Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Internet Explorer öffnet sich selbstständig.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.06.2013, 21:53   #1
Joker2010
 
Internet Explorer öffnet sich selbstständig. - Standard

Internet Explorer öffnet sich selbstständig.



Hinweis: Bei Schritt 3 in der Anleitung sollte man GMER starten, welches bei einer bestimmten Pfad dann hängen bleibt. Ein ScreenShot ist nochmal unten bzw. angehängt.

Hallo liebes Trojaner-Board Team,

zuerst werde ich mal etwas Allgemein über mein Problem schreiben, damit Ihr wisst wo und in welche Richtung mein Problem ungefähr ist und geht:
Und zwar habe ich seit ein paar Tagen bemerkt, dass mein PC plötzlich, wenn ich ein paar Minuten nichts an der Tastatur mache, auf "eigener Faust" Internet Explorer öffnet auf dem schon eine Seite offen ist. Es öffnet sich also nicht so, als ob einer da langsam oder auch schnell rum tippt, sondern auf "einen Schlag", als wäre es so als Datei gespeichert.
Beispielsweise wurde einmal hxxp://www.sparritter.de/ geöffnet, ohne dass ich etwas gemacht habe außer es zu beobachten. Es wurden auch noch andere Seiten meistens nacheinander geöffnet, von denen ich die Links allerdings nicht kopiert habe.

Noch ein paar Informationen: Ich habe, bevor ich die Anleitung gelesen habe, schon die " Malwarebytes Anti-Malware " einmal die ganze Festplatte scannen lassen.
LogFile vom Malwarebytes Anti-Malware Scan:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.03.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
USER1 :: MT7-PC [Administrator]

Schutz: Aktiviert

03.06.2013 12:39:17
mbam-log-2013-06-03 (12-39-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 494997
Laufzeit: 2 Stunde(n), 40 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\USER1\AppData\Roaming\noc\scvhost.exe (Trojan.BitMiner) -> 3952 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Agent) -> Daten: C:\Users\USER1\AppData\Roaming\jabconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\USER1\AppData\Roaming\noc\scvhost.exe (Trojan.BitMiner) -> Löschen bei Neustart.
C:\Users\USER1\y0353p10gcpk5.exe (Trojan.BitMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\USER1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7a2e915b-6bbfedd0 (Trojan.BitMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005267.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\USER1\AppData\Roaming\noc\chp.exe (Trojan.Bitcoin) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\USER1\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Ausserdem wurde ein Virus während ich Schritt 2 von der Anleitung durchgeführt von meinem Anti Virus Programm "Avira Anti-Virus" gefunden, jedoch habe ich mal alles vom heutigen Tag (03.06) kopiert:

Code:
ATTFilter
Exportierte Ereignisse:

03.06.2013 20:02 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

03.06.2013 20:02 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

03.06.2013 20:02 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

03.06.2013 20:02 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

03.06.2013 20:02 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

03.06.2013 19:56 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

03.06.2013 19:55 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         



Aber nun zu den Dateien, welche unter der Anleitung erfordert werden:

Defogger:
Keine Fehlermeldung.




OTL.txt:
Code:
ATTFilter
OTL logfile created on: 03.06.2013 19:45:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\USER1\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 64,89% Memory free
5,50 Gb Paging File | 4,39 Gb Available in Paging File | 79,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 54,40 Gb Free Space | 36,52% Space Free | Partition Type: NTFS
 
Computer Name: MT7-PC | User Name: USER1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.03 19:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USER1\Desktop\OTL.exe
PRC - [2013.05.15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2013.05.14 13:20:51 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.05 12:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.05.05 12:47:25 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.05.05 12:47:23 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.01.18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.01.18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.12.23 18:57:16 | 000,892,760 | ---- | M] (LULU Software) -- C:\Programme\Soda 3D PDF Reader\ConversionService.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2009.11.16 09:27:48 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Programme\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
PRC - [2009.11.05 16:56:38 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.18 17:24:30 | 000,260,096 | ---- | M] () -- C:\Programme\Notepad++\NppShell_05.dll
MOD - [2011.12.15 13:38:45 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.11.06 22:18:16 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [1997.10.18 00:00:00 | 000,022,016 | ---- | M] () -- C:\Windows\System32\DOCOBJ.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.15 17:30:50 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.05.05 12:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.05.05 12:47:23 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.03.10 03:56:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.12.23 18:57:16 | 000,892,760 | ---- | M] (LULU Software) [Auto | Running] -- C:\Programme\Soda 3D PDF Reader\ConversionService.exe -- (Soda 3D PDF Reader Service)
SRV - [2011.12.23 18:57:10 | 000,821,592 | ---- | M] (LULU Software) [On_Demand | Stopped] -- C:\Programme\Soda 3D PDF Reader\HelperService.exe -- (Soda 3D PDF Reader Helper Service)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.11.05 16:56:38 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva400.sys -- (XDva400)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2013.05.05 12:47:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.05.05 12:47:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.05.05 12:47:36 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.12.29 22:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2012.08.27 16:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.05.20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2010.04.12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009.06.29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.04.09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.04.12 16:27:36 | 001,399,680 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2005.08.18 00:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 E2 B2 4B 0C 5C CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQkVkTMcB&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0
FF - prefs.js..extensions.enabledItems: welcome@toolmin.com:1.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {E634117B-33A8-4C70-8210-198010F03834}:1.0
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.26 22:31:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFSodaReaderPDFConverter@sodapdf.com: C:\Program Files\Soda 3D PDF Reader\FFSodaReaderExt [2012.03.04 00:05:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.20 10:27:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox [2012.05.20 10:28:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.05.20 10:28:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.22 21:41:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.20 23:38:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.20 10:27:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E634117B-33A8-4C70-8210-198010F03834}: C:\Users\USER1\AppData\Roaming\01003.128 [2013.05.08 17:14:47 | 000,000,000 | ---D | M]
 
[2011.08.16 18:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER1\AppData\Roaming\mozilla\Extensions
[2012.07.24 20:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\cg64vhj4.default\extensions
[2011.12.06 13:52:31 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\cg64vhj4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.01.10 22:03:46 | 000,000,000 | ---D | M] (Incredibar Toolbar) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\cg64vhj4.default\extensions\ffxtlbr@incredibar.com
[2012.01.10 22:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\cg64vhj4.default\extensions\staged
[2011.10.16 23:50:47 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\cg64vhj4.default\extensions\welcome@toolmin.com
[2011.10.05 11:35:46 | 000,000,931 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\cg64vhj4.default\searchplugins\conduit.xml
[2012.01.10 22:03:36 | 000,002,203 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\cg64vhj4.default\searchplugins\MyStart Search.xml
[2011.10.27 21:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.24 22:33:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.01.26 22:31:42 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.10.24 22:33:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2013.05.08 17:14:47 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\USER1\APPDATA\ROAMING\01003.128
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.11 15:47:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.11 15:47:33 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.11 15:47:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.16 23:50:47 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2011.11.11 15:47:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.11 15:47:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - Extension: Bflix extension = C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp\1.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (bflix Class) - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Programme\BFlix\bflix.dll (bflix)
O2 - BHO: (Soda 3D PDF Reader Helper) - {2FE0F895-6D1D-4c80-A20D-18E42DE9B631} - C:\Programme\Soda 3D PDF Reader\PDFIEHelper.dll (LULU Software)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Soda 3D PDF Reader Toolbar) - {64C9D46E-8F8B-4158-9780-A6581C7439B1} - C:\Programme\Soda 3D PDF Reader\PDFIEPlugin.dll (LULU Software)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\USER1\AppData\Roaming\toolplugin\toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [noc] C:\Users\USER1\AppData\Roaming\noc\dan.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DDB803B-F5F3-49CA-B9FE-F15D1BFF8A6B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ECE886D-5CAD-4782-8D86-C1244F893B44}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE3D900F-6C92-4032-825A-ED6EA2364909}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{dcf42ee8-ecde-11e0-9357-0016173bcafe}\Shell - "" = AutoRun
O33 - MountPoints2\{dcf42ee8-ecde-11e0-9357-0016173bcafe}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{dcf42efa-ecde-11e0-9357-0016173bcafe}\Shell - "" = AutoRun
O33 - MountPoints2\{dcf42efa-ecde-11e0-9357-0016173bcafe}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fdd78564-edad-11e0-867c-0016173bcafe}\Shell - "" = AutoRun
O33 - MountPoints2\{fdd78564-edad-11e0-867c-0016173bcafe}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.03 19:43:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\USER1\Desktop\OTL.exe
[2013.06.03 12:33:20 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\Malwarebytes
[2013.06.03 12:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.03 12:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.03 12:33:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.03 12:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.03 12:31:08 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Local\Programs
[2013.06.03 12:30:13 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\USER1\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.02 19:35:45 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\USER1\AppData\Roaming\chromebrowser.exe
[2013.06.02 19:35:24 | 000,000,000 | RHSD | C] -- C:\Users\USER1\AppData\Roaming\aaFa3
[2013.06.02 19:35:15 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\noc
[2013.05.22 19:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.22 19:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2013.05.17 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013.05.17 15:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013.05.17 15:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2013.05.15 18:05:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.05.14 13:21:33 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.08 17:14:43 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\01003.128
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\USER1\AppData\Roaming\*.tmp files -> C:\Users\USER1\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.03 19:56:34 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.03 19:44:17 | 000,015,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 19:44:17 | 000,015,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 19:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USER1\Desktop\OTL.exe
[2013.06.03 19:42:55 | 000,000,000 | ---- | M] () -- C:\Users\USER1\defogger_reenable
[2013.06.03 19:35:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.03 19:34:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.03 19:34:19 | 2214,240,256 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.03 19:30:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.03 19:19:18 | 000,050,477 | ---- | M] () -- C:\Users\USER1\Desktop\Defogger.exe
[2013.06.03 12:33:06 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.03 12:30:13 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\USER1\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.02 19:35:10 | 000,274,944 | ---- | M] () -- C:\Users\USER1\9yapgjot7acsk.exe
[2013.06.02 19:35:08 | 000,030,720 | ---- | M] () -- C:\Users\USER1\2wvb79qzp81y4.exe
[2013.05.25 10:54:03 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.05.25 00:19:30 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.17 15:05:02 | 000,000,971 | ---- | M] () -- C:\Users\USER1\Desktop\SpeedFan.lnk
[2013.05.17 15:05:01 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2013.05.17 15:04:08 | 000,000,000 | ---- | M] () -- C:\Users\USER1\Desktop\initdebug.nfo
[2013.05.17 13:53:26 | 000,001,078 | ---- | M] () -- C:\Users\USER1\Desktop\EVEREST Home Edition.lnk
[2013.05.17 13:46:37 | 000,321,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.17 12:57:53 | 000,654,108 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.17 12:57:53 | 000,615,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.17 12:57:53 | 000,129,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.17 12:57:53 | 000,106,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.14 13:21:02 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.13 11:21:07 | 000,007,544 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005271.dll
[2013.05.13 11:21:01 | 000,237,664 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\AcroIEHelpe005271.dll
[2013.05.08 17:15:04 | 000,007,544 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005270.dll
[2013.05.05 12:47:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.05.05 12:47:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.05.05 12:47:36 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\USER1\AppData\Roaming\*.tmp files -> C:\Users\USER1\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.03 19:42:55 | 000,000,000 | ---- | C] () -- C:\Users\USER1\defogger_reenable
[2013.06.03 19:19:17 | 000,050,477 | ---- | C] () -- C:\Users\USER1\Desktop\Defogger.exe
[2013.06.03 12:33:06 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.02 19:35:10 | 000,274,944 | ---- | C] () -- C:\Users\USER1\9yapgjot7acsk.exe
[2013.06.02 19:35:08 | 000,030,720 | ---- | C] () -- C:\Users\USER1\2wvb79qzp81y4.exe
[2013.05.25 10:54:03 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.05.17 15:05:02 | 000,000,971 | ---- | C] () -- C:\Users\USER1\Desktop\SpeedFan.lnk
[2013.05.17 15:04:08 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2013.05.17 15:04:08 | 000,000,000 | ---- | C] () -- C:\Users\USER1\Desktop\initdebug.nfo
[2013.05.13 11:21:07 | 000,007,544 | ---- | C] () -- C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005271.dll
[2013.05.13 11:21:01 | 000,237,664 | ---- | C] () -- C:\Users\USER1\AppData\Roaming\AcroIEHelpe005271.dll
[2013.05.08 17:15:04 | 000,007,544 | ---- | C] () -- C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005270.dll
[2013.04.02 22:42:34 | 000,000,599 | ---- | C] () -- C:\Users\USER1\AppData\Roaming\rost.dat
[2012.10.23 12:03:27 | 000,076,348 | ---- | C] () -- C:\ProgramData\abivsjtuhhunbod
[2012.05.20 10:18:59 | 000,233,507 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011.11.06 22:18:16 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.08.18 14:58:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.08.16 21:18:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.08.16 21:18:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.08.16 21:18:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.08.16 21:18:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.08.16 21:18:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.08.16 21:18:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.08.16 21:18:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.08.16 21:18:56 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.08.16 21:18:56 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.08.16 21:18:56 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.08.16 21:18:56 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.08.16 21:18:56 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.08.16 21:18:56 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.08.16 21:18:56 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.08.16 21:18:56 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.08.16 21:18:56 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.08.16 21:18:56 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.08.16 21:18:56 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.08.16 21:18:56 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.08.16 21:16:11 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2011.08.16 18:43:09 | 000,442,368 | R--- | C] () -- C:\Windows\System32\Cmeaupci.exe
[2011.08.16 18:42:18 | 000,241,664 | ---- | C] () -- C:\Windows\System32\cmrmdrv3.exe
[2011.08.16 18:42:18 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmrmdrv3.dll
[2011.08.16 18:42:12 | 000,065,536 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2011.08.16 18:42:12 | 000,000,501 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.03.01 16:18:22 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\.minecraft
[2013.05.08 17:14:47 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\01003.128
[2013.06.02 19:35:24 | 000,000,000 | RHSD | M] -- C:\Users\USER1\AppData\Roaming\aaFa3
[2012.10.07 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\BitTorrent
[2011.10.02 12:15:01 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\Bytemobile
[2011.10.08 18:50:15 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\DVDVideoSoft
[2012.01.14 14:15:21 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.26 17:19:25 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\LolClient
[2013.06.03 15:22:29 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\noc
[2012.07.20 23:43:03 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\Notepad++
[2011.10.27 21:35:58 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\OpenOffice.org
[2013.06.02 21:30:31 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\PDF Software
[2013.04.02 16:00:29 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\Teeworlds
[2011.08.22 03:34:44 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\temp
[2012.01.15 19:23:45 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\toolplugin
[2013.03.16 20:45:58 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\TS3Client
[2012.02.15 21:41:52 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\ts3overlay
[2013.04.14 11:34:17 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\UsAgt
[2011.10.02 12:15:25 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\Vodafone
[2011.10.02 15:25:59 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\Vodafone Mobile Connect
[2013.05.13 11:21:52 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         


Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 03.06.2013 19:45:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\USER1\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 64,89% Memory free
5,50 Gb Paging File | 4,39 Gb Available in Paging File | 79,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 54,40 Gb Free Space | 36,52% Space Free | Partition Type: NTFS
 
Computer Name: MT7-PC | User Name: USER1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0334813A-691E-4FD1-88FB-0915E59F1C1B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2251BF11-B487-4AB6-BD67-1E8D590F02CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{230314BA-F12C-4C35-8C25-2832B5BC5795}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2869462E-B2D5-4844-A3D9-4E9121BD0209}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{303612EB-1DDD-418E-BABE-7061F71B9DD5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3DDDB1D0-66F9-430D-8918-169D6816032A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D3DCF4C-BD2D-4F44-AEEF-CE15BAC9991E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{55142102-EEEC-48BF-B299-F2651585ADD4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{613F29E3-2179-48F7-8A5E-40E7F9FF7461}" = rport=138 | protocol=17 | dir=out | app=system | 
"{620B2A21-78FC-4437-B57D-F97A6C72D477}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{670BA082-D60E-43C8-A4C7-1CF3048B63F9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6EC3D7D4-1D25-41EF-A86D-220F8706AB89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{74F55D33-3DC5-45C4-A840-88164C519976}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{78A390C9-B7ED-4EF9-8509-BBEC7BF5D3DE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{80869229-842E-4580-8355-87269DED9CDE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8ABCF3FA-1961-4B28-9870-94C56F9DA407}" = lport=57133 | protocol=6 | dir=in | name=pando media booster | 
"{A047E5FE-C65D-44C3-A61C-B66FE1D51286}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A31032ED-EF8F-42EF-AB4C-7489F3412785}" = lport=57133 | protocol=6 | dir=in | name=pando media booster | 
"{A56EFB03-22BE-4671-BCFA-78DC83B78C09}" = lport=57133 | protocol=17 | dir=in | name=pando media booster | 
"{AFF69521-4E66-45D0-9D06-457592460513}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B178BAA3-FC17-4714-AEB3-B5EE336406C8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BC1CF1CC-E5E6-456F-9C20-39E96260DCE4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CBAE5F35-0842-47E5-976A-6C13637A9F44}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E7BF645F-B920-45B7-AAF6-02339215C67D}" = lport=57133 | protocol=17 | dir=in | name=pando media booster | 
"{F41853B4-DBFE-4254-860E-73D930DFF731}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E89CAE-C0CB-4678-AEFE-F87DC2CD6F6B}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars the force unleashed 2\swtfu2.exe | 
"{018ACA99-A9D9-4C71-9AE5-CE5F8FF8ADF5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{11B4C47F-F265-4B68-9AE2-62B9D2530E72}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{168EB602-6E7C-49A1-A168-A6A32A8DF61F}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{24D18681-F41C-4E53-8520-9C9EC8CDC6E1}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{278280D7-B328-4846-9C06-3D15B7D26192}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2783B91A-7030-4132-AA48-E8FCD820D4A5}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars the force unleashed 2\swtfu2.exe | 
"{28377901-B9E8-472E-A75E-277507353DCD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{29F72E16-537B-495C-A73C-2A475C16FE11}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2AE708C4-EFB3-436E-A009-D2B3395C66C1}" = protocol=6 | dir=out | app=system | 
"{2E157471-4FD3-4CC9-87F4-43BC2653F57D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{2FEBF80B-DCD8-461D-9864-D9832A71DDE2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{32201CCA-EB59-4666-B732-ED34BAD2F633}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{325B95BD-7F33-41C8-90E3-3F8FB8134B5F}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{327F4792-23CF-4045-956D-5BA2E858B118}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{38EFADAF-64CA-4006-9E86-FBBA01459028}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3EF40341-1112-4F21-A2C3-46B26F808E82}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{404AE62C-F9AF-4F74-BB8E-0CA5E113F021}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{42730ECB-9428-4C32-8F3D-3B7DAF3C02AA}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{47FEDBB5-A38F-418B-80E3-C61EF1E4C395}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{4942FF6B-4266-4EA3-912F-D99AEC5CE3AA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{4A43E85E-97F8-4104-AB92-F17FB6FFEC15}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe | 
"{4C9F823B-304D-45A9-94B7-FC7381C74996}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{4DA1166B-EBDB-471B-8A6D-71AD7A98E21F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{51A1FBC4-8F6D-4A1B-8B46-2E9D96477098}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{5782E9BA-4C41-40C5-AC9C-6B31646F3CA4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{5C364372-FC19-481D-B6D0-26B6C256C408}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5DA906D1-3642-4C9B-8909-6552073885C9}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{5E4C1D35-747E-4F70-A693-0012903738DD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{633ABA89-C018-4EBE-966C-FB45506749AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6A15AD97-B535-4483-ABB1-B021FB7116C2}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{7038A9F3-CA4A-4B8C-ABF9-9A75C4344050}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{7136D1FD-07FB-41BC-B185-ABB250596D56}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{7B6E22F4-09E3-43A9-9CB0-D6EFEC7BF15A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7D26674F-44E8-47AF-B76A-0A646AA25C71}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{7F202755-73B9-42E5-B8A4-0074D7B475E7}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{7FC4EF48-19D1-4A85-ADBC-5FB8B8DCB8EC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{801AA570-C94B-4D46-90E2-52D14B976097}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8712C6E0-26E4-45E8-BBC8-A84A013E8A28}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{87134543-DF80-4096-93D5-E074C6AB621F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{8EEDE076-A70F-4C3A-990D-AF946CCC3B53}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{92942E4A-41BF-4330-B5A9-4C7AE640ED2E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{9A3187A0-EFFD-4952-8915-7483BCF4C20E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A83D42EB-5709-4EF7-B2EF-220BBA80E4E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A9DE0659-21AE-42C6-BD64-60BA2837F066}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{AB9981E1-1A9B-4A82-B130-F2FA2DD92617}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{ADF834AC-BEBD-49BC-B8B2-87E66AFE01E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B37F6966-DFA0-4960-A0BA-3FEE2A5CE0DA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{B4CAE5D8-D194-4E44-A8A4-1B6B1E572CE0}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{B5FC7F5A-0556-4737-91B3-55A5B99E58CD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{B93EDE24-5748-4497-B6C6-C64F3E66E2D8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{BCDBD746-CB43-4725-B98C-632667F22784}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C09AEC6A-06B6-4043-B854-AD59500812B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C1170972-839D-4D38-8BD6-D8ABBB74856F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{C42A45B6-0854-4B1A-860E-2BBDEB115211}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe | 
"{C45B99B8-0333-42C4-A960-6E1BA550ED75}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C882BE0A-E819-4441-8359-83345FB5A270}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{CF65F4B2-17E5-4D46-A8D4-A1233B462009}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D10E5746-632B-4B56-8152-176D6A78330C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{D48F6A72-A3F4-4641-B112-413B39F1AA56}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{D9F20DB8-C30D-40A9-A5D4-0F275D825030}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DEF833F8-0A45-434D-9046-C4D0012BD0C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E0F3B602-77FD-4309-984E-49698CEB7E50}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{F2D7359C-FDD5-4762-AF01-1E62C5262C49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA94BE6A-1EAB-411B-A7BC-F57171E353EA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{FB1C3229-3782-48DC-B27A-FDBED21F7ACD}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{FDFB311B-2B35-4E92-945E-4AE246A8DE92}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"TCP Query User{03ED5597-4EC7-4163-99AA-22FAC850BCA2}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{0BCBF953-8B22-4FF5-891E-EFA996F6B8AE}C:\call of duty modern warfare 2 - kopie\iw4sp.exe" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4sp.exe | 
"TCP Query User{1EF1117B-A16C-440E-8095-C29D5A798EF5}C:\call of duty modern warfare 2 - kopie\iw4mp.dat" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.dat | 
"TCP Query User{2E15D928-FD38-446C-ABDE-888E8FA22246}C:\call of duty modern warfare 2 - kopie\iw4mp.exe" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.exe | 
"TCP Query User{36055596-1E56-45A0-859A-399832570ACA}C:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe | 
"TCP Query User{69C8768A-653C-410A-880C-BE4FCEAD0329}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{755DD6F2-F503-4171-BC15-D06A8E856787}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{85078C5E-EB0C-476A-AFC0-C35C3299B368}C:\call of duty modern warfare 2 - kopie\iw4sp.exe" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4sp.exe | 
"TCP Query User{93446E65-59C7-4A04-925D-CF09EDBBA47C}C:\call of duty modern warfare 2 - kopie\iw4mp.dat" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.dat | 
"TCP Query User{A7577759-26A0-434F-B4B3-4ADA08E8AF8D}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{B1BE2A1A-4982-4AFD-B20E-213465A8B230}C:\users\user1\desktop\teeworlds1\teeworlds\teeworlds 0.6\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\user1\desktop\teeworlds1\teeworlds\teeworlds 0.6\teeworlds_srv.exe | 
"TCP Query User{CE9C13A7-F71D-49AF-A24E-A11903265B7A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{D1C8C986-E126-4B5D-BDB0-E10084AEC963}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{EC5D1478-C65B-42C2-838F-80D6F81E8667}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{F953989D-F0FA-44D7-9F03-4517DB472649}C:\call of duty modern warfare 2 - kopie\iw4mp.exe" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.exe | 
"UDP Query User{0BFCD941-1AFD-4AD2-BA14-A3DB81A174E7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{2DF6D60C-7E65-48DE-8245-FCF7237765A2}C:\call of duty modern warfare 2 - kopie\iw4mp.dat" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.dat | 
"UDP Query User{5422A819-8624-45BC-BCF3-D66FD2067ED6}C:\call of duty modern warfare 2 - kopie\iw4mp.dat" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.dat | 
"UDP Query User{575F8106-744F-42AC-979F-ABE4210A5B2F}C:\call of duty modern warfare 2 - kopie\iw4sp.exe" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4sp.exe | 
"UDP Query User{6321C670-2D79-4CF6-AFEE-498EFFA53CD4}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{6BDC34EA-3836-4AA8-8F6A-119815646533}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{8AE22133-F51C-4970-92F3-04236351929A}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{A7F95BE5-3647-4EBB-9627-ED880F176E7C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{ADAA683C-6D7D-4505-A64B-6398893D0E9E}C:\users\user1\desktop\teeworlds1\teeworlds\teeworlds 0.6\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\user1\desktop\teeworlds1\teeworlds\teeworlds 0.6\teeworlds_srv.exe | 
"UDP Query User{D2E35A77-AB37-4CBB-891E-ED112856F621}C:\call of duty modern warfare 2 - kopie\iw4mp.exe" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.exe | 
"UDP Query User{D3520711-9DE9-4CDD-B280-8C32530ECF31}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{DC3FC0EE-7655-4703-90AF-52890B381CFB}C:\call of duty modern warfare 2 - kopie\iw4sp.exe" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4sp.exe | 
"UDP Query User{DFE3E643-F86E-49A9-BE4A-57F4841FB260}C:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe | 
"UDP Query User{E2AA8BB1-9651-4ABD-B63C-9184AFC83A74}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{F0558651-CC19-49D6-AC0C-3E4AB2F742F1}C:\call of duty modern warfare 2 - kopie\iw4mp.exe" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0B2BEE05-FB82-49AB-A23B-32BB8FAC79FC}" = S4 League_EU
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1CBB6DE3-43F0-409D-8DD3-0171B498DE01}" = Soda 3D PDF Reader
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A147FD6E-32F2-4009-BDC9-8B4E2B1B21EB}" = Microsoft Search Enhancement Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFlix" = BFlix
"BitTorrent" = BitTorrent
"C-Media PCI Audio Driver" = Aureon 5.1 PCI
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"DivX Setup" = DivX-Setup
"Elsword_DE_is1" = Elsword_DE
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"incredibar" = Incredibar Toolbar  on IE and Chrome
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PowerISO" = PowerISO
"Shop for HP Supplies" = Shop for HP Supplies
"SpeedFan" = SpeedFan (remove only)
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"toolplugin" = toolplugin
"WinRAR archiver" = WinRAR 4.10 beta 5 (32-bit)
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JNLP" = JNLP
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.05.2013 12:46:14 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 26.05.2013 19:29:04 | Computer Name = MT7-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 10.0.9200.16576 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1d60    Startzeit: 01ce5a684da3d633    Endzeit: 466    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 27.05.2013 07:09:50 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\alaplaya\S4League\Aegis64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.05.2013 07:10:47 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 01.06.2013 05:15:29 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\alaplaya\S4League\Aegis64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.06.2013 05:16:22 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 01.06.2013 08:26:38 | Computer Name = MT7-PC | Source = Application Hang | ID = 1002
Description = Programm League of Legends.exe, Version 3.7.0.328 kann nicht mehr 
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 6f4    Startzeit: 01ce5ec2eb5ed309    Endzeit: 81    Anwendungspfad: 
C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.232\deploy\League
 of Legends.exe    Berichts-ID: 3cec4427-cab6-11e2-862c-0016173bcafe  
 
