Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Polizeivirus Österreich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.06.2013, 21:36   #1
Kensai
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Hallo liebe Gemeinde.

Leider hat es mich vor ner Stunde auch erwischt...weisser Bildschirm.
Abgesicherter Modus geht auch nicht.

OTL hab ich gemacht und habe hier im Anhang die Logs.

Vielen Dank schonmal im Vorraus für die Hilfe

Code:
ATTFilter
OTL logfile created on: 6/7/2013 11:28:05 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.73 Mb Free Space | 75.74% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 111.71 Gb Free Space | 47.97% Space Free | Partition Type: NTFS
Drive F: | 223.47 Gb Total Space | 127.03 Gb Free Space | 56.84% Space Free | Partition Type: NTFS
Drive G: | 1.94 Gb Total Space | 1.92 Gb Free Space | 98.92% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/07/28 17:35:34 | 000,204,288 | ---- | M] (AMD) [Auto] -- F:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/05 12:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto] -- F:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2013/05/24 09:35:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/15 13:27:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/09 23:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto] -- F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/09 13:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled] -- F:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/08 12:39:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 12:39:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/02/20 11:03:27 | 000,076,888 | ---- | M] () [Auto] -- F:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/18 05:26:33 | 003,246,040 | ---- | M] (Acronis) [Auto] -- F:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/10/17 10:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011/09/22 16:21:28 | 001,114,280 | ---- | M] (Acronis) [Auto] -- F:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/03 03:58:18 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2013/04/03 03:58:18 | 000,103,064 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2012/12/19 01:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/05/12 07:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand] -- F:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/05/08 12:39:58 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- F:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 12:39:58 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- F:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/12/07 14:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011/10/18 05:26:34 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand] -- F:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/10/18 05:26:33 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot] -- F:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011/10/18 05:26:33 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot] -- F:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/10/18 05:26:32 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot] -- F:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/09/21 12:25:44 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System] -- F:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/09/16 11:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- F:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 16:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/20 03:45:58 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2011/07/20 03:45:58 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV:64bit: - [2011/07/20 03:45:58 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2011/07/20 03:45:58 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- F:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009/09/28 03:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2005/03/28 19:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2013/04/18 06:09:20 | 000,037,344 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2011/10/14 11:19:54 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- F:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - F:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\Mandi_ON_F\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Mandi_ON_F\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Mandi_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\Mandi_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Mandi_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Mandi_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C F4 0D E5 75 83 CD 01  [binary data]
IE - HKU\Mandi_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - F:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\Mandi_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - F:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
 
IE - HKU\UpdatusUser_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - F:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: F:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: F:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.104.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.116.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.122.0: F:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: F:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: F:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: F:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/03/10 11:25:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013/05/24 09:35:47 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/24 09:35:45 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/05/24 09:35:45 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/05/24 09:35:45 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/24 09:35:47 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/24 09:35:47 | 000,000,000 | ---D | M] (Default) -- F:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] F:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [SoundMAX] F:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Adobe ARM] F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] F:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] F:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] F:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Mandi_ON_F..\Run: [] F:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\Mandi_ON_F..\Run: [KiesAirMessage] F:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\Mandi_ON_F..\Run: [KiesPDLR] F:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\Mandi_ON_F..\Run: [KiesTrayAgent] F:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\Mandi_ON_F..\Run: [NVIDIA nTune]  File not found
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_F..\RunOnce: [mctadmin]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - F:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - F:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - F:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - F:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - F:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - F:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - F:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - F:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - LocalService_ON_F\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - LocalService_ON_F\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - LocalService_ON_F\..Trusted Domains: soe.com ([]* in )
O15:64bit: - LocalService_ON_F\..Trusted Domains: sony.com ([]* in )
O15:64bit: - NetworkService_ON_F\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - NetworkService_ON_F\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - NetworkService_ON_F\..Trusted Domains: soe.com ([]* in )
O15:64bit: - NetworkService_ON_F\..Trusted Domains: sony.com ([]* in )
O15:64bit: - UpdatusUser_ON_F\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - UpdatusUser_ON_F\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - UpdatusUser_ON_F\..Trusted Domains: soe.com ([]* in )
O15:64bit: - UpdatusUser_ON_F\..Trusted Domains: sony.com ([]* in )
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.33.55.5 212.33.32.160 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - F:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - F:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - F:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - F:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - F:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - F:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - F:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - F:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - F:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - F:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - F:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - F:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - F:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - F:\Windows\System32\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - F:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Mandi_ON_F Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Mandi_ON_F Winlogon: Shell - (C:\Users\Mandi\AppData\Roaming\skype.dat) - F:\Users\Mandi\AppData\Roaming\skype.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - F:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - F:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - F:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - F:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - F:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - F:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - F:\Windows\System32\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - F:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - F:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - F:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - F:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - F:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - F:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - F:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - F:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - F:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/07 11:30:48 | 001,330,144 | ---- | C] (techPowerUp (www.techpowerup.com)) -- F:\Users\Mandi\Desktop\GPU-Z.0.7.1.exe
[2013/06/07 11:10:04 | 000,372,736 | ---- | C] (NVIDIA Corporation) -- F:\Windows\System32\NVUNINST.EXE
[2013/06/07 11:09:56 | 000,000,000 | ---D | C] -- F:\Users\Mandi\AppData\Local\NVIDIA Corporation
[2013/06/07 11:09:35 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\NVIDIA nTune Performance Application
[2013/05/24 09:35:45 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Mozilla Firefox
[2013/05/15 11:05:33 | 000,526,336 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2013/05/15 11:05:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieui.dll
[2013/05/15 11:05:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesetup.dll
[2013/05/15 11:05:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iesetup.dll
[2013/05/15 11:05:33 | 000,051,712 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ie4uinit.exe
[2013/05/15 11:05:32 | 000,603,136 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msfeeds.dll
[2013/05/15 11:05:32 | 000,493,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msfeeds.dll
[2013/05/15 11:05:32 | 000,136,704 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesysprep.dll
[2013/05/15 11:05:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iesysprep.dll
[2013/05/15 11:05:32 | 000,089,600 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/15 11:05:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/15 11:05:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iernonce.dll
[2013/05/15 11:05:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iernonce.dll
[2013/05/15 11:05:31 | 003,958,784 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript9.dll
[2013/05/15 11:05:31 | 002,877,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript9.dll
[2013/05/15 11:05:31 | 000,855,552 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript.dll
[2013/05/15 11:05:31 | 000,690,688 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript.dll
[2013/05/15 11:05:13 | 001,930,752 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\authui.dll
[2013/05/15 11:05:13 | 001,796,096 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\authui.dll
[2013/05/15 11:05:13 | 000,197,120 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\shdocvw.dll
[2013/05/15 11:05:13 | 000,111,448 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\consent.exe
[2013/05/15 11:05:10 | 000,265,064 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 11:05:10 | 000,144,384 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\cdd.dll
[2013/05/15 11:05:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wwanprotdim.dll
[2013/05/10 12:48:27 | 000,000,000 | ---D | C] -- F:\Users\Mandi\Documents\Square Enix
[2013/05/10 12:45:56 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Square Enix
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/07 15:53:28 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2013/06/07 15:53:20 | 000,000,004 | ---- | M] () -- F:\Users\Mandi\AppData\Roaming\skype.ini
[2013/06/07 15:52:42 | 3214,237,696 | -HS- | M] () -- F:\hiberfil.sys
[2013/06/07 15:37:14 | 000,019,056 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/07 15:37:14 | 000,019,056 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/07 15:36:44 | 000,654,150 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2013/06/07 15:36:44 | 000,616,032 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2013/06/07 15:36:44 | 000,130,022 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2013/06/07 15:36:44 | 000,106,412 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2013/06/07 14:27:00 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/07 12:14:41 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/06/07 11:32:15 | 399,095,959 | ---- | M] () -- F:\Windows\MEMORY.DMP
[2013/06/07 11:30:50 | 001,330,144 | ---- | M] (techPowerUp (www.techpowerup.com)) -- F:\Users\Mandi\Desktop\GPU-Z.0.7.1.exe
[2013/06/07 11:27:21 | 000,003,280 | ---- | M] () -- F:\bootsqm.dat
[2013/06/07 11:09:43 | 000,372,736 | ---- | M] (NVIDIA Corporation) -- F:\Windows\System32\NVUNINST.EXE
[2013/06/06 12:01:04 | 000,001,135 | ---- | M] () -- F:\Users\Mandi\Desktop\Wasted_Penguinz_-_Melancholia__ChristianHS_20111016132318.mid
[2013/05/15 15:15:47 | 000,312,880 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[2013/05/15 13:27:18 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 13:27:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/13 11:34:19 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2013/05/10 12:46:38 | 000,001,242 | ---- | M] () -- F:\Users\Public\Desktop\FINAL FANTASY VII.lnk
 
