000 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	24.01.2012	252KB	8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	20.03.2013	2,38MB	8.0.59193 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	17.04.2012	838KB	8.0.61000 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	09.10.2011	788KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	23.04.2012	236KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	10.10.2011	788KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	06.11.2011	1,41MB	9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	05.11.2011	230KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	23.09.2011	230KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	23.09.2011	592KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	24.09.2011	600KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	06.05.2012	13,8MB	10.0.40219 unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	09.05.2013	15,0MB	10.0.40219 unbekannt
Microsoft Xbox 360 Accessories 1.2	Microsoft	30.10.2012	7,82MB	1.20.146.0 notwendig
Mozilla Firefox 21.0 (x86 de)	Mozilla	09.05.2013	49,8MB	21.0 notwendig
Mozilla Maintenance Service	Mozilla	19.04.2013	333KB	21.0 notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	18.04.2012	1,27MB	4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	18.04.2012	1,33MB	4.20.9876.0 unbekannt
MSXML 4.0 SP2 Parser and SDK	Microsoft Corporation	17.04.2012	1,22MB	4.20.9818.0 unbekannt
Nexus Mod Manager	Black Tree Gaming	10.11.2012	13,4MB	0.33.1 unnötig
NVIDIA 3D Vision Controller-Treiber 310.90	NVIDIA Corporation	07.01.2013		310.90 notwendig
NVIDIA 3D Vision Treiber 311.06	NVIDIA Corporation	14.04.2013		311.06 notwendig
NVIDIA Grafiktreiber 311.06	NVIDIA Corporation	14.04.2013		311.06 notwendig
NVIDIA HD-Audiotreiber 1.3.18.0	NVIDIA Corporation	07.01.2013		1.3.18.0 notwendig
NVIDIA PhysX-Systemsoftware 9.12.1031	NVIDIA Corporation	04.12.2012		9.12.1031 notwendig
NVIDIA Update 1.11.3	NVIDIA Corporation	07.01.2013		1.11.3 notwendig
OLYMPUS Digital Camera Updater	OLYMPUS IMAGING CORP.	17.04.2012	160KB	1.0.3 unnötig
OLYMPUS Viewer 2	OLYMPUS IMAGING CORP.	17.04.2012	204KB	1.3.0 unnötig
Omerta - City of Gangsters		05.03.2013		unnötig
Origin	Electronic Arts, Inc.	05.05.2012		8.5.2.23 notwendig
Patrician III	Ascaron	18.12.2012		unnötig
PDFCreator	Frank Heindörfer, Philip Chinery	30.05.2012		1.3.2 unnötig
Postal 2 Apocalypse Weekend Expansion Pack		07.12.2011	unnötig	
Postal 2 Share The Pain		07.12.2011		unnötig
QuickTime	Apple Inc.	30.05.2012	73,2MB	7.72.80.56
Realtek Ethernet Controller Driver	Realtek	23.09.2011		7.37.1229.2010 notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	01.03.2012		6.0.1.6235 notwendig
REALTEK Wireless LAN Driver and Utility		19.12.2011		1.00.0159 notwendig
Red Orchestra 2 SDK		23.04.2012		notwendig
Red Orchestra 2: Heroes of Stalingrad	Tripwire	23.04.2012	notwendig	
Red Orchestra 2: Heroes of Stalingrad Beta		23.04.2012	notwendig	
Renesas Electronics USB 3.0 Host Controller Driver	Renesas Electronics Corporation	23.09.2011	1,00MB	2.0.32.0 notwendig
Samsung Kies	Samsung Electronics Co., Ltd.	27.06.2012	208MB	2.3.2.12054_20 notwendig
Samsung Scan Assistant	Samsung Electronics Co., Ltd.	26.06.2012	24,7MB	1.04.22.00 notwendig
Samsung SCX-3200 Series	Samsung Electronics Co., Ltd.	26.06.2012	notwendig	
SAMSUNG USB Driver for Mobile Phones	SAMSUNG Electronics Co., Ltd.	27.06.2012	42,9MB	1.5.5.0 notwendig
Sanctum		12.10.2012		notwendig
Sins of a Solar Empire: Rebellion		30.07.2012		 notwendig
Skype Click to Call	Skype Technologies S.A.	03.05.2012	13,3MB	5.9.9216 notwendig
Skype™ 6.0	Skype Technologies S.A.	08.12.2012	20,3MB	6.0.126 notwendig
Steam	Valve	05.11.2011	42,1MB	1.0.0.0 notwendig
Stronghold Crusader + Extreme	Firefly Studios	19.12.2012	unnötig	
TeamSpeak 3 Client	TeamSpeak Systems GmbH	05.03.2013		3.0.10 unnötig
The Elder Scrolls V: Skyrim	Bethesda Game Studios	03.01.2012	notwendig	
Total War: SHOGUN 2	The Creative Assembly	06.11.2011		notwendig
TripleA Version 1_3_2_2		30.01.2012		 notwendig
Tropico 4		26.12.2012		notwendig
Trust Gaming Mouse Driver V1.1		11.03.2012	14,0MB	 notwendig
TuneUp Utilities 2012	TuneUp Software	09.06.2012		12.0.3600.73 notwendig
Update Manager for SweetPacks 1.1	SweetIM Technologies Ltd.	02.11.2012	2,76MB	1.1.0008 unnötig
Vegas Movie Studio HD Platinum 11.0	Sony	07.06.2012	297MB	11.0.256 unnötig
Video Thumbnails Maker by Scorp (remove only)		20.12.2012		notwendig
VLC media player 2.0.6	VideoLAN	01.05.2013		2.0.6 notwendig
Windows Live Essentials	Microsoft Corporation	16.05.2011		15.4.3508.1109 notwendig
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	16.05.2011	5,57MB	15.4.5722.2 unbekannt
Windows Mobile-Gerätecenter	Microsoft Corporation	14.12.2011	27,4MB	6.1.6965.0 unbekannt
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)	OLYMPUS IMAGING CORP.	17.04.2012		09/09/2009 1.0.0.0 unbekannt
WORLD IN CONFLICT: SOVIET ASSAULT	Ubisoft Entertainment	19.04.2012		1.0.1.1 unnötig
Worms Revolution		03.12.2012		unnötig
         