Error - 03.06.2013 05:56:38 | Computer Name = MT7-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 10.0.9200.16576 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 554    Startzeit: 01ce603f67a9f4bf    Endzeit: 0    Anwendungspfad: C:\Program
 Files\Internet Explorer\iexplore.exe    Berichts-ID: d3b54431-cc33-11e2-8360-0016173bcafe

 
Error - 03.06.2013 06:36:29 | Computer Name = MT7-PC | Source = Application Hang | ID = 1002
Description = Programm mbam-setup-1.75.0.1300.tmp, Version 51.52.0.0 kann nicht 
mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 498    Startzeit: 01ce6045698a6225    Endzeit: 91    Anwendungspfad: 
C:\Users\USER1\AppData\Local\Temp\is-CFK4M.tmp\mbam-setup-1.75.0.1300.tmp    Berichts-ID:
   
 
Error - 03.06.2013 13:14:40 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\alaplaya\S4League\Aegis64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 03.06.2013 13:37:34 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 03.06.2013 13:38:40 | Computer Name = MT7-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 03.06.2013 13:38:40 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 03.06.2013 13:38:40 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 03.06.2013 13:38:43 | Computer Name = MT7-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 03.06.2013 13:38:44 | Computer Name = MT7-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 03.06.2013 13:38:43 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 03.06.2013 13:38:43 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 03.06.2013 13:38:44 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 03.06.2013 13:38:44 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
 
< End of report >
         


Zu Schritt drei von der Anleitung: Ich habe die GMER-Datei ausgeführt und alle Häkchen wie beschrieben weggemacht, jedoch blieb es bei der Datei/dem Pfad die man im ScreenShot sieht hängen. (Oder habe ich es doch Missverstanden und falsch angekreuzt?)
Oder kann es sein, dass es normal ist, dass der Scan an bestimmten Pfaden/Daten länger braucht als 3-10 Minuten?



Wie auch immer, ich würde mich freuen wenn ich hier etwas Hilfe bekommen könnte.

P.S.: Kein Fachchinesisch bitte, mein Wissen mit so etwas und auch damit, was ich hier reinkopieren sollte, ist gleich null.

/Edit: Nach dem Fix vom OTL.exe und nach dem Neustart sollte ich die Textdatei hier in den Thread kopieren:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\noc deleted successfully.
C:\Users\USER1\AppData\Roaming\noc\dan.bat moved successfully.
C:\Users\USER1\AppData\Roaming\chromebrowser.exe moved successfully.
C:\Users\USER1\AppData\Roaming\aaFa3 folder moved successfully.
C:\Users\USER1\AppData\Roaming\01003.128\components folder moved successfully.
C:\Users\USER1\AppData\Roaming\01003.128 folder moved successfully.
C:\Users\USER1\9yapgjot7acsk.exe moved successfully.
C:\Users\USER1\2wvb79qzp81y4.exe moved successfully.
C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005271.dll moved successfully.
C:\Users\USER1\AppData\Roaming\AcroIEHelpe005271.dll moved successfully.
========== FILES ==========
C:\Users\USER1\AppData\Roaming\noc folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: USER1
->Temp folder emptied: 2934734262 bytes
->Temporary Internet Files folder emptied: 49844819 bytes
->Java cache emptied: 146442 bytes
->FireFox cache emptied: 130327740 bytes
->Google Chrome cache emptied: 448919671 bytes
->Flash cache emptied: 810 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 683769940 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 4.051,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06032013_231458

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Angehängte Grafiken
Dateityp: png GMER-Problem.png (67,2 KB, 147x aufgerufen)

Geändert von Joker2010 (03.06.2013 um 22:36 Uhr)

Alt 03.06.2013, 21:59   #2
markusg
/// Malware-holic
 
Internet Explorer öffnet sich selbstständig. - Standard

Internet Explorer öffnet sich selbstständig.



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [noc] C:\Users\USER1\AppData\Roaming\noc\dan.bat ()
[2013.06.02 19:35:45 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\USER1\AppData\Roaming\chromebrowser.exe
[2013.06.02 19:35:24 | 000,000,000 | RHSD | C] -- C:\Users\USER1\AppData\Roaming\aaFa3
[2013.05.08 17:14:43 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\01003.128
[2013.06.02 19:35:10 | 000,274,944 | ---- | M] () -- C:\Users\USER1\9yapgjot7acsk.exe
[2013.06.02 19:35:08 | 000,030,720 | ---- | M] () -- C:\Users\USER1\2wvb79qzp81y4.exe
[2013.05.13 11:21:07 | 000,007,544 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005271.dll
[2013.05.13 11:21:01 | 000,237,664 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\AcroIEHelpe005271.dll
:files
C:\Users\USER1\AppData\Roaming\noc
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 03.06.2013, 22:47   #3
Joker2010
 
Internet Explorer öffnet sich selbstständig. - Standard

Internet Explorer öffnet sich selbstständig.



Nein, klappt gerade nicht ohne Probleme, denn:
MovedFiles Ordner -> Rechtsklick -> Senden an -> ZIP-komprimierter Ordner
Und dann kommt folgende Fehlermeldung mit dem Überschrift "ZIP-komprimierte Ordner - Fehler" in der folgendes steht: "Datei nicht gefunden oder keine Leseberechtigung."
Zudem schlägt immer mein Antivirus Programm zu, wenn ich dies wiederhole, jedoch ignoriere ich es einfach.
__________________

Alt 04.06.2013, 11:16   #4
markusg
/// Malware-holic
 
Internet Explorer öffnet sich selbstständig. - Standard

Internet Explorer öffnet sich selbstständig.