========== Files Created - No Company Name ==========
 
[2013/06/07 15:16:50 | 000,000,004 | ---- | C] () -- F:\Users\Mandi\AppData\Roaming\skype.ini
[2013/06/07 11:27:21 | 000,003,280 | ---- | C] () -- F:\bootsqm.dat
[2013/06/06 12:01:03 | 000,001,135 | ---- | C] () -- F:\Users\Mandi\Desktop\Wasted_Penguinz_-_Melancholia__ChristianHS_20111016132318.mid
[2013/05/10 12:46:38 | 000,001,242 | ---- | C] () -- F:\Users\Public\Desktop\FINAL FANTASY VII.lnk
[2013/04/24 12:51:33 | 000,110,592 | ---- | C] () -- F:\Windows\SysWow64\FsUsbExDevice.Dll
[2013/04/24 12:51:33 | 000,037,344 | ---- | C] () -- F:\Windows\SysWow64\FsUsbExDisk.Sys
[2012/01/15 14:14:06 | 000,004,096 | ---- | C] () -- F:\Windows\d3dx.dat
[2012/01/12 12:00:35 | 000,145,920 | ---- | C] () -- F:\Users\Mandi\AppData\Roaming\skype.dat
[2011/11/12 05:17:03 | 000,283,304 | ---- | C] () -- F:\Windows\SysWow64\PnkBstrB.exe
[2011/11/12 05:17:02 | 000,076,888 | ---- | C] () -- F:\Windows\SysWow64\PnkBstrA.exe
[2011/10/17 11:19:07 | 000,000,064 | ---- | C] () -- F:\Windows\SysWow64\rp_stats.dat
[2011/10/17 11:19:07 | 000,000,044 | ---- | C] () -- F:\Windows\SysWow64\rp_rules.dat
[2011/09/21 11:28:20 | 000,252,928 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2011/09/20 11:24:42 | 000,000,079 | ---- | C] () -- F:\Users\Mandi\AppData\Local\CrystalDiskMark30.ini
[2011/09/20 11:16:30 | 000,000,000 | ---- | C] () -- F:\Windows\ativpsrm.bin
[2011/08/24 14:19:10 | 000,056,320 | ---- | C] () -- F:\Windows\SysWow64\OpenVideo.dll
[2011/07/26 11:26:48 | 000,030,568 | ---- | C] () -- F:\Windows\MusiccityDownload.exe
[2011/07/26 11:26:46 | 000,974,848 | ---- | C] () -- F:\Windows\SysWow64\cis-2.4.dll
[2011/07/26 11:26:46 | 000,081,920 | ---- | C] () -- F:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/07/26 11:26:46 | 000,065,536 | ---- | C] () -- F:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/07/26 11:26:46 | 000,057,344 | ---- | C] () -- F:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- F:\Windows\SysWow64\atipblag.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/10/18 05:57:04 | 000,000,000 | ---D | M] -- F:\ProgramData\Acronis
[2011/09/20 11:19:31 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2012/04/20 08:23:14 | 000,000,000 | ---D | M] -- F:\ProgramData\Battle.net
[2011/10/01 08:09:31 | 000,000,000 | ---D | M] -- F:\ProgramData\Canneverbe Limited
[2011/09/21 12:25:28 | 000,000,000 | ---D | M] -- F:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2011/09/20 11:19:31 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2011/09/29 12:55:44 | 000,000,000 | ---D | M] -- F:\ProgramData\EA Core
[2012/02/20 10:54:00 | 000,000,000 | ---D | M] -- F:\ProgramData\EA Logs
[2011/11/12 04:51:52 | 000,000,000 | ---D | M] -- F:\ProgramData\Electronic Arts
[2011/09/20 11:19:31 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2013/02/22 11:59:12 | 000,000,000 | ---D | M] -- F:\ProgramData\Origin
[2011/09/27 11:51:18 | 000,000,000 | ---D | M] -- F:\ProgramData\Propellerhead Software
[2011/09/23 10:49:33 | 000,000,000 | ---D | M] -- F:\ProgramData\Samsung
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2011/09/20 11:19:31 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2012/08/08 07:55:14 | 000,000,000 | ---D | M] -- F:\ProgramData\TERA
[2013/02/19 12:32:44 | 000,000,000 | ---D | M] -- F:\ProgramData\Ulead Systems
[2011/09/20 11:19:31 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2013/06/01 16:19:38 | 000,032,632 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         

Und die Extras:

Code:
ATTFilter
OTL Extras logfile created on: 6/7/2013 11:28:05 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.73 Mb Free Space | 75.74% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 111.71 Gb Free Space | 47.97% Space Free | Partition Type: NTFS
Drive F: | 223.47 Gb Total Space | 127.03 Gb Free Space | 56.84% Space Free | Partition Type: NTFS
Drive G: | 1.94 Gb Total Space | 1.92 Gb Free Space | 98.92% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- F:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- F:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- F:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" File not found
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.64.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.64.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
< End of report >
         

Alt 07.06.2013, 22:31   #2
smeenk
/// Malwareteam / Visitor
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich





Ich bin smeenk und ich werde versuchen Dir zu helfen

  • Starte den infizierten Rechner mit der OTLpe-CD und öffne OTLpe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch xx), dann mach das hier wieder rückgängig.
Code:
ATTFilter
:OTL
O20 - HKU\Mandi_ON_F Winlogon: Shell - (C:\Users\Mandi\AppData\Roaming\skype.dat) - F:\Users\Mandi\AppData\Roaming\skype.dat ()
[2013/06/07 15:53:20 | 000,000,004 | ---- | M] () -- F:\Users\Mandi\AppData\Roaming\skype.ini
         
  • Klicke jetzt auf den Fix Button.
  • Starte danach neu und versuche wieder in den normalen Modus von Windows zu booten.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\OTL\MovedFiles\<time_date.log>)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTLpe
__________________


Alt 08.06.2013, 08:51   #3
Kensai
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Bin wieder ins Windows gekommen

Hier die Logfile:

Code:
ATTFilter
========== OTL ==========
Registry value HKEY_USERS\Mandi_ON_F\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Mandi\AppData\Roaming\skype.dat deleted successfully.
F:\Users\Mandi\AppData\Roaming\skype.dat moved successfully.
F:\Users\Mandi\AppData\Roaming\skype.ini moved successfully.
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 06082013_114057
         
__________________

Alt 08.06.2013, 10:09   #4
smeenk
/// Malwareteam / Visitor
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Zitat:
Zitat von Kensai Beitrag anzeigen
Bin wieder ins Windows gekommen
Super

Wir machen noch einige Checks


Systemscan mit ZOEK

Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    ATTFilter
    emptyclsid;
    chromelook;
    autoclean;
    startupall;
    filesrcm;
    firefoxlook;
             
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Alt 08.06.2013, 11:16   #5
Kensai
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Hier die beiden Logs:

Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 03-June-2013
Tool run by Mandi on 08.06.2013 at 12:07:09,30.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Files \ Folders ======================