Antwort

Themen zu Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
anhang, anleitung, antimalwarebytes, antivirus, appdata, avast, avira, c:\windows, dateien, ebenfalls, eingefangen, forum, malware, meldet, meldung, problem, software, suche, surfen, systemstart, unregelmäßige, vollversion, win, win32, windows



Ähnliche Themen: Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe


  1. Windows 8.1 Avast meldet beim Systemstart eine Bedrohung. Was tun?
    Log-Analyse und Auswertung - 05.02.2015 (15)
  2. Bad Forefox add on microsoft.net framework assistant
    Log-Analyse und Auswertung - 24.01.2015 (12)
  3. "MS13-052: Security Update for Microsoft .NET Framework 4 on Windows 7" nicht entfernbar
    Plagegeister aller Art und deren Bekämpfung - 09.05.2014 (3)
  4. Avast meldet Malware
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (14)
  5. Avast meldet Malware!
    Plagegeister aller Art und deren Bekämpfung - 17.04.2014 (8)
  6. Avast meldet Malware bei Google-Suche
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (13)
  7. Softwareupdater.UI.EXE meldet sich nach jedem Systemstart
    Log-Analyse und Auswertung - 20.11.2013 (13)
  8. Windows Vista: SoftwareUpdater.Ui.exe öffnet sich bei jedem Systemstart
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (9)
  9. Avast free Blockiert bei jedem Systemstart Maleware
    Log-Analyse und Auswertung - 22.05.2013 (35)
  10. Avast meldet A0090918.exe ist infiziert von Win32:Malware-gen!
    Log-Analyse und Auswertung - 17.04.2013 (6)
  11. Avast meldet URL:Malware in JDownloader
    Log-Analyse und Auswertung - 17.03.2013 (1)
  12. Microsoft .NET Framework 1.1 SP1 unter Windows XP ohne Update-Möglichkeit
    Alles rund um Windows - 28.01.2013 (5)
  13. C:\windows\system32\sshnas21.dll bei jedem Systemstart
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (13)
  14. "Fehler beim Laden von C:\Windows\system32\sshnas.dll" bei jedem Systemstart
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (7)
  15. D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing) ???
    Log-Analyse und Auswertung - 24.06.2009 (3)
  16. Microsoft.NET Framework deinstallieren?
    Mülltonne - 03.12.2008 (0)
  17. AVAST meldet VBS:Malware gen
    Log-Analyse und Auswertung - 25.01.2008 (0)

Zum Thema Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - Hallo, ich hoffe hier auf kompetente Hilfe bei einem Problem, welches ich seit 4 Tagen habe. Offenbar scheine ich mir beim Surfen Malware eingefangen zu haben. Die Suche hier im - Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe...
Archiv
Du betrachtest: Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.