Hi
packe noch mal, lass avira das gefundene löschen, lad den Rest hoch
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.06.2013, 12:16   #5
Joker2010
 
Internet Explorer öffnet sich selbstständig. - Standard

Internet Explorer öffnet sich selbstständig.



Okay, danke für den Tipp, diesmal hat's super geklappt mit dem Komprimieren und Hochladen.


Alt 04.06.2013, 12:19   #6
markusg
/// Malware-holic
 
Internet Explorer öffnet sich selbstständig. - Standard

Internet Explorer öffnet sich selbstständig.



Ich danke.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Internet Explorer öffnet sich selbstständig.

Alt 04.06.2013, 12:44   #7
Joker2010
 
Internet Explorer öffnet sich selbstständig. - Standard

Internet Explorer öffnet sich selbstständig.



Okay, hab es einmal durchlaufen lassen und die Textdatei unter C:\ gefunden.

Code:
ATTFilter
13:31:05.0464 4744  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:31:05.0726 4744  ============================================================
13:31:05.0726 4744  Current date / time: 2013/06/04 13:31:05.0726
13:31:05.0726 4744  SystemInfo:
13:31:05.0726 4744  
13:31:05.0726 4744  OS Version: 6.1.7601 ServicePack: 1.0
13:31:05.0726 4744  Product type: Workstation
13:31:05.0726 4744  ComputerName: MT7-PC
13:31:05.0726 4744  UserName: USER1
13:31:05.0726 4744  Windows directory: C:\Windows
13:31:05.0726 4744  System windows directory: C:\Windows
13:31:05.0726 4744  Processor architecture: Intel x86
13:31:05.0726 4744  Number of processors: 1
13:31:05.0726 4744  Page size: 0x1000
13:31:05.0726 4744  Boot type: Normal boot
13:31:05.0726 4744  ============================================================
13:31:07.0532 4744  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:31:07.0536 4744  ============================================================
13:31:07.0536 4744  \Device\Harddisk0\DR0:
13:31:07.0540 4744  MBR partitions:
13:31:07.0540 4744  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:31:07.0540 4744  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
13:31:07.0540 4744  ============================================================
13:31:07.0565 4744  C: <-> \Device\Harddisk0\DR0\Partition2
13:31:07.0565 4744  ============================================================
13:31:07.0565 4744  Initialize success
13:31:07.0565 4744  ============================================================
13:34:16.0188 5640  ============================================================
13:34:16.0188 5640  Scan started
13:34:16.0188 5640  Mode: Manual; SigCheck; TDLFS; 
13:34:16.0188 5640  ============================================================
13:34:17.0084 5640  ================ Scan system memory ========================
13:34:17.0084 5640  System memory - ok
13:34:17.0088 5640  ================ Scan services =============================
13:34:17.0268 5640  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:34:17.0454 5640  1394ohci - ok
13:34:17.0516 5640  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:34:17.0543 5640  ACPI - ok
13:34:17.0596 5640  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:34:17.0688 5640  AcpiPmi - ok
13:34:17.0788 5640  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:34:17.0817 5640  AdobeFlashPlayerUpdateSvc - ok
13:34:17.0889 5640  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:34:17.0948 5640  adp94xx - ok
13:34:17.0995 5640  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:34:18.0036 5640  adpahci - ok
13:34:18.0061 5640  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:34:18.0098 5640  adpu320 - ok
13:34:18.0147 5640  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:34:18.0213 5640  AeLookupSvc - ok
13:34:18.0280 5640  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
13:34:18.0362 5640  AFD - ok
13:34:18.0403 5640  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
13:34:18.0440 5640  agp440 - ok
13:34:18.0493 5640  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
13:34:18.0532 5640  aic78xx - ok
13:34:18.0583 5640  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
13:34:18.0653 5640  ALG - ok
13:34:18.0713 5640  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:34:18.0745 5640  aliide - ok
13:34:18.0793 5640  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:34:18.0823 5640  amdagp - ok
13:34:18.0844 5640  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:34:18.0875 5640  amdide - ok
13:34:18.0916 5640  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:34:18.0977 5640  AmdK8 - ok
13:34:19.0012 5640  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:34:19.0067 5640  AmdPPM - ok
13:34:19.0137 5640  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:34:19.0168 5640  amdsata - ok
13:34:19.0223 5640  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:34:19.0272 5640  amdsbs - ok
13:34:19.0313 5640  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:34:19.0342 5640  amdxata - ok
13:34:19.0637 5640  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:34:19.0657 5640  AntiVirSchedulerService - ok
13:34:19.0773 5640  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:34:19.0791 5640  AntiVirService - ok
13:34:19.0830 5640  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
13:34:19.0984 5640  AppID - ok
13:34:20.0017 5640  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:34:20.0101 5640  AppIDSvc - ok
13:34:20.0175 5640  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
13:34:20.0232 5640  Appinfo - ok
13:34:20.0345 5640  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:34:20.0382 5640  Apple Mobile Device - ok
13:34:20.0417 5640  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:34:20.0492 5640  AppMgmt - ok
13:34:20.0531 5640  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:34:20.0568 5640  arc - ok
13:34:20.0597 5640  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:34:20.0642 5640  arcsas - ok
13:34:20.0685 5640  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:34:20.0799 5640  AsyncMac - ok
13:34:20.0844 5640  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
13:34:20.0868 5640  atapi - ok
13:34:20.0936 5640  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:34:21.0002 5640  AudioEndpointBuilder - ok
13:34:21.0036 5640  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:34:21.0090 5640  Audiosrv - ok
13:34:21.0166 5640  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
13:34:21.0227 5640  avgntflt - ok
13:34:21.0291 5640  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
13:34:21.0327 5640  avipbb - ok
13:34:21.0358 5640  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
13:34:21.0389 5640  avkmgr - ok
13:34:21.0450 5640  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:34:21.0540 5640  AxInstSV - ok
13:34:21.0600 5640  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
13:34:21.0684 5640  b06bdrv - ok
13:34:21.0733 5640  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
13:34:21.0783 5640  b57nd60x - ok
13:34:21.0851 5640  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:34:21.0923 5640  BDESVC - ok
13:34:21.0953 5640  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:34:22.0013 5640  Beep - ok
13:34:22.0060 5640  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
13:34:22.0126 5640  BFE - ok
13:34:22.0173 5640  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
13:34:22.0242 5640  BITS - ok
13:34:22.0273 5640  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:34:22.0322 5640  blbdrive - ok
13:34:22.0441 5640  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:34:22.0476 5640  Bonjour Service - ok
13:34:22.0521 5640  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:34:22.0587 5640  bowser - ok
13:34:22.0619 5640  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:34:22.0708 5640  BrFiltLo - ok
13:34:22.0730 5640  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:34:22.0789 5640  BrFiltUp - ok
13:34:22.0835 5640  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
13:34:22.0898 5640  Browser - ok
13:34:22.0955 5640  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:34:23.0041 5640  Brserid - ok
13:34:23.0068 5640  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:34:23.0119 5640  BrSerWdm - ok
13:34:23.0146 5640  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:34:23.0197 5640  BrUsbMdm - ok
13:34:23.0224 5640  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:34:23.0271 5640  BrUsbSer - ok
13:34:23.0302 5640  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:34:23.0353 5640  BTHMODEM - ok
13:34:23.0408 5640  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
13:34:23.0484 5640  bthserv - ok
13:34:23.0521 5640  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:34:23.0582 5640  cdfs - ok
13:34:23.0675 5640  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
13:34:23.0738 5640  cdrom - ok
13:34:23.0802 5640  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
13:34:23.0855 5640  CertPropSvc - ok
13:34:23.0904 5640  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:34:23.0943 5640  circlass - ok
13:34:23.0974 5640  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
13:34:24.0001 5640  CLFS - ok
13:34:24.0072 5640  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:34:24.0105 5640  clr_optimization_v2.0.50727_32 - ok
13:34:24.0218 5640  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:34:24.0255 5640  clr_optimization_v4.0.30319_32 - ok
13:34:24.0285 5640  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:34:24.0316 5640  CmBatt - ok
13:34:24.0349 5640  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:34:24.0378 5640  cmdide - ok
13:34:24.0466 5640  [ DBF0577D5F34A1523EFB844BE262F8F9 ] cmuda3          C:\Windows\system32\drivers\cmudax3.sys
13:34:24.0595 5640  cmuda3 ( UnsignedFile.Multi.Generic ) - warning
13:34:24.0595 5640  cmuda3 - detected UnsignedFile.Multi.Generic (1)
13:34:24.0652 5640  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
13:34:24.0718 5640  CNG - ok
13:34:24.0748 5640  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:34:24.0781 5640  Compbatt - ok
13:34:24.0859 5640  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:34:24.0906 5640  CompositeBus - ok
13:34:24.0931 5640  COMSysApp - ok
13:34:24.0958 5640  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:34:24.0992 5640  crcdisk - ok
13:34:25.0068 5640  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:34:25.0132 5640  CryptSvc - ok
13:34:25.0191 5640  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
13:34:25.0277 5640  CSC - ok
13:34:25.0324 5640  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
13:34:25.0369 5640  CscService - ok
13:34:25.0412 5640  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:34:25.0478 5640  DcomLaunch - ok
13:34:25.0541 5640  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:34:25.0621 5640  defragsvc - ok
13:34:25.0683 5640  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:34:25.0750 5640  DfsC - ok
13:34:25.0828 5640  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:34:25.0886 5640  Dhcp - ok
13:34:25.0921 5640  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
13:34:25.0988 5640  discache - ok
13:34:26.0037 5640  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:34:26.0070 5640  Disk - ok
13:34:26.0125 5640  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:34:26.0179 5640  Dnscache - ok
13:34:26.0232 5640  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:34:26.0306 5640  dot3svc - ok
13:34:26.0373 5640  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
13:34:26.0429 5640  Dot4 - ok
13:34:26.0472 5640  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:34:26.0521 5640  Dot4Print - ok
13:34:26.0554 5640  [ CF491FF38D62143203C065260567E2F7 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
13:34:26.0615 5640  dot4usb - ok
13:34:26.0667 5640  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
13:34:26.0730 5640  DPS - ok
13:34:26.0789 5640  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:34:26.0835 5640  drmkaud - ok
13:34:26.0892 5640  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:34:26.0947 5640  DXGKrnl - ok
13:34:27.0001 5640  EagleXNt - ok
13:34:27.0035 5640  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
13:34:27.0099 5640  EapHost - ok
13:34:27.0216 5640  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
13:34:27.0382 5640  ebdrv - ok
13:34:27.0423 5640  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
13:34:27.0482 5640  EFS - ok
13:34:27.0552 5640  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:34:27.0638 5640  ehRecvr - ok
13:34:27.0669 5640  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
13:34:27.0738 5640  ehSched - ok
13:34:27.0796 5640  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:34:27.0847 5640  elxstor - ok
13:34:27.0875 5640  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:34:27.0923 5640  ErrDev - ok
13:34:27.0980 5640  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
13:34:28.0041 5640  EventSystem - ok
13:34:28.0160 5640  [ 76984D46B2ABAA46F8B3FCEF82C9217D ] EverestDriver   C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
13:34:28.0169 5640  EverestDriver ( UnsignedFile.Multi.Generic ) - warning
13:34:28.0169 5640  EverestDriver - detected UnsignedFile.Multi.Generic (1)
13:34:28.0244 5640  [ 0F40E249E4DD0CE47C7CA19C5C8FB48A ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
13:34:28.0302 5640  ewusbnet - ok
13:34:28.0330 5640  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
13:34:28.0396 5640  exfat - ok
13:34:28.0431 5640  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:34:28.0503 5640  fastfat - ok
13:34:28.0578 5640  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
13:34:28.0636 5640  Fax - ok
13:34:28.0679 5640  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:34:28.0755 5640  fdc - ok
13:34:28.0796 5640  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
13:34:28.0839 5640  fdPHost - ok
13:34:28.0857 5640  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
13:34:28.0917 5640  FDResPub - ok
13:34:28.0968 5640  [ F5CB6CB6D12F495516BE27CFFCCDE4BF ] FETNDIS         C:\Windows\system32\DRIVERS\fetnd6.sys
13:34:29.0015 5640  FETNDIS - ok
13:34:29.0046 5640  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:34:29.0080 5640  FileInfo - ok
13:34:29.0113 5640  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:34:29.0177 5640  Filetrace - ok
13:34:29.0210 5640  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:34:29.0261 5640  flpydisk - ok
13:34:29.0308 5640  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:34:29.0357 5640  FltMgr - ok
13:34:29.0437 5640  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
13:34:29.0521 5640  FontCache - ok
13:34:29.0589 5640  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:34:29.0615 5640  FontCache3.0.0.0 - ok
13:34:29.0666 5640  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:34:29.0701 5640  FsDepends - ok
13:34:29.0742 5640  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:34:29.0769 5640  Fs_Rec - ok
13:34:29.0824 5640  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:34:29.0853 5640  fvevol - ok
13:34:29.0896 5640  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:34:29.0927 5640  gagp30kx - ok
13:34:29.0988 5640  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:34:30.0015 5640  GEARAspiWDM - ok
13:34:30.0076 5640  [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio          C:\Windows\system32\giveio.sys
13:34:30.0109 5640  giveio ( UnsignedFile.Multi.Generic ) - warning
13:34:30.0109 5640  giveio - detected UnsignedFile.Multi.Generic (1)
13:34:30.0162 5640  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:34:30.0253 5640  gpsvc - ok
13:34:30.0384 5640  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
13:34:30.0402 5640  gupdate - ok
13:34:30.0429 5640  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:34:30.0447 5640  gupdatem - ok
13:34:30.0517 5640  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:34:30.0566 5640  gusvc - ok
13:34:30.0625 5640  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
13:34:30.0654 5640  hamachi - ok
13:34:30.0767 5640  [ FAC31204987B0BC037938DCEBFAAAE6F ] Hamachi2Svc     C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
13:34:30.0847 5640  Hamachi2Svc - ok
13:34:30.0894 5640  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:34:30.0957 5640  hcw85cir - ok
13:34:31.0037 5640  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:34:31.0113 5640  HdAudAddService - ok
13:34:31.0158 5640  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:34:31.0218 5640  HDAudBus - ok
13:34:31.0253 5640  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:34:31.0298 5640  HidBatt - ok
13:34:31.0333 5640  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:34:31.0398 5640  HidBth - ok
13:34:31.0431 5640  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:34:31.0466 5640  HidIr - ok
13:34:31.0498 5640  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
13:34:31.0566 5640  hidserv - ok
13:34:31.0636 5640  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:34:31.0666 5640  HidUsb - ok
13:34:31.0720 5640  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:34:31.0773 5640  hkmsvc - ok
13:34:31.0816 5640  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:34:31.0879 5640  HomeGroupListener - ok