"C:\Users\Mandi\AppData\Roaming\Temp" deleted
"C:\Users\Mandi\AppData\Roaming\Amazon" deleted
"C:\Program Files (x86)\JDownloader" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Mandi\AppData\Local\Temp ====
2013-06-07 19:10:53	0FCF1038EC887414E5882D9E355AA2AA	145920	----a-w-	C:\Users\Mandi\AppData\Local\Temp\oydxegwbpthiaqhl.exe
2013-06-07 11:34:57	ECB8F37E2CA70E1BBAD55331868817DD	1696416	----a-w-	C:\Users\Mandi\AppData\Local\Temp\riftuninstall.exe
====== C:\Windows\SysWOW64 =====
2013-06-08 10:03:07	67C80336ED23D30AE0541BC49AF46511	1590370	----a-w-	C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-08 10:02:36	EEEBBAC91D8217DC967F55CF625B5F99	443168	----a-w-	C:\Windows\SysWOW64\NvFBC.dll
2013-06-08 10:02:36	DCCDC61A33C82FB402183EE8D540CB8D	2597344	----a-w-	C:\Windows\SysWOW64\nvapi.dll
2013-06-08 10:02:36	D611AB1AC06A13EADE9E2E7B70E5852A	214448	----a-w-	C:\Windows\SysWOW64\nvinit.dll
2013-06-08 10:02:36	B3F93B3084A97B74CCF7945E48066724	421152	----a-w-	C:\Windows\SysWOW64\NvIFR.dll
2013-06-08 10:02:36	B2AAEDAD8D0C766825CBE8420CFE9F7C	925648	----a-w-	C:\Windows\SysWOW64\nvumdshim.dll
2013-06-08 10:02:36	A0872ABAB0403F201881D37BF298A052	17560352	----a-w-	C:\Windows\SysWOW64\nvcompiler.dll
2013-06-08 10:02:36	81059C260733B188A6A7DDF256CD8A85	2754336	----a-w-	C:\Windows\SysWOW64\nvcuvid.dll
2013-06-08 10:02:36	55F83D83CE47DC289E3A5E54100271DA	181488	----a-w-	C:\Windows\SysWOW64\nvoglshim32.dll
2013-06-08 10:02:36	496EFAF014AA083457C15D801345EEF1	12426216	----a-w-	C:\Windows\SysWOW64\nvd3dum.dll
2013-06-08 10:02:36	48897CDA3935ECD502C17CF53FDED453	13403168	----a-w-	C:\Windows\SysWOW64\nvwgf2um.dll
2013-06-08 10:02:36	4645761B0345CCD024DD895B5B3C3104	6324360	----a-w-	C:\Windows\SysWOW64\nvopencl.dll
2013-06-08 10:02:36	30F93586A56BDBF3618354A071DD1E7C	7682960	----a-w-	C:\Windows\SysWOW64\nvcuda.dll
2013-06-08 10:02:36	1D48D88C3A5D9F19A958427B86A922B6	2002720	----a-w-	C:\Windows\SysWOW64\nvcuvenc.dll
2013-06-08 10:02:36	064135F9EEEDD839E4CABA60F7FB2B92	21096736	----a-w-	C:\Windows\SysWOW64\nvoglv32.dll
2013-06-08 10:01:04	B781E57B57304E94D9BD115B8FB3CE61	53024	----a-w-	C:\Windows\SysWOW64\OpenCL.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-06-08 10:02:36	EF4196BC7D910ED58B0732EE1E24EB8A	15143904	----a-w-	C:\Windows\Sysnative\nvd3dumx.dll
2013-06-08 10:02:36	EC825FBA956A821F6F675A9B07EAE79A	1832224	----a-w-	C:\Windows\Sysnative\nvdispco6432018.dll
2013-06-08 10:02:36	E67B709DD041128693FDDBC57D4636B0	15910736	----a-w-	C:\Windows\Sysnative\nvwgf2umx.dll
2013-06-08 10:02:36	C825D9BF265740E1C8AB05613DD93C95	9233688	----a-w-	C:\Windows\Sysnative\nvcuda.dll
2013-06-08 10:02:36	C4D5608DAFCF0D7B0FCF4DB092CC897E	27775776	----a-w-	C:\Windows\Sysnative\nvoglv64.dll
2013-06-08 10:02:36	BA35C5D0D76A13CC4B6DA354C481F452	25256224	----a-w-	C:\Windows\Sysnative\nvcompiler.dll
2013-06-08 10:02:36	B73FCB66B0FDC01D889094DDC1B3BFDB	2942240	----a-w-	C:\Windows\Sysnative\nvcuvid.dll
2013-06-08 10:02:36	B253530BD5DFDD9CAA1E953D8B1A37C4	1511712	----a-w-	C:\Windows\Sysnative\nvdispgenco6432018.dll
2013-06-08 10:02:36	9EB1BF061ED0AF0F0E1149E483467A70	518944	----a-w-	C:\Windows\Sysnative\NvIFR64.dll
2013-06-08 10:02:36	81D600EAB5E2ECE2BEBEE71DA389856E	31520	----a-w-	C:\Windows\Sysnative\nvhdap64.dll
2013-06-08 10:02:36	601772FE7656725402120C80E99B5C0F	2935696	----a-w-	C:\Windows\Sysnative\nvapi64.dll
2013-06-08 10:02:36	52F5ED519C524138FC2FC9F5D717A006	550176	----a-w-	C:\Windows\Sysnative\NvFBC64.dll
2013-06-08 10:02:36	424ED8142593309EF3F5D606CE300852	218592	----a-w-	C:\Windows\Sysnative\nvoglshim64.dll
2013-06-08 10:02:36	3D94838A6A71C5E2E9138349FD7961EC	2363680	----a-w-	C:\Windows\Sysnative\nvcuvenc.dll
2013-06-08 10:02:36	188155F12B7FCB33CFB5F57E6AA55942	266448	----a-w-	C:\Windows\Sysnative\nvinitx.dll
2013-06-08 10:02:36	074CF86BBAA0E5D5A37F3EE8A029F1FF	1059560	----a-w-	C:\Windows\Sysnative\nvumdshimx.dll
2013-06-08 10:02:36	00D1D8F6F5E848D78C6F9FC4DE81EA45	7641832	----a-w-	C:\Windows\Sysnative\nvopencl.dll
2013-06-08 10:01:12	C4FF1E3090CDED7514447E20F16E042D	63776	----a-w-	C:\Windows\Sysnative\nvshext.dll
2013-06-08 10:01:12	C36795D76C2B0B89DE07927C39BB71AE	6491936	----a-w-	C:\Windows\Sysnative\nvcpl.dll
2013-06-08 10:01:12	B9F3591981D761A5CA1D24C369764D96	884512	----a-w-	C:\Windows\Sysnative\nvvsvc.exe
2013-06-08 10:01:12	8C87BB72C1B0BF00401B97D30DCBA850	3514656	----a-w-	C:\Windows\Sysnative\nvsvc64.dll
2013-06-08 10:01:12	7583ED27B7A60FEBA1DACFF9D7776274	237856	----a-w-	C:\Windows\Sysnative\nvmctray.dll
2013-06-08 10:01:12	68FF291F25E5EB0440EEC698AA6794D1	3165737	----a-w-	C:\Windows\Sysnative\nvcoproc.bin
2013-06-08 10:01:12	193AD8FDD34D13A450F4D7A3723C4A16	2555680	----a-w-	C:\Windows\Sysnative\nvsvcr.dll
2013-06-08 10:01:04	11F269567914E6CDEEAFB387056C5027	61216	----a-w-	C:\Windows\Sysnative\OpenCL.dll
2013-06-07 15:10:04	CF768E59E4E6B7768A6A615D365DEA21	372736	----a-w-	C:\Windows\Sysnative\NVUNINST.EXE
====== C:\Windows\Sysnative\drivers =====
2013-06-08 10:02:36	805F0C2B9C07E4C0F74D0EF70E9E827A	194848	----a-w-	C:\Windows\Sysnative\drivers\nvhda64v.sys
2013-06-08 10:02:36	7A711D08F1FD1AB8149B6199F84A0EB7	11216160	----a-w-	C:\Windows\Sysnative\drivers\nvlddmkm.sys
2013-05-15 15:05:10	AF2E16242AA723F68F461B6EAE2EAD3D	983400	----a-w-	C:\Windows\Sysnative\drivers\dxgkrnl.sys
2013-05-15 15:05:10	1F04CFB79DD5FB7694468CE3FB3DCC31	265064	----a-w-	C:\Windows\Sysnative\drivers\dxgmms1.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-06-07 15:09:35	--------	d-----w-	C:\Program Files (x86)\NVIDIA nTune Performance Application
2013-05-10 16:45:56	--------	d-----w-	C:\Program Files (x86)\Square Enix
======= C: =====
2013-06-08 03:29:42	DAE52D4A9CDCA92BB6FD77877A5453B7	25114	----a-w-	C:\Extras.Txt
2013-06-08 03:26:00	8A1204642418FEBE7CFA90E101E09B63	88504	----a-w-	C:\OTL.Txt
2013-06-07 15:27:21	DEC595381F4C185CB6644E31A69A77A3	3280	------w-	C:\bootsqm.dat
====== C:\Users\Mandi\AppData\Roaming ======
2013-06-08 10:01:43	--------	d-sh--we	C:\users\UpdatusUser\AppData\Local\Verlauf
2013-06-08 10:01:43	--------	d-sh--we	C:\users\UpdatusUser\AppData\Local\Temporary Internet Files
2013-06-08 10:01:43	--------	d-sh--we	C:\users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-06-08 10:01:42	--------	d-s---w-	C:\users\UpdatusUser\AppData\Roaming\Microsoft
2013-06-08 10:01:42	--------	d-----w-	C:\users\UpdatusUser\AppData\Roaming\Media Center Programs
2013-06-08 10:01:42	--------	d-----w-	C:\users\UpdatusUser\AppData\Local\Temp
2013-06-08 10:01:42	--------	d-----w-	C:\users\UpdatusUser\AppData\Local\Microsoft
2013-06-08 10:01:42	--------	d-----r-	C:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-06-08 10:01:42	--------	d-----r-	C:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-06-07 15:09:56	--------	d-----w-	C:\users\Mandi\AppData\Local\NVIDIA Corporation
====== C:\Users\Mandi ======
2013-06-08 10:04:40	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2013-06-08 10:01:43	6FC234AD3752E1267B34FB12BCD6718B	20	--sh--w-	C:\Users\UpdatusUser\ntuser.ini
2013-06-08 10:01:43	--------	d-sh--we	C:\Users\UpdatusUser\Vorlagen
2013-06-08 10:01:43	--------	d-sh--we	C:\Users\UpdatusUser\Startmenü
2013-06-08 10:01:43	--------	d-sh--we	C:\Users\UpdatusUser\SendTo
2013-06-08 10:01:43	--------	d-sh--we	C:\Users\UpdatusUser\Recent
2013-06-08 10:01:43	--------	d-sh--we	C:\Users\UpdatusUser\Netzwerkumgebung
2013-06-08 10:01:43	--------	d-sh--we	C:\Users\UpdatusUser\Lokale Einstellungen
2013-06-08 10:01:43	--------	d-sh--we	C:\Users\UpdatusUser\Eigene Dateien
2013-06-08 10:01:43	--------	d-sh--we	C:\Users\UpdatusUser\Druckumgebung
2013-06-08 10:01:43	--------	d-sh--we	C:\Users\UpdatusUser\Cookies
2013-06-08 10:01:43	--------	d-sh--we	C:\Users\UpdatusUser\Anwendungsdaten
2013-06-08 10:01:43	--------	d-----w-	C:\Users\UpdatusUser\Searches
2013-06-08 10:01:43	--------	d-----w-	C:\Users\UpdatusUser\Contacts
2013-06-08 10:01:42	--------	d--h--w-	C:\Users\UpdatusUser\AppData
2013-06-08 10:01:42	--------	d-----w-	C:\Users\UpdatusUser\Saved Games
2013-06-08 10:01:42	--------	d-----r-	C:\Users\UpdatusUser\Videos
2013-06-08 10:01:42	--------	d-----r-	C:\Users\UpdatusUser\Pictures
2013-06-08 10:01:42	--------	d-----r-	C:\Users\UpdatusUser\Music
2013-06-08 10:01:42	--------	d-----r-	C:\Users\UpdatusUser\Links
2013-06-08 10:01:42	--------	d-----r-	C:\Users\UpdatusUser\Favorites
2013-06-08 10:01:42	--------	d-----r-	C:\Users\UpdatusUser\Downloads
2013-06-08 10:01:42	--------	d-----r-	C:\Users\UpdatusUser\Documents
2013-06-08 10:01:42	--------	d-----r-	C:\Users\UpdatusUser\Desktop
2013-06-08 10:01:28	--------	d-----w-	C:\ProgramData\NVIDIA
2013-06-08 10:00:57	--------	d-----w-	C:\ProgramData\NVIDIA Corporation
2013-06-07 15:30:48	06D4B0DF9C04E2B99C1A8E4C0D9D705C	1330144	----a-w-	C:\Users\Mandi\Desktop\GPU-Z.0.7.1.exe