13:34:31.0930 5640  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:34:31.0981 5640  HomeGroupProvider - ok
13:34:32.0135 5640  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:34:32.0438 5640  hpqcxs08 - ok
13:34:32.0463 5640  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:34:32.0487 5640  hpqddsvc - ok
13:34:32.0540 5640  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:34:32.0575 5640  HpSAMD - ok
13:34:32.0670 5640  [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
13:34:32.0696 5640  HPSLPSVC - ok
13:34:32.0754 5640  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:34:32.0803 5640  HTTP - ok
13:34:32.0868 5640  [ 92CA47DA32009CCC00A5ADED04ABBD78 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:34:32.0942 5640  hwdatacard - ok
13:34:32.0983 5640  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:34:33.0004 5640  hwpolicy - ok
13:34:33.0053 5640  [ 089085538885367E281686762A973EB5 ] hwusbfake       C:\Windows\system32\DRIVERS\ewusbfake.sys
13:34:33.0118 5640  hwusbfake - ok
13:34:33.0178 5640  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:34:33.0233 5640  i8042prt - ok
13:34:33.0268 5640  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:34:33.0317 5640  iaStorV - ok
13:34:33.0405 5640  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:34:33.0514 5640  idsvc - ok
13:34:33.0557 5640  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:34:33.0586 5640  iirsp - ok
13:34:33.0649 5640  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:34:33.0715 5640  IKEEXT - ok
13:34:33.0758 5640  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:34:33.0788 5640  intelide - ok
13:34:33.0831 5640  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:34:33.0874 5640  intelppm - ok
13:34:33.0918 5640  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:34:33.0975 5640  IPBusEnum - ok
13:34:33.0999 5640  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:34:34.0063 5640  IpFilterDriver - ok
13:34:34.0137 5640  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:34:34.0227 5640  iphlpsvc - ok
13:34:34.0270 5640  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:34:34.0321 5640  IPMIDRV - ok
13:34:34.0352 5640  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:34:34.0405 5640  IPNAT - ok
13:34:34.0461 5640  [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:34:34.0491 5640  iPod Service - ok
13:34:34.0538 5640  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:34:34.0614 5640  IRENUM - ok
13:34:34.0641 5640  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:34:34.0674 5640  isapnp - ok
13:34:34.0721 5640  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:34:34.0764 5640  iScsiPrt - ok
13:34:34.0811 5640  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:34:34.0840 5640  kbdclass - ok
13:34:34.0877 5640  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:34:34.0926 5640  kbdhid - ok
13:34:34.0956 5640  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
13:34:34.0983 5640  KeyIso - ok
13:34:35.0030 5640  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:34:35.0061 5640  KSecDD - ok
13:34:35.0112 5640  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:34:35.0145 5640  KSecPkg - ok
13:34:35.0186 5640  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:34:35.0270 5640  KtmRm - ok
13:34:35.0313 5640  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:34:35.0375 5640  LanmanServer - ok
13:34:35.0444 5640  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:34:35.0512 5640  LanmanWorkstation - ok
13:34:35.0569 5640  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:34:35.0637 5640  lltdio - ok
13:34:35.0698 5640  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:34:35.0791 5640  lltdsvc - ok
13:34:35.0823 5640  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:34:35.0885 5640  lmhosts - ok
13:34:35.0946 5640  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:34:35.0991 5640  LSI_FC - ok
13:34:36.0016 5640  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:34:36.0051 5640  LSI_SAS - ok
13:34:36.0083 5640  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:34:36.0114 5640  LSI_SAS2 - ok
13:34:36.0139 5640  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:34:36.0174 5640  LSI_SCSI - ok
13:34:36.0208 5640  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
13:34:36.0249 5640  luafv - ok
13:34:36.0309 5640  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:34:36.0340 5640  MBAMProtector - ok
13:34:36.0436 5640  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:34:36.0479 5640  MBAMScheduler - ok
13:34:36.0536 5640  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:34:36.0584 5640  MBAMService - ok
13:34:36.0631 5640  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:34:36.0670 5640  Mcx2Svc - ok
13:34:36.0709 5640  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:34:36.0747 5640  megasas - ok
13:34:36.0821 5640  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:34:36.0866 5640  MegaSR - ok
13:34:36.0905 5640  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
13:34:36.0969 5640  MMCSS - ok
13:34:36.0999 5640  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
13:34:37.0059 5640  Modem - ok
13:34:37.0112 5640  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:34:37.0155 5640  monitor - ok
13:34:37.0192 5640  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:34:37.0223 5640  mouclass - ok
13:34:37.0250 5640  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:34:37.0295 5640  mouhid - ok
13:34:37.0333 5640  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:34:37.0358 5640  mountmgr - ok
13:34:37.0413 5640  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:34:37.0450 5640  mpio - ok
13:34:37.0479 5640  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:34:37.0551 5640  mpsdrv - ok
13:34:37.0618 5640  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:34:37.0723 5640  MpsSvc - ok
13:34:37.0766 5640  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:34:37.0883 5640  MRxDAV - ok
13:34:37.0930 5640  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:34:38.0004 5640  mrxsmb - ok
13:34:38.0038 5640  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:34:38.0094 5640  mrxsmb10 - ok
13:34:38.0135 5640  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:34:38.0182 5640  mrxsmb20 - ok
13:34:38.0223 5640  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
13:34:38.0254 5640  msahci - ok
13:34:38.0354 5640  [ D98350792A7CE82E7459A7C36481BEDA ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS32.exe
13:34:38.0395 5640  MSCamSvc - ok
13:34:38.0422 5640  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:34:38.0459 5640  msdsm - ok
13:34:38.0491 5640  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
13:34:38.0551 5640  MSDTC - ok
13:34:38.0608 5640  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:34:38.0661 5640  Msfs - ok
13:34:38.0686 5640  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:34:38.0756 5640  mshidkmdf - ok
13:34:38.0793 5640  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:34:38.0821 5640  msisadrv - ok
13:34:38.0868 5640  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:34:38.0928 5640  MSiSCSI - ok
13:34:38.0944 5640  msiserver - ok
13:34:38.0985 5640  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:34:39.0030 5640  MSKSSRV - ok
13:34:39.0053 5640  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:34:39.0114 5640  MSPCLOCK - ok
13:34:39.0129 5640  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:34:39.0196 5640  MSPQM - ok
13:34:39.0227 5640  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:34:39.0264 5640  MsRPC - ok
13:34:39.0315 5640  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:34:39.0336 5640  mssmbios - ok
13:34:39.0358 5640  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:34:39.0416 5640  MSTEE - ok
13:34:39.0440 5640  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:34:39.0487 5640  MTConfig - ok
13:34:39.0520 5640  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:34:39.0549 5640  Mup - ok
13:34:39.0606 5640  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
13:34:39.0653 5640  napagent - ok
13:34:39.0709 5640  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:34:39.0770 5640  NativeWifiP - ok
13:34:39.0856 5640  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:34:39.0891 5640  NDIS - ok
13:34:39.0928 5640  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:34:39.0983 5640  NdisCap - ok
13:34:40.0010 5640  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:34:40.0075 5640  NdisTapi - ok
13:34:40.0141 5640  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:34:40.0186 5640  Ndisuio - ok
13:34:40.0239 5640  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:34:40.0290 5640  NdisWan - ok
13:34:40.0329 5640  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:34:40.0393 5640  NDProxy - ok
13:34:40.0467 5640  [ 80B7A96F908DA13617E7E6832C5C6A64 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:34:40.0487 5640  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:34:40.0487 5640  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:34:40.0528 5640  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:34:40.0590 5640  NetBIOS - ok
13:34:40.0635 5640  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:34:40.0696 5640  NetBT - ok
13:34:40.0727 5640  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
13:34:40.0756 5640  Netlogon - ok
13:34:40.0805 5640  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
13:34:40.0874 5640  Netman - ok
13:34:40.0915 5640  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
13:34:40.0967 5640  netprofm - ok
13:34:41.0014 5640  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:34:41.0049 5640  NetTcpPortSharing - ok
13:34:41.0086 5640  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:34:41.0118 5640  nfrd960 - ok
13:34:41.0174 5640  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:34:41.0225 5640  NlaSvc - ok
13:34:41.0260 5640  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:34:41.0309 5640  Npfs - ok
13:34:41.0346 5640  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
13:34:41.0395 5640  nsi - ok
13:34:41.0418 5640  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:34:41.0477 5640  nsiproxy - ok
13:34:41.0555 5640  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:34:41.0647 5640  Ntfs - ok
13:34:41.0688 5640  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
13:34:41.0760 5640  Null - ok
13:34:42.0008 5640  [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:34:42.0229 5640  nvlddmkm - ok
13:34:42.0258 5640  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:34:42.0303 5640  nvraid - ok
13:34:42.0354 5640  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:34:42.0387 5640  nvstor - ok
13:34:42.0461 5640  [ E4284FCF99FEA13A7E1836F87AE356F6 ] nvsvc           C:\Windows\system32\nvvsvc.exe
13:34:42.0514 5640  nvsvc - ok
13:34:42.0631 5640  [ 03E60E0BFA53ED15DC984FA34B44BB0F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:34:42.0774 5640  nvUpdatusService - ok
13:34:42.0823 5640  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:34:42.0856 5640  nv_agp - ok
13:34:42.0877 5640  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:34:42.0942 5640  ohci1394 - ok
13:34:42.0989 5640  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:34:43.0074 5640  p2pimsvc - ok
13:34:43.0111 5640  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:34:43.0162 5640  p2psvc - ok
13:34:43.0212 5640  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:34:43.0248 5640  Parport - ok
13:34:43.0292 5640  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:34:43.0332 5640  partmgr - ok
13:34:43.0353 5640  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
13:34:43.0398 5640  Parvdm - ok
13:34:43.0445 5640  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:34:43.0476 5640  PcaSvc - ok
13:34:43.0505 5640  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
13:34:43.0544 5640  pci - ok
13:34:43.0595 5640  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
13:34:43.0623 5640  pciide - ok
13:34:43.0652 5640  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:34:43.0691 5640  pcmcia - ok
13:34:43.0718 5640  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
13:34:43.0751 5640  pcw - ok
13:34:43.0789 5640  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:34:43.0896 5640  PEAUTH - ok
13:34:43.0957 5640  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:34:44.0032 5640  PeerDistSvc - ok
13:34:44.0155 5640  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
13:34:44.0295 5640  pla - ok
13:34:44.0360 5640  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:34:44.0426 5640  PlugPlay - ok
13:34:44.0458 5640  [ 0C155C5D8942B3CBCF9506A9D376B9AD ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:34:44.0477 5640  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:34:44.0477 5640  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:34:44.0504 5640  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:34:44.0553 5640  PNRPAutoReg - ok
13:34:44.0592 5640  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:34:44.0624 5640  PNRPsvc - ok
13:34:44.0676 5640  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:34:44.0723 5640  PolicyAgent - ok
13:34:44.0784 5640  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
13:34:44.0831 5640  Power - ok
13:34:44.0895 5640  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:34:45.0004 5640  PptpMiniport - ok
13:34:45.0030 5640  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:34:45.0065 5640  Processor - ok
13:34:45.0120 5640  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
13:34:45.0182 5640  ProfSvc - ok
13:34:45.0204 5640  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:34:45.0231 5640  ProtectedStorage - ok
13:34:45.0272 5640  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:34:45.0315 5640  Psched - ok
13:34:45.0379 5640  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:34:45.0465 5640  ql2300 - ok
13:34:45.0497 5640  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:34:45.0538 5640  ql40xx - ok
13:34:45.0583 5640  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
13:34:45.0670 5640  QWAVE - ok
13:34:45.0702 5640  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:34:45.0737 5640  QWAVEdrv - ok
13:34:45.0758 5640  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:34:45.0811 5640  RasAcd - ok
13:34:45.0860 5640  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:34:45.0926 5640  RasAgileVpn - ok
13:34:45.0971 5640  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
13:34:46.0028 5640  RasAuto - ok
13:34:46.0061 5640  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:34:46.0125 5640  Rasl2tp - ok
13:34:46.0194 5640  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
13:34:46.0258 5640  RasMan - ok
13:34:46.0293 5640  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:34:46.0344 5640  RasPppoe - ok
13:34:46.0364 5640  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:34:46.0432 5640  RasSstp - ok
13:34:46.0475 5640  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:34:46.0547 5640  rdbss - ok
13:34:46.0590 5640  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:34:46.0624 5640  rdpbus - ok
13:34:46.0674 5640  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:34:46.0713 5640  RDPCDD - ok
13:34:46.0745 5640  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:34:46.0795 5640  RDPDR - ok
13:34:46.0852 5640  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:34:46.0913 5640  RDPENCDD - ok
13:34:46.0942 5640  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:34:46.0997 5640  RDPREFMP - ok
13:34:47.0047 5640  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:34:47.0112 5640  RDPWD - ok
13:34:47.0172 5640  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:34:47.0219 5640  rdyboost - ok
13:34:47.0256 5640  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:34:47.0329 5640  RemoteAccess - ok
13:34:47.0366 5640  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:34:47.0444 5640  RemoteRegistry - ok
13:34:47.0489 5640  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:34:47.0547 5640  RpcEptMapper - ok
13:34:47.0590 5640  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
13:34:47.0637 5640  RpcLocator - ok
13:34:47.0672 5640  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
13:34:47.0717 5640  RpcSs - ok
13:34:47.0768 5640  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:34:47.0833 5640  rspndr - ok
13:34:47.0866 5640  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:34:47.0934 5640  s3cap - ok
13:34:47.0959 5640  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
13:34:47.0989 5640  SamSs - ok
13:34:48.0030 5640  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:34:48.0067 5640  sbp2port - ok
13:34:48.0100 5640  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:34:48.0155 5640  SCardSvr - ok
13:34:48.0188 5640  [ 20B2751CD4C8F3FD989739CA661B9F30 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
13:34:48.0225 5640  SCDEmu ( UnsignedFile.Multi.Generic ) - warning
13:34:48.0225 5640  SCDEmu - detected UnsignedFile.Multi.Generic (1)
13:34:48.0258 5640  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:34:48.0307 5640  scfilter - ok
13:34:48.0374 5640  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
13:34:48.0481 5640  Schedule - ok
13:34:48.0528 5640  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:34:48.0567 5640  SCPolicySvc - ok
13:34:48.0590 5640  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:34:48.0670 5640  SDRSVC - ok
13:34:48.0752 5640  [ 0F656D23F7956E9385E0A03F945EE338 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
13:34:48.0774 5640  SeaPort - ok
13:34:48.0811 5640  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
13:34:48.0883 5640  seclogon - ok
13:34:48.0922 5640  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
13:34:48.0987 5640  SENS - ok
13:34:49.0040 5640  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:34:49.0120 5640  SensrSvc - ok
13:34:49.0170 5640  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:34:49.0200 5640  Serenum - ok
13:34:49.0225 5640  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:34:49.0282 5640  Serial - ok
13:34:49.0319 5640  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:34:49.0366 5640  sermouse - ok
13:34:49.0430 5640  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:34:49.0499 5640  SessionEnv - ok
13:34:49.0526 5640  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:34:49.0579 5640  sffdisk - ok
13:34:49.0612 5640  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:34:49.0645 5640  sffp_mmc - ok
13:34:49.0666 5640  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:34:49.0700 5640  sffp_sd - ok
13:34:49.0733 5640  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:34:49.0762 5640  sfloppy - ok
13:34:49.0799 5640  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:34:49.0891 5640  SharedAccess - ok
13:34:49.0969 5640  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:34:50.0057 5640  ShellHWDetection - ok
13:34:50.0096 5640  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:34:50.0129 5640  sisagp - ok
13:34:50.0172 5640  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:34:50.0202 5640  SiSRaid2 - ok
13:34:50.0219 5640  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:34:50.0256 5640  SiSRaid4 - ok
13:34:50.0317 5640  [ 17EAB7852FF9F15FBAAB4E95EFC0B812 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
13:34:50.0416 5640  SkypeUpdate - ok
13:34:50.0450 5640  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:34:50.0502 5640  Smb - ok
13:34:50.0567 5640  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:34:50.0637 5640  SNMPTRAP - ok
13:34:50.0743 5640  [ F9FDE7DFDEA905859F54B23EA62352EC ] Soda 3D PDF Reader Helper Service C:\Program Files\Soda 3D PDF Reader\HelperService.exe
13:34:50.0833 5640  Soda 3D PDF Reader Helper Service - ok
13:34:50.0893 5640  [ 050323983CF4A056E649179058236796 ] Soda 3D PDF Reader Service C:\Program Files\Soda 3D PDF Reader\ConversionService.exe
13:34:50.0942 5640  Soda 3D PDF Reader Service - ok
13:34:51.0010 5640  [ DC8D2952FB6FFBAEC67BD1B93A34DF11 ] speedfan        C:\Windows\system32\speedfan.sys
13:34:51.0049 5640  speedfan - ok
13:34:51.0083 5640  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:34:51.0113 5640  spldr - ok
13:34:51.0164 5640  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
13:34:51.0230 5640  Spooler - ok
13:34:51.0318 5640  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
13:34:51.0408 5640  sppsvc - ok
13:34:51.0455 5640  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:34:51.0527 5640  sppuinotify - ok
13:34:51.0576 5640  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:34:51.0634 5640  srv - ok
13:34:51.0693 5640  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:34:51.0761 5640  srv2 - ok
13:34:51.0791 5640  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:34:51.0828 5640  srvnet - ok
13:34:51.0867 5640  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:34:51.0933 5640  SSDPSRV - ok
13:34:52.0001 5640  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
13:34:52.0023 5640  ssmdrv - ok
13:34:52.0046 5640  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:34:52.0109 5640  SstpSvc - ok
13:34:52.0207 5640  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:34:52.0263 5640  Stereo Service - ok
13:34:52.0298 5640  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:34:52.0328 5640  stexstor - ok
13:34:52.0384 5640  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
13:34:52.0445 5640  StiSvc - ok
13:34:52.0474 5640  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:34:52.0505 5640  storflt - ok
13:34:52.0539 5640  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
13:34:52.0587 5640  StorSvc - ok
13:34:52.0642 5640  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:34:52.0671 5640  storvsc - ok
13:34:52.0710 5640  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:34:52.0742 5640  swenum - ok
13:34:52.0783 5640  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
13:34:52.0832 5640  swprv - ok
13:34:52.0908 5640  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
13:34:52.0972 5640  SysMain - ok
13:34:53.0031 5640  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:34:53.0076 5640  TabletInputService - ok
13:34:53.0101 5640  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:34:53.0152 5640  TapiSrv - ok
13:34:53.0193 5640  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
13:34:53.0261 5640  TBS - ok
13:34:53.0332 5640  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:34:53.0457 5640  Tcpip - ok
13:34:53.0523 5640  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:34:53.0566 5640  TCPIP6 - ok
13:34:53.0615 5640  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:34:53.0658 5640  tcpipreg - ok
13:34:53.0703 5640  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:34:53.0771 5640  TDPIPE - ok
13:34:53.0820 5640  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:34:53.0851 5640  TDTCP - ok
13:34:53.0896 5640  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:34:53.0943 5640  tdx - ok
13:34:54.0109 5640  [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
13:34:54.0175 5640  TeamViewer7 - ok
13:34:54.0230 5640  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:34:54.0269 5640  TermDD - ok
13:34:54.0328 5640  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
13:34:54.0398 5640  TermService - ok
13:34:54.0447 5640  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
13:34:54.0492 5640  Themes - ok
13:34:54.0525 5640  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
13:34:54.0570 5640  THREADORDER - ok
13:34:54.0607 5640  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
13:34:54.0669 5640  TrkWks - ok
13:34:54.0748 5640  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:34:54.0804 5640  TrustedInstaller - ok
13:34:54.0855 5640  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:34:54.0912 5640  tssecsrv - ok
13:34:54.0974 5640  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:34:55.0017 5640  TsUsbFlt - ok
13:34:55.0083 5640  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:34:55.0191 5640  tunnel - ok
13:34:55.0226 5640  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:34:55.0257 5640  uagp35 - ok
13:34:55.0308 5640  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:34:55.0382 5640  udfs - ok
13:34:55.0433 5640  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:34:55.0488 5640  UI0Detect - ok
13:34:55.0523 5640  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:34:55.0554 5640  uliagpkx - ok
13:34:55.0625 5640  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
13:34:55.0673 5640  umbus - ok
13:34:55.0718 5640  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:34:55.0767 5640  UmPass - ok
13:34:55.0808 5640  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:34:55.0861 5640  UmRdpService - ok
13:34:55.0912 5640  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
13:34:55.0972 5640  upnphost - ok
13:34:56.0031 5640  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
13:34:56.0080 5640  USBAAPL - ok
13:34:56.0160 5640  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:34:56.0214 5640  usbaudio - ok
13:34:56.0257 5640  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:34:56.0304 5640  usbccgp - ok
13:34:56.0367 5640  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:34:56.0425 5640  usbcir - ok
13:34:56.0458 5640  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:34:56.0488 5640  usbehci - ok
13:34:56.0523 5640  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:34:56.0582 5640  usbhub - ok
13:34:56.0621 5640  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:34:56.0669 5640  usbohci - ok
13:34:56.0716 5640  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:34:56.0750 5640  usbprint - ok
13:34:56.0792 5640  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:34:56.0845 5640  usbscan - ok
13:34:56.0875 5640  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:34:56.0947 5640  USBSTOR - ok
13:34:57.0005 5640  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:34:57.0039 5640  usbuhci - ok
13:34:57.0089 5640  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
13:34:57.0156 5640  UxSms - ok
13:34:57.0191 5640  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
13:34:57.0218 5640  VaultSvc - ok
13:34:57.0251 5640  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:34:57.0283 5640  vdrvroot - ok
13:34:57.0335 5640  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
13:34:57.0445 5640  vds - ok
13:34:57.0496 5640  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:34:57.0548 5640  vga - ok
13:34:57.0593 5640  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:34:57.0640 5640  VgaSave - ok
13:34:57.0685 5640  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:34:57.0726 5640  vhdmp - ok
13:34:57.0765 5640  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:34:57.0798 5640  viaagp - ok
13:34:57.0826 5640  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
13:34:57.0884 5640  ViaC7 - ok
13:34:57.0925 5640  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
13:34:57.0957 5640  viaide - ok
13:34:58.0009 5640  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:34:58.0046 5640  vmbus - ok
13:34:58.0072 5640  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:34:58.0103 5640  VMBusHID - ok
13:34:58.0132 5640  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:34:58.0164 5640  volmgr - ok
13:34:58.0201 5640  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:34:58.0234 5640  volmgrx - ok
13:34:58.0267 5640  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:34:58.0324 5640  volsnap - ok
13:34:58.0353 5640  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:34:58.0388 5640  vsmraid - ok
13:34:58.0460 5640  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
13:34:58.0539 5640  VSS - ok
13:34:58.0572 5640  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:34:58.0625 5640  vwifibus - ok
13:34:58.0744 5640  [ D22C6B9C2F840D403FD387AD207A4B16 ] VX1000          C:\Windows\system32\DRIVERS\VX1000.sys
13:34:58.0849 5640  VX1000 - ok
13:34:58.0888 5640  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
13:34:58.0960 5640  W32Time - ok
13:34:59.0005 5640  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:34:59.0052 5640  WacomPen - ok
13:34:59.0097 5640  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:34:59.0166 5640  WANARP - ok
13:34:59.0189 5640  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:34:59.0232 5640  Wanarpv6 - ok
13:34:59.0320 5640  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:34:59.0484 5640  WatAdminSvc - ok
13:34:59.0560 5640  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
13:34:59.0675 5640  wbengine - ok
13:34:59.0710 5640  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:34:59.0773 5640  WbioSrvc - ok
13:34:59.0832 5640  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:34:59.0906 5640  wcncsvc - ok
13:34:59.0939 5640  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:35:00.0021 5640  WcsPlugInService - ok
13:35:00.0056 5640  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:35:00.0089 5640  Wd - ok
13:35:00.0146 5640  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:35:00.0201 5640  Wdf01000 - ok
13:35:00.0232 5640  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:35:00.0300 5640  WdiServiceHost - ok
13:35:00.0314 5640  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:35:00.0345 5640  WdiSystemHost - ok
13:35:00.0392 5640  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
13:35:00.0466 5640  WebClient - ok
13:35:00.0501 5640  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:35:00.0568 5640  Wecsvc - ok
13:35:00.0595 5640  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:35:00.0638 5640  wercplsupport - ok
13:35:00.0673 5640  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:35:00.0740 5640  WerSvc - ok
13:35:00.0796 5640  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:35:00.0841 5640  WfpLwf - ok
13:35:00.0869 5640  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:35:00.0900 5640  WIMMount - ok
13:35:00.0958 5640  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:35:01.0052 5640  WinDefend - ok
13:35:01.0076 5640  WinHttpAutoProxySvc - ok
13:35:01.0134 5640  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:35:01.0222 5640  Winmgmt - ok
13:35:01.0291 5640  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
13:35:01.0369 5640  WinRM - ok
13:35:01.0451 5640  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:35:01.0498 5640  WinUsb - ok
13:35:01.0570 5640  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:35:01.0660 5640  Wlansvc - ok
13:35:01.0794 5640  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:35:01.0886 5640  wlidsvc - ok
13:35:01.0931 5640  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:35:01.0962 5640  WmiAcpi - ok
13:35:02.0003 5640  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:35:02.0056 5640  wmiApSrv - ok
13:35:02.0162 5640  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:35:02.0226 5640  WMPNetworkSvc - ok
13:35:02.0265 5640  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:35:02.0314 5640  WPCSvc - ok
13:35:02.0365 5640  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:35:02.0412 5640  WPDBusEnum - ok
13:35:02.0457 5640  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:35:02.0519 5640  ws2ifsl - ok
13:35:02.0552 5640  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:35:02.0599 5640  wscsvc - ok
13:35:02.0615 5640  WSearch - ok
13:35:02.0714 5640  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
13:35:02.0773 5640  wuauserv - ok
13:35:02.0824 5640  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:35:02.0873 5640  WudfPf - ok
13:35:02.0906 5640  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:35:02.0951 5640  WUDFRd - ok
13:35:02.0984 5640  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:35:03.0042 5640  wudfsvc - ok
13:35:03.0087 5640  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:35:03.0169 5640  WwanSvc - ok
13:35:03.0212 5640  XDva400 - ok
13:35:03.0273 5640  ================ Scan global ===============================
13:35:03.0324 5640  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
13:35:03.0376 5640  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
13:35:03.0398 5640  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
13:35:03.0439 5640  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:35:03.0460 5640  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:35:03.0468 5640  [Global] - ok
13:35:03.0472 5640  ================ Scan MBR ==================================
13:35:03.0488 5640  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:35:03.0683 5640  \Device\Harddisk0\DR0 - ok
13:35:03.0689 5640  ================ Scan VBR ==================================
13:35:03.0695 5640  [ 766EA0B72B8A53DCF0BD24C338B9486E ] \Device\Harddisk0\DR0\Partition1
13:35:03.0697 5640  \Device\Harddisk0\DR0\Partition1 - ok
13:35:03.0728 5640  [ A16A8B8C3F2F81E7E49FF9B9FFA691F2 ] \Device\Harddisk0\DR0\Partition2
13:35:03.0730 5640  \Device\Harddisk0\DR0\Partition2 - ok
13:35:03.0736 5640  ============================================================
13:35:03.0736 5640  Scan finished
13:35:03.0736 5640  ============================================================
13:35:03.0759 3088  Detected object count: 6
13:35:03.0761 3088  Actual detected object count: 6
13:35:39.0065 3088  cmuda3 ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0065 3088  cmuda3 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:35:39.0065 3088  EverestDriver ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0065 3088  EverestDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:35:39.0067 3088  giveio ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0067 3088  giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:35:39.0069 3088  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0069 3088  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:35:39.0071 3088  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0071 3088  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:35:39.0073 3088  SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0075 3088  SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:36:02.0277 4276  Deinitialize success
         