====== C: exe-files ==
2013-06-08 10:04:40	B1EFD4957494046388C2BABD2F99C556	785696	----a-w-	C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
2013-06-08 10:04:40	6B08632F7634F344372B25A507DA7C47	1012000	----a-w-	C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
2013-06-08 10:04:40	33089179574688A583421956130B606F	596768	----a-w-	C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\7z.exe
2013-06-08 10:04:01	FC03EC7CF99D2FEC2EB164BDA12F9C9B	1136928	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.{753E2F69-87C1-403D-8659-D4C2FD9AEFE3}\nvxdsync.exe
2013-06-08 10:04:01	B9F3591981D761A5CA1D24C369764D96	884512	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.{753E2F69-87C1-403D-8659-D4C2FD9AEFE3}\nvvsvc.exe
2013-06-08 10:04:01	66BDE4DDDCD6B491BAED582F4B576994	60192	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.{753E2F69-87C1-403D-8659-D4C2FD9AEFE3}\nvSmartMaxapp.exe
2013-06-08 10:04:01	65B0D185B9077AF597CA52D4D486775A	406304	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.{753E2F69-87C1-403D-8659-D4C2FD9AEFE3}\setup.exe
2013-06-08 10:04:01	64233C73C44BDD2B1D8896A1D5CCDBDE	6866208	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.{753E2F69-87C1-403D-8659-D4C2FD9AEFE3}\nvcplui.exe
2013-06-08 10:04:01	619A24111F81D7AE68A5B400200A44E0	61728	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.{753E2F69-87C1-403D-8659-D4C2FD9AEFE3}\nvSmartMaxapp64.exe
2013-06-08 10:04:01	4A7E8B1F2EC6B27A2C1B1A7981A85616	2450208	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.{753E2F69-87C1-403D-8659-D4C2FD9AEFE3}\NvTray.exe
2013-06-08 10:04:00	65B0D185B9077AF597CA52D4D486775A	406304	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\installer.{DF153762-B54A-4BCB-828C-A2D4128943AA}\setup.exe
2013-06-08 10:02:36	FE19E8AAC8F066DEE432B2F176C3B9C7	73534616	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{2804A969-D5BB-4E41-BB37-B4FB80E3C282}\NvCplSetupInt.exe
2013-06-08 10:02:36	F575A5AC8F4D2BE570CB095B3DD87B1A	1213216	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\NVIDIA.Update.{6D34EC30-1A39-4480-87DC-3122336A218B}\ComUpdatus.exe
2013-06-08 10:02:36	C922C135D370C9ADF5490771596AA117	190752	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\NVIDIA.Update.{6D34EC30-1A39-4480-87DC-3122336A218B}\WLMerger.exe
2013-06-08 10:02:36	B1EFD4957494046388C2BABD2F99C556	785696	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{23ABD089-95D1-4812-9291-F13908762028}\GFExperience.exe
2013-06-08 10:02:36	A9AFE5B0648C8D7A411A72D8222F7F6E	1826592	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\NVIDIA.Update.{6D34EC30-1A39-4480-87DC-3122336A218B}\daemonu.exe
2013-06-08 10:02:36	6B08632F7634F344372B25A507DA7C47	1012000	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{23ABD089-95D1-4812-9291-F13908762028}\nvtmru.exe
2013-06-08 10:02:36	69F71753EE718140E21D8A078B0132EB	234272	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{2804A969-D5BB-4E41-BB37-B4FB80E3C282}\dbInstaller.exe
2013-06-08 10:02:36	69F71753EE718140E21D8A078B0132EB	234272	----a-w-	C:\Program Files\NVIDIA Corporation\Drs\dbInstaller.exe
2013-06-08 10:02:36	5342649BB5D13FB8FBFF80B4A79799BF	23107184	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\Display.3DVision.{7013FD4C-C323-4407-93AF-8085BCF6A479}\3DVision_320.18.exe
2013-06-08 10:02:36	53406E9988306CBD4537677C5336ABA4	889416	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\MS.NET40.{821918EC-ACE4-499C-9052-796982BC668E}\dotNetFx40_Full_setup.exe
2013-06-08 10:02:36	33089179574688A583421956130B606F	596768	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{23ABD089-95D1-4812-9291-F13908762028}\7z.exe
2013-06-08 10:02:23	4801DB44E7F35518493B0B8D81202A7C	406304	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\installer.{581E1583-8900-4DDA-93B0-A2788187B085}\setup.exe
2013-06-08 10:02:22	C922C135D370C9ADF5490771596AA117	190752	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\Display.Update\WLMerger.exe
2013-06-08 10:02:22	4801DB44E7F35518493B0B8D81202A7C	406304	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\setup.exe
2013-06-08 10:02:21	6B08632F7634F344372B25A507DA7C47	1012000	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\GFExperience\nvtmru.exe
2013-06-08 10:02:16	FE19E8AAC8F066DEE432B2F176C3B9C7	73534616	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\Display.Driver\NvCplSetupInt.exe
2013-06-08 10:02:16	F575A5AC8F4D2BE570CB095B3DD87B1A	1213216	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\Display.Update\ComUpdatus.exe
2013-06-08 10:02:16	B1EFD4957494046388C2BABD2F99C556	785696	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\GFExperience\GFExperience.exe
2013-06-08 10:02:16	A9AFE5B0648C8D7A411A72D8222F7F6E	1826592	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\Display.Update\daemonu.exe
2013-06-08 10:02:16	69F71753EE718140E21D8A078B0132EB	234272	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\Display.Driver\dbInstaller.exe
2013-06-08 10:02:16	53406E9988306CBD4537677C5336ABA4	889416	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\MS.NET\dotNetFx40_Full_setup.exe
2013-06-08 10:02:16	33089179574688A583421956130B606F	596768	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\GFExperience\7z.exe
2013-06-08 10:02:14	5342649BB5D13FB8FBFF80B4A79799BF	23107184	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\NV3DVision\3DVision_320.18.exe
2013-06-08 10:01:42	F575A5AC8F4D2BE570CB095B3DD87B1A	1213216	----a-w-	C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
2013-06-08 10:01:42	C922C135D370C9ADF5490771596AA117	190752	----a-w-	C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\WLMerger.exe
2013-06-08 10:01:42	A9AFE5B0648C8D7A411A72D8222F7F6E	1826592	----a-w-	C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
2013-06-08 10:01:12	FC03EC7CF99D2FEC2EB164BDA12F9C9B	1136928	----a-w-	C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
2013-06-08 10:01:12	B9F3591981D761A5CA1D24C369764D96	884512	----a-w-	C:\Windows\System32\nvvsvc.exe
2013-06-08 10:01:12	66BDE4DDDCD6B491BAED582F4B576994	60192	----a-w-	C:\Program Files\NVIDIA Corporation\Display\nvsmartmaxapp.exe
2013-06-08 10:01:12	619A24111F81D7AE68A5B400200A44E0	61728	----a-w-	C:\Program Files\NVIDIA Corporation\Display\nvsmartmaxapp64.exe
2013-06-08 10:01:12	4A7E8B1F2EC6B27A2C1B1A7981A85616	2450208	----a-w-	C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2013-06-08 10:01:11	64233C73C44BDD2B1D8896A1D5CCDBDE	6866208	----a-w-	C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
2013-06-07 19:10:53	0FCF1038EC887414E5882D9E355AA2AA	145920	----a-w-	C:\Users\Mandi\AppData\Local\Temp\oydxegwbpthiaqhl.exe
2013-06-07 15:30:48	06D4B0DF9C04E2B99C1A8E4C0D9D705C	1330144	----a-w-	C:\Users\Mandi\Desktop\GPU-Z.0.7.1.exe
2013-06-07 15:10:04	CF768E59E4E6B7768A6A615D365DEA21	372736	----a-w-	C:\Windows\System32\NVUNINST.EXE
2013-06-07 11:34:57	ECB8F37E2CA70E1BBAD55331868817DD	1696416	----a-w-	C:\Users\Mandi\AppData\Local\Temp\riftuninstall.exe
2013-06-04 15:28:56	CEF9DFCF15C7FBA3A704504EAE8EA411	8249344	----a-w-	C:\Users\Mandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0EN85NX\SkypeSetupFull[2].exe
=== C: other files ==
2013-06-08 10:02:36	EDDE04805AC865AC8465388DC4A4CCC7	128672	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{9F6B5BB3-7621-4A98-AF00-DFF1E7CAD2FD}\nvhda32.sys
2013-06-08 10:02:36	ED53B817E63AFFBA328C2E9632FBF487	154400	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{9F6B5BB3-7621-4A98-AF00-DFF1E7CAD2FD}\nvhda32v.sys
2013-06-08 10:02:36	C8E2C21A3A0DE1B410F9CD4AACD5B686	432672	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{C8AB2219-7177-48AE-B34E-9702F3649F80}\nvstusb32.sys
2013-06-08 10:02:36	A15A4A50A74CCD04CD528CE9E5F97C3F	448288	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{C8AB2219-7177-48AE-B34E-9702F3649F80}\nvstusb64.sys
2013-06-08 10:02:36	805F0C2B9C07E4C0F74D0EF70E9E827A	194848	----a-w-	C:\Windows\System32\drivers\nvhda64v.sys
2013-06-08 10:02:36	805F0C2B9C07E4C0F74D0EF70E9E827A	194848	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{9F6B5BB3-7621-4A98-AF00-DFF1E7CAD2FD}\nvhda64v.sys
2013-06-08 10:02:36	7A711D08F1FD1AB8149B6199F84A0EB7	11216160	----a-w-	C:\Windows\System32\drivers\nvlddmkm.sys
2013-06-08 10:02:36	32DDB67B405D7E01F0B3BBE04FB8EFA5	162592	----a-w-	C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{9F6B5BB3-7621-4A98-AF00-DFF1E7CAD2FD}\nvhda64.sys
2013-06-08 10:02:23	EDDE04805AC865AC8465388DC4A4CCC7	128672	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\HDAudio\nvhda32.sys
2013-06-08 10:02:23	ED53B817E63AFFBA328C2E9632FBF487	154400	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\HDAudio\nvhda32v.sys
2013-06-08 10:02:23	C8E2C21A3A0DE1B410F9CD4AACD5B686	432672	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\NV3DVisionUSB.Driver\nvstusb32.sys
2013-06-08 10:02:23	A15A4A50A74CCD04CD528CE9E5F97C3F	448288	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\NV3DVisionUSB.Driver\nvstusb64.sys
2013-06-08 10:02:23	805F0C2B9C07E4C0F74D0EF70E9E827A	194848	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\HDAudio\nvhda64v.sys
2013-06-08 10:02:23	32DDB67B405D7E01F0B3BBE04FB8EFA5	162592	----a-w-	C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\HDAudio\nvhda64.sys
2013-06-07 12:09:03	E9058022B536F1512A72B4277E113D33	222	----a-w-	C:\Program Files (x86)\JDownloader 2\cfg\downloadList384.zip
2013-06-07 12:09:03	9D16847E3844A4099065E7EA5D24AE08	222	----a-w-	C:\Program Files (x86)\JDownloader 2\cfg\linkcollector82.zip
2013-06-07 12:08:56	ED033391F860DA7B4525C397EB511EE8	222	----a-w-	C:\Program Files (x86)\JDownloader 2\cfg\downloadList383.zip
2013-06-07 12:08:56	220538E2CF957F3A9B58284DB9F60D0A	222	----a-w-	C:\Program Files (x86)\JDownloader 2\cfg\linkcollector81.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-600001643-3284288656-2487066770-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup"
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"NVIDIA nTune"="C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe clear"