Alt 04.06.2013, 13:13   #8
markusg
/// Malware-holic
 
Internet Explorer öffnet sich selbstständig. - Standard

Internet Explorer öffnet sich selbstständig.



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.06.2013, 14:06   #9
Joker2010
 
Internet Explorer öffnet sich selbstständig. - Standard

Internet Explorer öffnet sich selbstständig.



Okay, tut mir leid, aber ich habe nun ein Problem mit dem Combofix.
Und zwar habe ich es gestartet und währenddessen, wie befohlen, nichts angerührt. Und nun sollte ich zwar eine Textdatei auf dem Desktop oder wenigstens unter C:\ haben, habe aber keines.
Danach habe ich meinen PC neugestartet, weil ich dachte, dass es evtl. danach erst erstellt wird, jedoch ist immer noch nichts angekommen.

Alt 04.06.2013, 14:13   #10
markusg
/// Malware-holic
 
Internet Explorer öffnet sich selbstständig. - Standard

Internet Explorer öffnet sich selbstständig.



ist es überhaupt bis zu erstelle Logdatei gelaufen? eig müsste das Log auch autom geöffnet werden.
starte es mal erneut und schaue wie weits läfut
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.06.2013, 15:45   #11
Joker2010
 
Internet Explorer öffnet sich selbstständig. - Standard

Internet Explorer öffnet sich selbstständig.



Okay, tut mir leid, mein PC hat sich wohl an der stelle selbst "gehängt" oder ich war wohl zu vorschnell.

Hier ist die ComboFix.txt Datei:
Code:
ATTFilter
ComboFix 13-06-03.06 - USER1 04.06.2013  15:46:23.1.1 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2816.1927 [GMT 2:00]
ausgeführt von:: c:\users\USER1\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BFlix\BFLIx.dll
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibar.crx
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.3.27\inCRedibartlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
c:\users\USER1\AppData\Roaming\AcroIEHelpe.txt
c:\users\USER1\AppData\Roaming\BAcroIEHelpe005270.dll
c:\users\USER1\AppData\Roaming\cg64vhj4.default.tmp
c:\users\USER1\AppData\Roaming\srvblck5.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-04 bis 2013-06-04  ))))))))))))))))))))))))))))))
.
.
2013-06-04 13:57 . 2013-06-04 13:58	--------	d-----w-	c:\users\USER1\AppData\Local\temp
2013-06-04 13:57 . 2013-06-04 13:57	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-06-04 13:57 . 2013-06-04 13:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-03 21:40 . 2013-06-03 21:41	--------	d-----w-	c:\program files\7-Zip
2013-06-03 21:14 . 2013-06-04 11:10	--------	d-----w-	C:\_OTL
2013-06-03 10:33 . 2013-06-03 10:33	--------	d-----w-	c:\users\USER1\AppData\Roaming\Malwarebytes
2013-06-03 10:33 . 2013-06-03 10:33	--------	d-----w-	c:\programdata\Malwarebytes
2013-06-03 10:33 . 2013-06-03 10:33	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-06-03 10:33 . 2013-04-04 12:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-06-03 10:31 . 2013-06-03 10:31	--------	d-----w-	c:\users\USER1\AppData\Local\Programs
2013-05-22 17:06 . 2013-05-22 17:06	--------	d-----w-	c:\program files\LogMeIn Hamachi
2013-05-17 13:05 . 2013-05-17 13:08	--------	d-----w-	c:\program files\SpeedFan
2013-05-16 08:56 . 2013-04-10 03:14	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-05-16 08:56 . 2013-03-19 04:53	186368	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-16 08:56 . 2013-03-19 03:33	40960	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-16 08:56 . 2013-04-10 05:18	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 08:56 . 2013-04-10 05:18	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 08:56 . 2013-02-27 05:05	101720	----a-w-	c:\windows\system32\consent.exe
2013-05-16 08:56 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\system32\authui.dll
2013-05-16 08:56 . 2013-02-27 04:49	47104	----a-w-	c:\windows\system32\appinfo.dll
2013-05-14 11:21 . 2013-05-14 11:21	66656	----a-w-	c:\windows\system32\drivers\avnetflt.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 15:30 . 2012-04-04 09:19	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-15 15:30 . 2011-08-16 12:03	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-05 10:47 . 2012-11-03 09:26	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-05-05 10:47 . 2012-11-03 09:26	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-05-05 10:47 . 2012-11-03 09:26	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-04-13 04:45 . 2013-05-16 08:56	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 08:56	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 13:45	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-19 05:04 . 2013-04-10 08:19	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 08:19	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 08:19	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 08:19	69632	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{2FE0F895-6D1D-4c80-A20D-18E42DE9B631}]
2011-12-23 16:57	91992	----a-w-	c:\program files\Soda 3D PDF Reader\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{64C9D46E-8F8B-4158-9780-A6581C7439B1}"= "c:\program files\Soda 3D PDF Reader\PDFIEPlugin.dll" [2011-12-23 750936]
.
[HKEY_CLASSES_ROOT\clsid\{64c9d46e-8f8b-4158-9780-a6581c7439b1}]
[HKEY_CLASSES_ROOT\SodaReaderPDFIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{496FD2B4-369B-4c6b-B4F3-3D93A64D05E4}]
[HKEY_CLASSES_ROOT\SodaReaderPDFIEPlugin.PDFIEConverter]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" [2009-11-16 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-14 345312]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
.
c:\users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Task-Manager.lnk - c:\windows\System32\taskmgr.exe [2011-8-18 227328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 13:13	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-11-28 23:49	151952	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 14:27	119152	----a-w-	c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-05-15 10:08	2255184	----a-w-	c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40	180224	----a-w-	c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 14:27	762736	----a-w-	c:\windows\vVX1000.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 Soda 3D PDF Reader Helper Service;Soda 3D PDF Reader Helper Service;c:\program files\Soda 3D PDF Reader\HelperService.exe [2011-12-23 821592]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1343400]
R3 XDva400;XDva400;c:\windows\system32\XDva400.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-05-05 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-05-05 86752]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-05-15 1435984]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 Soda 3D PDF Reader Service;Soda 3D PDF Reader Service;c:\program files\Soda 3D PDF Reader\ConversionService.exe [2011-12-23 892760]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-24 22:17	1165776	----a-w-	c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:30]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-16 16:52]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-16 16:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\USER1\AppData\Roaming\Mozilla\Firefox\Profiles\cg64vhj4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: DVDVideoSoftTB Community Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: toolplugin: welcome@toolmin.com - %profile%\extensions\welcome@toolmin.com
FF - Ext: Incredibar Toolbar: ffxtlbr@incredibar.com - %profile%\extensions\ffxtlbr@incredibar.com
FF - user.js: browser.search.selectedEngine - Search the web
FF - user.js: browser.search.order.1 - Search the web
FF - user.js: browser.search.defaultenginename - Search the web
FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQkVkTMcB&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 980493b30000000000000016173bcafe
FF - user.js: extensions.incredibar_i.hardId - 980493b30000000000000016173bcafe
FF - user.js: extensions.incredibar_i.instlDay - 15349
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2721:03
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6PQkVkTMcB
FF - user.js: extensions.incredibar_i.upn2n - 92542177155036981
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-CmPCIaudio - cmicnfg3.cpl
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
AddRemove-Star Wars: The Force Unleashed 2_is1 - c:\program files\LucasArts\Star Wars The Force Unleashed 2\unins000.exe
AddRemove-toolplugin - c:\users\USER1\AppData\Local\Temp\WZSE0.TMP\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-04  16:38:53
ComboFix-quarantined-files.txt  2013-06-04 14:38
.
Vor Suchlauf: 12 Verzeichnis(se), 63.071.670.272 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 62.718.648.320 Bytes frei
.
- - End Of File - - A1F629CB999E640C5633C4F05E55B19D
         

Alt 04.06.2013, 15:55   #12
markusg
/// Malware-holic
 
Internet Explorer öffnet sich selbstständig. - Standard

Internet Explorer öffnet sich selbstständig.



öffne noch mal computer, c: qoobox rechtsklick quarantain, mit winrar oder zip packen, im uploadchannel hochladen und kurz melden, wenn fertig
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.06.2013, 16:05   #13
Joker2010
 
Internet Explorer öffnet sich selbstständig. - Standard

Internet Explorer öffnet sich selbstständig.



Ist hochgeladen.

Und nebenbei: Danke für die Hilfe! =)

Alt 04.06.2013, 16:13   #14
markusg
/// Malware-holic
 
Internet Explorer öffnet sich selbstständig. - Standard

Internet Explorer öffnet sich selbstständig.



Passt, danke.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.06.2013, 11:32   #15
Joker2010
 
Internet Explorer öffnet sich selbstständig. - Standard

Internet Explorer öffnet sich selbstständig.



Zitat:
Zitat von markusg Beitrag anzeigen
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
Okay, tut mir leid, aber ab dem ersten Punkt im Zitat habe ich nichts mehr verstanden. Wo sehe ich nun was für Programme ich benötige, welche nicht und welche unbekannt sind?

Antwort

Themen zu Internet Explorer öffnet sich selbstständig.
32 bit, antivir, bho, bonjour, festplatte, firefox, home, iexplore.exe, install.exe, internet explorer, object, poweriso, problem, pup.bundleinstaller.vg, registry, richtlinie, scan, search the web, software, starten, svchost.exe, tastatur, teamspeak, tr/barys.17770, trojan.agent, trojan.banker, trojan.bitcoin, trojan.bitminer



Ähnliche Themen: Internet Explorer öffnet sich selbstständig.


  1. Windows XP: Internet Explorer öffnet sich immer wieder selbstständig
    Log-Analyse und Auswertung - 29.08.2013 (7)
  2. internet explorer öffnet sich selbstständig mit Werbung
    Log-Analyse und Auswertung - 20.10.2010 (27)
  3. Internet Explorer öffnet sich regelmäßig selbstständig. (Njywoa.exe macht verdächtigen Eindruck)
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (7)
  4. IE Explorer öffnet sich selbstständig
    Log-Analyse und Auswertung - 17.08.2010 (1)
  5. I-Explorer öffnet sich selbstständig
    Log-Analyse und Auswertung - 03.08.2010 (25)
  6. Internet Explorer öffnet sich manchmal selbstständig
    Log-Analyse und Auswertung - 21.07.2010 (4)
  7. Der Internet Explorer öffnet sich selbstständig und zeigt Werbung an
    Plagegeister aller Art und deren Bekämpfung - 18.07.2010 (18)
  8. Internet Explorer öffnet sich selbstständig - HiJack-Log
    Log-Analyse und Auswertung - 17.06.2010 (8)
  9. Firefox öffnet Werbetabs&Internet Explorer öffnet sich selbstständig
    Log-Analyse und Auswertung - 09.05.2010 (64)
  10. HILFE: Firefox öffnet Werbetabs&Internet Explorer öffnet sich selbstständig
    Log-Analyse und Auswertung - 07.05.2010 (6)
  11. Internet Explorer öffnet sich nach Löschung von Antispyware Soft selbstständig
    Log-Analyse und Auswertung - 03.05.2010 (4)
  12. Windows 7 / Internet Explorer öffnet sich selbstständig mit Werbung
    Log-Analyse und Auswertung - 26.04.2010 (1)
  13. Internet Explorer öffnet selbstständig/ Antivir findet 137 versteckte Objekte!
    Plagegeister aller Art und deren Bekämpfung - 11.04.2010 (1)
  14. Trojaner? Internet Explorer öffnet selbstständig und blockiert Rechner!
    Log-Analyse und Auswertung - 10.01.2010 (39)
  15. internet explorer öffnet sich selbstständig mit Werbung
    Log-Analyse und Auswertung - 29.07.2009 (17)
  16. Internet Explorer öffnet selbstständig Werbung
    Plagegeister aller Art und deren Bekämpfung - 13.12.2008 (20)
  17. Internet Explorer öffnet sich selbstständig
    Log-Analyse und Auswertung - 07.12.2007 (2)

Zum Thema Internet Explorer öffnet sich selbstständig. - Hinweis: Bei Schritt 3 in der Anleitung sollte man GMER starten, welches bei einer bestimmten Pfad dann hängen bleibt. Ein ScreenShot ist nochmal unten bzw. angehängt. Hallo liebes Trojaner-Board Team, - Internet Explorer öffnet sich selbstständig....
Archiv
Du betrachtest: Internet Explorer öffnet sich selbstständig. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.