[HKEY_USERS\S-1-5-21-600001643-3284288656-2487066770-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-600001643-3284288656-2487066770-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"SoundMAXPnP"="C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup"
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"NVIDIA nTune"="C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe clear"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
"SoundMAX"="C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray"
"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ulead AutoDetector v2]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ulead AutoDetector v2"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Ulead Systems\\AutoDetector\\monitor.exe"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15.05.2013 19:27]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Mandi\AppData\Roaming\Mozilla\Firefox\Profiles\tsxap40z.default
- Undetermined - %ProfilePath%\extensions\nostmp
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Phoenity Modern - %ProfilePath%\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
- jDownFF - %ProfilePath%\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
- DivX Web Player - %ProfilePath%\extensions\DivXWebPlayer@divx.com.xpi
- IE View - %ProfilePath%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Adobe DLM powered by getPlusR - %ProfilePath%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Users\Mandi\AppData\Roaming\Mozilla\Firefox\Profiles\tsxap40z.default
7ABE33792F2787D599B6963E71B9E8CD	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll -	Shockwave Flash
D4BD9F86123C87ECA570418B69326F99	- C:\Windows\SysWOW64\npdeployJava1.dll -	Java Deployment Toolkit 7.0.170.2
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Mandi\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mandi\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\users\Mandi\AppData\Local\Mozilla\Firefox\Profiles\tsxap40z.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Mandi\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 08.06.2013 at 12:12:39,78 ======================
         

und
Code:
ATTFilter
12:14:31.0476 4100  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:14:31.0586 4100  ============================================================
12:14:31.0586 4100  Current date / time: 2013/06/08 12:14:31.0586
12:14:31.0586 4100  SystemInfo:
12:14:31.0586 4100  
12:14:31.0586 4100  OS Version: 6.1.7601 ServicePack: 1.0
12:14:31.0586 4100  Product type: Workstation
12:14:31.0586 4100  ComputerName: MANDI-PC
12:14:31.0586 4100  UserName: Mandi
12:14:31.0586 4100  Windows directory: C:\Windows
12:14:31.0586 4100  System windows directory: C:\Windows
12:14:31.0586 4100  Running under WOW64
12:14:31.0586 4100  Processor architecture: Intel x64
12:14:31.0586 4100  Number of processors: 8
12:14:31.0586 4100  Page size: 0x1000
12:14:31.0586 4100  Boot type: Normal boot
12:14:31.0586 4100  ============================================================
12:14:32.0022 4100  Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:14:32.0022 4100  Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:14:32.0038 4100  ============================================================
12:14:32.0038 4100  \Device\Harddisk0\DR0:
12:14:32.0038 4100  MBR partitions:
12:14:32.0038 4100  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:14:32.0038 4100  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BEF1000
12:14:32.0038 4100  \Device\Harddisk1\DR1:
12:14:32.0038 4100  MBR partitions:
12:14:32.0038 4100  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4000
12:14:32.0038 4100  ============================================================
12:14:32.0038 4100  C: <-> \Device\Harddisk0\DR0\Partition2
12:14:32.0038 4100  E: <-> \Device\Harddisk1\DR1\Partition1
12:14:32.0038 4100  ============================================================
12:14:32.0038 4100  Initialize success
12:14:32.0038 4100  ============================================================
12:15:06.0779 4584  ============================================================
12:15:06.0779 4584  Scan started
12:15:06.0779 4584  Mode: Manual; SigCheck; TDLFS; 
12:15:06.0779 4584  ============================================================
12:15:06.0842 4584  ================ Scan system memory ========================
12:15:06.0842 4584  System memory - ok
12:15:06.0842 4584  ================ Scan services =============================
12:15:06.0873 4584  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:15:06.0935 4584  1394ohci - ok
12:15:06.0951 4584  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:15:06.0966 4584  ACPI - ok
12:15:06.0966 4584  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:15:06.0982 4584  AcpiPmi - ok
12:15:06.0998 4584  [ 249386D5903657326265C996B32A0EDB ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
12:15:07.0013 4584  AcrSch2Svc - ok
12:15:07.0013 4584  [ 1C090E86AFD15231377AD37436C3C719 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
12:15:07.0029 4584  ADIHdAudAddService - ok
12:15:07.0029 4584  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:15:07.0044 4584  AdobeARMservice - ok
12:15:07.0060 4584  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:15:07.0076 4584  AdobeFlashPlayerUpdateSvc - ok
12:15:07.0091 4584  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:15:07.0107 4584  adp94xx - ok
12:15:07.0107 4584  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:15:07.0122 4584  adpahci - ok
12:15:07.0122 4584  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:15:07.0138 4584  adpu320 - ok
12:15:07.0138 4584  [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
12:15:07.0154 4584  AEADIFilters - ok
12:15:07.0154 4584  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:15:07.0200 4584  AeLookupSvc - ok
12:15:07.0216 4584  [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
12:15:07.0232 4584  afcdp - ok
12:15:07.0263 4584  [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
12:15:07.0310 4584  afcdpsrv - ok
12:15:07.0310 4584  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
12:15:07.0341 4584  AFD - ok
12:15:07.0341 4584  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:15:07.0356 4584  agp440 - ok
12:15:07.0356 4584  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:15:07.0372 4584  ALG - ok
12:15:07.0372 4584  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:15:07.0372 4584  aliide - ok
12:15:07.0388 4584  [ A2F5BEA5B45A8E7C4776F39C25E8699D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:15:07.0403 4584  AMD External Events Utility - ok
12:15:07.0403 4584  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:15:07.0403 4584  amdide - ok
12:15:07.0403 4584  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:15:07.0419 4584  AmdK8 - ok
12:15:07.0497 4584  [ 5B03217859B014B090CB5060C1D96875 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:15:07.0622 4584  amdkmdag - ok
12:15:07.0637 4584  [ 35D2184A99AD4CD5D17284D6C9F382C9 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:15:07.0653 4584  amdkmdap - ok
12:15:07.0653 4584  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:15:07.0668 4584  AmdPPM - ok
12:15:07.0668 4584  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:15:07.0684 4584  amdsata - ok
12:15:07.0684 4584  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:15:07.0700 4584  amdsbs - ok
12:15:07.0700 4584  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:15:07.0700 4584  amdxata - ok
12:15:07.0715 4584  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:15:07.0731 4584  AntiVirSchedulerService - ok
12:15:07.0731 4584  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:15:07.0731 4584  AntiVirService - ok
12:15:07.0746 4584  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:15:07.0793 4584  AppID - ok
12:15:07.0793 4584  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:15:07.0809 4584  AppIDSvc - ok
12:15:07.0824 4584  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
12:15:07.0824 4584  Appinfo - ok
12:15:07.0840 4584  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:15:07.0840 4584  arc - ok
12:15:07.0856 4584  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:15:07.0856 4584  arcsas - ok
12:15:07.0871 4584  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:15:07.0887 4584  aspnet_state - ok
12:15:07.0887 4584  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:15:07.0902 4584  AsyncMac - ok
12:15:07.0902 4584  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:15:07.0918 4584  atapi - ok
12:15:07.0918 4584  [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:15:07.0934 4584  AtiHDAudioService - ok
12:15:08.0012 4584  [ 5B03217859B014B090CB5060C1D96875 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:15:08.0090 4584  atikmdag - ok
12:15:08.0090 4584  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:15:08.0136 4584  AudioEndpointBuilder - ok
12:15:08.0136 4584  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:15:08.0168 4584  AudioSrv - ok
12:15:08.0168 4584  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:15:08.0183 4584  avgntflt - ok
12:15:08.0183 4584  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:15:08.0199 4584  avipbb - ok
12:15:08.0199 4584  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:15:08.0199 4584  avkmgr - ok
12:15:08.0199 4584  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:15:08.0214 4584  AxInstSV - ok
12:15:08.0230 4584  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:15:08.0246 4584  b06bdrv - ok
12:15:08.0246 4584  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:15:08.0261 4584  b57nd60a - ok
12:15:08.0261 4584  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:15:08.0277 4584  BDESVC - ok
12:15:08.0277 4584  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:15:08.0308 4584  Beep - ok
12:15:08.0308 4584  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:15:08.0355 4584  BFE - ok
12:15:08.0355 4584  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
12:15:08.0386 4584  BITS - ok
12:15:08.0386 4584  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:15:08.0402 4584  blbdrive - ok
12:15:08.0402 4584  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:15:08.0417 4584  bowser - ok
12:15:08.0417 4584  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:15:08.0433 4584  BrFiltLo - ok
12:15:08.0433 4584  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:15:08.0448 4584  BrFiltUp - ok
12:15:08.0448 4584  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:15:08.0464 4584  Browser - ok
12:15:08.0464 4584  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:15:08.0480 4584  Brserid - ok
12:15:08.0480 4584  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:15:08.0495 4584  BrSerWdm - ok
12:15:08.0495 4584  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:15:08.0511 4584  BrUsbMdm - ok
12:15:08.0511 4584  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:15:08.0526 4584  BrUsbSer - ok
12:15:08.0526 4584  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:15:08.0542 4584  BTHMODEM - ok
12:15:08.0542 4584  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:15:08.0573 4584  bthserv - ok
12:15:08.0573 4584  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:15:08.0604 4584  cdfs - ok
12:15:08.0604 4584  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:15:08.0620 4584  cdrom - ok
12:15:08.0620 4584  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:15:08.0636 4584  CertPropSvc - ok
12:15:08.0636 4584  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:15:08.0651 4584  circlass - ok
12:15:08.0667 4584  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:15:08.0682 4584  CLFS - ok
12:15:08.0682 4584  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:15:08.0698 4584  clr_optimization_v2.0.50727_32 - ok
12:15:08.0698 4584  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:15:08.0714 4584  clr_optimization_v2.0.50727_64 - ok
12:15:08.0714 4584  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:15:08.0729 4584  clr_optimization_v4.0.30319_32 - ok
12:15:08.0729 4584  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:15:08.0745 4584  clr_optimization_v4.0.30319_64 - ok
12:15:08.0745 4584  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:15:08.0760 4584  CmBatt - ok
12:15:08.0760 4584  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:15:08.0760 4584  cmdide - ok
12:15:08.0776 4584  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
12:15:08.0792 4584  CNG - ok
12:15:08.0792 4584  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:15:08.0807 4584  Compbatt - ok
12:15:08.0807 4584  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:15:08.0823 4584  CompositeBus - ok
12:15:08.0823 4584  COMSysApp - ok
12:15:08.0823 4584  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:15:08.0838 4584  crcdisk - ok
12:15:08.0838 4584  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:15:08.0854 4584  CryptSvc - ok
12:15:08.0870 4584  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:15:08.0885 4584  DcomLaunch - ok
12:15:08.0901 4584  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:15:08.0916 4584  defragsvc - ok
12:15:08.0932 4584  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:15:08.0948 4584  DfsC - ok
12:15:08.0948 4584  [ 421D371E96480DD3A14EA37D0D2757D1 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
12:15:08.0963 4584  dg_ssudbus - ok
12:15:08.0963 4584  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:15:08.0994 4584  Dhcp - ok
12:15:08.0994 4584  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:15:09.0010 4584  discache - ok
12:15:09.0010 4584  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:15:09.0026 4584  Disk - ok
12:15:09.0026 4584  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:15:09.0041 4584  Dnscache - ok
12:15:09.0057 4584  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:15:09.0072 4584  dot3svc - ok
12:15:09.0088 4584  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:15:09.0104 4584  DPS - ok
12:15:09.0104 4584  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:15:09.0119 4584  drmkaud - ok
12:15:09.0119 4584  [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:15:09.0135 4584  dtsoftbus01 - ok
12:15:09.0135 4584  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:15:09.0166 4584  DXGKrnl - ok
12:15:09.0166 4584  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
12:15:09.0182 4584  E1G60 - ok
12:15:09.0182 4584  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:15:09.0213 4584  EapHost - ok
12:15:09.0228 4584  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:15:09.0275 4584  ebdrv - ok
12:15:09.0275 4584  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
12:15:09.0291 4584  EFS - ok
12:15:09.0306 4584  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:15:09.0322 4584  ehRecvr - ok
12:15:09.0322 4584  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:15:09.0338 4584  ehSched - ok
12:15:09.0353 4584  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:15:09.0369 4584  elxstor - ok
12:15:09.0369 4584  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:15:09.0384 4584  ErrDev - ok
12:15:09.0384 4584  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:15:09.0416 4584  EventSystem - ok
12:15:09.0416 4584  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:15:09.0447 4584  exfat - ok
12:15:09.0447 4584  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:15:09.0478 4584  fastfat - ok
12:15:09.0478 4584  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:15:09.0494 4584  Fax - ok
12:15:09.0494 4584  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:15:09.0509 4584  fdc - ok
12:15:09.0509 4584  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:15:09.0540 4584  fdPHost - ok
12:15:09.0540 4584  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:15:09.0556 4584  FDResPub - ok
12:15:09.0572 4584  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:15:09.0572 4584  FileInfo - ok
12:15:09.0572 4584  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:15:09.0603 4584  Filetrace - ok
12:15:09.0603 4584  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:15:09.0618 4584  flpydisk - ok
12:15:09.0618 4584  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:15:09.0634 4584  FltMgr - ok
12:15:09.0650 4584  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
12:15:09.0665 4584  FontCache - ok
12:15:09.0681 4584  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:15:09.0681 4584  FontCache3.0.0.0 - ok
12:15:09.0681 4584  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:15:09.0696 4584  FsDepends - ok
12:15:09.0712 4584  [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk     C:\Windows\SysWOW64\FsUsbExDisk.SYS
12:15:09.0728 4584  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
12:15:09.0728 4584  FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
12:15:09.0728 4584  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:15:09.0728 4584  Fs_Rec - ok
12:15:09.0743 4584  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:15:09.0759 4584  fvevol - ok
12:15:09.0759 4584  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:15:09.0774 4584  gagp30kx - ok
12:15:09.0774 4584  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:15:09.0821 4584  gpsvc - ok
12:15:09.0821 4584  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:15:09.0821 4584  hcw85cir - ok
12:15:09.0837 4584  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:15:09.0852 4584  HdAudAddService - ok
12:15:09.0852 4584  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:15:09.0868 4584  HDAudBus - ok
12:15:09.0868 4584  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:15:09.0884 4584  HidBatt - ok
12:15:09.0884 4584  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:15:09.0899 4584  HidBth - ok
12:15:09.0899 4584  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:15:09.0915 4584  HidIr - ok
12:15:09.0915 4584  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
12:15:09.0930 4584  hidserv - ok
12:15:09.0946 4584  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:15:09.0946 4584  HidUsb - ok
12:15:09.0946 4584  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:15:09.0977 4584  hkmsvc - ok
12:15:09.0977 4584  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:15:09.0993 4584  HomeGroupListener - ok
12:15:10.0008 4584  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:15:10.0008 4584  HomeGroupProvider - ok
12:15:10.0024 4584  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:15:10.0024 4584  HpSAMD - ok
12:15:10.0040 4584  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:15:10.0071 4584  HTTP - ok
12:15:10.0071 4584  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:15:10.0086 4584  hwpolicy - ok
12:15:10.0086 4584  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:15:10.0102 4584  i8042prt - ok
12:15:10.0102 4584  [ 8180A2392E732E8871589B54FAB6991F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:15:10.0118 4584  iaStor - ok
12:15:10.0133 4584  [ 17125B7D2F56B4B35441561C780C2CCB ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:15:10.0133 4584  IAStorDataMgrSvc - ok
12:15:10.0133 4584  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:15:10.0149 4584  iaStorV - ok
12:15:10.0164 4584  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:15:10.0196 4584  idsvc - ok
12:15:10.0196 4584  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:15:10.0211 4584  iirsp - ok
12:15:10.0211 4584  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:15:10.0258 4584  IKEEXT - ok
12:15:10.0258 4584  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:15:10.0274 4584  intelide - ok
12:15:10.0274 4584  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:15:10.0274 4584  intelppm - ok
12:15:10.0274 4584  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:15:10.0305 4584  IPBusEnum - ok
12:15:10.0305 4584  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:15:10.0336 4584  IpFilterDriver - ok
12:15:10.0336 4584  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:15:10.0367 4584  iphlpsvc - ok
12:15:10.0367 4584  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:15:10.0367 4584  IPMIDRV - ok
12:15:10.0383 4584  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:15:10.0398 4584  IPNAT - ok
12:15:10.0414 4584  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:15:10.0414 4584  IRENUM - ok
12:15:10.0414 4584  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:15:10.0430 4584  isapnp - ok
12:15:10.0430 4584  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:15:10.0445 4584  iScsiPrt - ok
12:15:10.0461 4584  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:15:10.0461 4584  kbdclass - ok
12:15:10.0461 4584  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:15:10.0476 4584  kbdhid - ok
12:15:10.0476 4584  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
12:15:10.0492 4584  KeyIso - ok
12:15:10.0492 4584  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:15:10.0508 4584  KSecDD - ok
12:15:10.0508 4584  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:15:10.0523 4584  KSecPkg - ok
12:15:10.0523 4584  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:15:10.0539 4584  ksthunk - ok
12:15:10.0554 4584  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:15:10.0586 4584  KtmRm - ok
12:15:10.0586 4584  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:15:10.0617 4584  LanmanServer - ok
12:15:10.0617 4584  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:15:10.0648 4584  LanmanWorkstation - ok
12:15:10.0648 4584  [ 9A7FA6371F68335FD3C3D6488BC5A9F8 ] Lavasoft Kernexplorer C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
12:15:10.0648 4584  Lavasoft Kernexplorer - ok
12:15:10.0664 4584  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:15:10.0679 4584  lltdio - ok
12:15:10.0695 4584  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:15:10.0710 4584  lltdsvc - ok
12:15:10.0726 4584  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:15:10.0742 4584  lmhosts - ok
12:15:10.0742 4584  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:15:10.0757 4584  LSI_FC - ok
12:15:10.0757 4584  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:15:10.0773 4584  LSI_SAS - ok
12:15:10.0773 4584  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:15:10.0788 4584  LSI_SAS2 - ok
12:15:10.0788 4584  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:15:10.0804 4584  LSI_SCSI - ok
12:15:10.0804 4584  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:15:10.0835 4584  luafv - ok
12:15:10.0835 4584  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:15:10.0851 4584  Mcx2Svc - ok
12:15:10.0851 4584  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:15:10.0851 4584  megasas - ok
12:15:10.0866 4584  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:15:10.0882 4584  MegaSR - ok
12:15:10.0882 4584  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:15:10.0898 4584  MMCSS - ok
12:15:10.0913 4584  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:15:10.0929 4584  Modem - ok
12:15:10.0929 4584  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:15:10.0944 4584  monitor - ok
12:15:10.0944 4584  [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
12:15:10.0960 4584  MotioninJoyXFilter - ok
12:15:10.0960 4584  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:15:10.0976 4584  mouclass - ok
12:15:10.0976 4584  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:15:10.0991 4584  mouhid - ok
12:15:10.0991 4584  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:15:10.0991 4584  mountmgr - ok
12:15:11.0007 4584  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:15:11.0022 4584  MozillaMaintenance - ok
12:15:11.0022 4584  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:15:11.0038 4584  mpio - ok
12:15:11.0038 4584  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:15:11.0054 4584  mpsdrv - ok
12:15:11.0069 4584  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:15:11.0100 4584  MpsSvc - ok
12:15:11.0116 4584  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:15:11.0132 4584  MRxDAV - ok
12:15:11.0132 4584  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:15:11.0147 4584  mrxsmb - ok
12:15:11.0147 4584  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:15:11.0163 4584  mrxsmb10 - ok
12:15:11.0163 4584  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:15:11.0178 4584  mrxsmb20 - ok
12:15:11.0178 4584  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:15:11.0194 4584  msahci - ok
12:15:11.0194 4584  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:15:11.0210 4584  msdsm - ok
12:15:11.0210 4584  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:15:11.0225 4584  MSDTC - ok
12:15:11.0225 4584  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:15:11.0256 4584  Msfs - ok
12:15:11.0256 4584  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:15:11.0272 4584  mshidkmdf - ok
12:15:11.0272 4584  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:15:11.0288 4584  msisadrv - ok
12:15:11.0288 4584  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:15:11.0319 4584  MSiSCSI - ok
12:15:11.0319 4584  msiserver - ok
12:15:11.0319 4584  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:15:11.0350 4584  MSKSSRV - ok
12:15:11.0350 4584  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:15:11.0366 4584  MSPCLOCK - ok
12:15:11.0366 4584  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:15:11.0397 4584  MSPQM - ok
12:15:11.0397 4584  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:15:11.0412 4584  MsRPC - ok
12:15:11.0428 4584  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:15:11.0428 4584  mssmbios - ok
12:15:11.0428 4584  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:15:11.0459 4584  MSTEE - ok
12:15:11.0459 4584  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:15:11.0459 4584  MTConfig - ok
12:15:11.0475 4584  [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
12:15:11.0475 4584  MTsensor - ok
12:15:11.0475 4584  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:15:11.0490 4584  Mup - ok
12:15:11.0490 4584  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:15:11.0522 4584  napagent - ok
12:15:11.0522 4584  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:15:11.0553 4584  NativeWifiP - ok
12:15:11.0553 4584  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:15:11.0568 4584  NDIS - ok
12:15:11.0584 4584  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:15:11.0600 4584  NdisCap - ok
12:15:11.0600 4584  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:15:11.0631 4584  NdisTapi - ok
12:15:11.0631 4584  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:15:11.0646 4584  Ndisuio - ok
12:15:11.0662 4584  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:15:11.0678 4584  NdisWan - ok
12:15:11.0693 4584  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:15:11.0709 4584  NDProxy - ok
12:15:11.0709 4584  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:15:11.0740 4584  NetBIOS - ok
12:15:11.0740 4584  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:15:11.0771 4584  NetBT - ok
12:15:11.0771 4584  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
12:15:11.0787 4584  Netlogon - ok
12:15:11.0787 4584  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:15:11.0802 4584  Netman - ok
12:15:11.0818 4584  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:15:11.0834 4584  NetMsmqActivator - ok
12:15:11.0834 4584  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:15:11.0834 4584  NetPipeActivator - ok
12:15:11.0849 4584  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:15:11.0880 4584  netprofm - ok
12:15:11.0880 4584  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:15:11.0880 4584  NetTcpActivator - ok
12:15:11.0896 4584  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:15:11.0896 4584  NetTcpPortSharing - ok
12:15:11.0896 4584  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:15:11.0912 4584  nfrd960 - ok
12:15:11.0912 4584  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:15:11.0927 4584  NlaSvc - ok
12:15:11.0927 4584  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:15:11.0958 4584  Npfs - ok
12:15:11.0958 4584  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:15:11.0990 4584  nsi - ok
12:15:11.0990 4584  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:15:12.0005 4584  nsiproxy - ok
12:15:12.0021 4584  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:15:12.0068 4584  Ntfs - ok
12:15:12.0068 4584  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:15:12.0083 4584  Null - ok
12:15:12.0099 4584  [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
12:15:12.0099 4584  NVHDA - ok
12:15:12.0208 4584  [ 7A711D08F1FD1AB8149B6199F84A0EB7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:15:12.0333 4584  nvlddmkm - ok
12:15:12.0333 4584  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:15:12.0348 4584  nvraid - ok
12:15:12.0348 4584  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:15:12.0364 4584  nvstor - ok
12:15:12.0380 4584  [ B9F3591981D761A5CA1D24C369764D96 ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:15:12.0395 4584  nvsvc - ok
12:15:12.0411 4584  [ A9AFE5B0648C8D7A411A72D8222F7F6E ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:15:12.0442 4584  nvUpdatusService - ok
12:15:12.0442 4584  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:15:12.0458 4584  nv_agp - ok
12:15:12.0458 4584  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:15:12.0473 4584  odserv - ok
12:15:12.0489 4584  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:15:12.0489 4584  ohci1394 - ok
12:15:12.0504 4584  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:15:12.0504 4584  ose - ok
12:15:12.0520 4584  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:15:12.0536 4584  p2pimsvc - ok
12:15:12.0536 4584  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:15:12.0551 4584  p2psvc - ok
12:15:12.0551 4584  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:15:12.0567 4584  Parport - ok
12:15:12.0567 4584  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:15:12.0582 4584  partmgr - ok
12:15:12.0582 4584  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:15:12.0598 4584  PcaSvc - ok
12:15:12.0598 4584  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:15:12.0614 4584  pci - ok
12:15:12.0614 4584  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:15:12.0629 4584  pciide - ok
12:15:12.0629 4584  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:15:12.0645 4584  pcmcia - ok
12:15:12.0645 4584  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:15:12.0660 4584  pcw - ok
12:15:12.0676 4584  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:15:12.0707 4584  PEAUTH - ok
12:15:12.0723 4584  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:15:12.0738 4584  PerfHost - ok
12:15:12.0754 4584  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:15:12.0801 4584  pla - ok
12:15:12.0801 4584  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:15:12.0816 4584  PlugPlay - ok
12:15:12.0832 4584  PnkBstrA - ok
12:15:12.0832 4584  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:15:12.0832 4584  PNRPAutoReg - ok
12:15:12.0848 4584  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:15:12.0848 4584  PNRPsvc - ok
12:15:12.0863 4584  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:15:12.0894 4584  PolicyAgent - ok
12:15:12.0894 4584  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:15:12.0926 4584  Power - ok
12:15:12.0926 4584  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:15:12.0957 4584  PptpMiniport - ok
12:15:12.0957 4584  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:15:12.0972 4584  Processor - ok
12:15:12.0972 4584  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:15:12.0988 4584  ProfSvc - ok
12:15:12.0988 4584  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:15:12.0988 4584  ProtectedStorage - ok
12:15:13.0004 4584  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:15:13.0019 4584  Psched - ok
12:15:13.0035 4584  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:15:13.0066 4584  ql2300 - ok
12:15:13.0066 4584  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:15:13.0082 4584  ql40xx - ok
12:15:13.0097 4584  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:15:13.0113 4584  QWAVE - ok
12:15:13.0113 4584  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:15:13.0128 4584  QWAVEdrv - ok
12:15:13.0128 4584  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:15:13.0144 4584  RasAcd - ok
12:15:13.0144 4584  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:15:13.0175 4584  RasAgileVpn - ok
12:15:13.0175 4584  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:15:13.0206 4584  RasAuto - ok
12:15:13.0206 4584  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:15:13.0238 4584  Rasl2tp - ok
12:15:13.0238 4584  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:15:13.0269 4584  RasMan - ok
12:15:13.0269 4584  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:15:13.0300 4584  RasPppoe - ok
12:15:13.0300 4584  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:15:13.0331 4584  RasSstp - ok
12:15:13.0331 4584  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:15:13.0362 4584  rdbss - ok
12:15:13.0362 4584  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:15:13.0378 4584  rdpbus - ok
12:15:13.0378 4584  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:15:13.0394 4584  RDPCDD - ok
12:15:13.0409 4584  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:15:13.0425 4584  RDPENCDD - ok
12:15:13.0425 4584  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:15:13.0456 4584  RDPREFMP - ok
12:15:13.0456 4584  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:15:13.0472 4584  RdpVideoMiniport - ok
12:15:13.0472 4584  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:15:13.0487 4584  RDPWD - ok
12:15:13.0487 4584  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:15:13.0503 4584  rdyboost - ok
12:15:13.0503 4584  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:15:13.0534 4584  RemoteAccess - ok
12:15:13.0534 4584  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:15:13.0565 4584  RemoteRegistry - ok
12:15:13.0565 4584  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:15:13.0596 4584  RpcEptMapper - ok
12:15:13.0596 4584  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:15:13.0596 4584  RpcLocator - ok
12:15:13.0612 4584  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
12:15:13.0628 4584  RpcSs - ok
12:15:13.0643 4584  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:15:13.0659 4584  rspndr - ok
12:15:13.0659 4584  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
12:15:13.0674 4584  SamSs - ok
12:15:13.0674 4584  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:15:13.0690 4584  sbp2port - ok
12:15:13.0690 4584  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:15:13.0721 4584  SCardSvr - ok
12:15:13.0721 4584  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:15:13.0752 4584  scfilter - ok
12:15:13.0752 4584  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:15:13.0799 4584  Schedule - ok
12:15:13.0799 4584  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:15:13.0815 4584  SCPolicySvc - ok
12:15:13.0830 4584  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:15:13.0846 4584  SDRSVC - ok
12:15:13.0846 4584  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:15:13.0862 4584  secdrv - ok
12:15:13.0862 4584  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:15:13.0893 4584  seclogon - ok
12:15:13.0893 4584  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
12:15:13.0924 4584  SENS - ok
12:15:13.0924 4584  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:15:13.0940 4584  SensrSvc - ok
12:15:13.0940 4584  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:15:13.0940 4584  Serenum - ok
12:15:13.0955 4584  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:15:13.0955 4584  Serial - ok
12:15:13.0955 4584  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:15:13.0971 4584  sermouse - ok
12:15:13.0986 4584  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:15:14.0002 4584  SessionEnv - ok
12:15:14.0002 4584  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:15:14.0018 4584  sffdisk - ok
12:15:14.0018 4584  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:15:14.0033 4584  sffp_mmc - ok
12:15:14.0033 4584  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:15:14.0049 4584  sffp_sd - ok
12:15:14.0049 4584  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:15:14.0049 4584  sfloppy - ok
12:15:14.0064 4584  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:15:14.0096 4584  SharedAccess - ok
12:15:14.0096 4584  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:15:14.0127 4584  ShellHWDetection - ok
12:15:14.0127 4584  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:15:14.0142 4584  SiSRaid2 - ok
12:15:14.0142 4584  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:15:14.0158 4584  SiSRaid4 - ok
12:15:14.0158 4584  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:15:14.0189 4584  SkypeUpdate - ok
12:15:14.0189 4584  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:15:14.0220 4584  Smb - ok
12:15:14.0220 4584  [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
12:15:14.0236 4584  snapman - ok
12:15:14.0236 4584  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:15:14.0252 4584  SNMPTRAP - ok
12:15:14.0252 4584  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:15:14.0267 4584  spldr - ok
12:15:14.0267 4584  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
12:15:14.0283 4584  Spooler - ok
12:15:14.0314 4584  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:15:14.0376 4584  sppsvc - ok
12:15:14.0376 4584  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:15:14.0408 4584  sppuinotify - ok
12:15:14.0408 4584  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:15:14.0423 4584  srv - ok
12:15:14.0439 4584  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:15:14.0454 4584  srv2 - ok
12:15:14.0454 4584  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:15:14.0470 4584  srvnet - ok
12:15:14.0470 4584  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:15:14.0501 4584  SSDPSRV - ok
12:15:14.0501 4584  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:15:14.0532 4584  SstpSvc - ok
12:15:14.0532 4584  [ A97BFF59B3B983FDBDCD8AE6CF3C1E2D ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
12:15:14.0548 4584  ssudmdm - ok
12:15:14.0548 4584  [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
12:15:14.0564 4584  ss_bbus - ok
12:15:14.0564 4584  [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
12:15:14.0564 4584  ss_bmdfl - ok
12:15:14.0564 4584  [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
12:15:14.0579 4584  ss_bmdm - ok
12:15:14.0579 4584  [ 677CDC98F8363ACCAAE783FDE1599C2A ] ss_bserd        C:\Windows\system32\DRIVERS\ss_bserd.sys
12:15:14.0595 4584  ss_bserd - ok
12:15:14.0595 4584  [ 0887B293199AA2055888FABA989ED0A6 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:15:14.0610 4584  Stereo Service - ok
12:15:14.0626 4584  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:15:14.0626 4584  stexstor - ok
12:15:14.0642 4584  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:15:14.0657 4584  stisvc - ok
12:15:14.0657 4584  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:15:14.0673 4584  swenum - ok
12:15:14.0673 4584  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:15:14.0704 4584  swprv - ok
12:15:14.0720 4584  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:15:14.0766 4584  SysMain - ok
12:15:14.0766 4584  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:15:14.0782 4584  TabletInputService - ok
12:15:14.0782 4584  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:15:14.0813 4584  TapiSrv - ok
12:15:14.0813 4584  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:15:14.0844 4584  TBS - ok
12:15:14.0860 4584  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:15:14.0907 4584  Tcpip - ok
12:15:14.0922 4584  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:15:14.0938 4584  TCPIP6 - ok
12:15:14.0954 4584  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:15:14.0954 4584  tcpipreg - ok
12:15:14.0969 4584  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:15:14.0969 4584  TDPIPE - ok
12:15:14.0985 4584  [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273      C:\Windows\system32\DRIVERS\tdrpm273.sys
12:15:15.0016 4584  tdrpman273 - ok
12:15:15.0016 4584  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:15:15.0016 4584  TDTCP - ok
12:15:15.0032 4584  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:15:15.0047 4584  tdx - ok
12:15:15.0047 4584  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:15:15.0063 4584  TermDD - ok
12:15:15.0063 4584  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:15:15.0110 4584  TermService - ok
12:15:15.0110 4584  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:15:15.0125 4584  Themes - ok
12:15:15.0125 4584  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:15:15.0141 4584  THREADORDER - ok
12:15:15.0156 4584  [ EBBAEA02F0095A798000C7E06B16D41B ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
12:15:15.0172 4584  timounter - ok
12:15:15.0188 4584  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:15:15.0203 4584  TrkWks - ok
12:15:15.0219 4584  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:15:15.0234 4584  TrustedInstaller - ok
12:15:15.0234 4584  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:15:15.0266 4584  tssecsrv - ok
12:15:15.0266 4584  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:15:15.0281 4584  TsUsbFlt - ok
12:15:15.0281 4584  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:15:15.0297 4584  tunnel - ok
12:15:15.0312 4584  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:15:15.0312 4584  uagp35 - ok
12:15:15.0328 4584  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:15:15.0344 4584  udfs - ok
12:15:15.0359 4584  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:15:15.0375 4584  UI0Detect - ok
12:15:15.0375 4584  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:15:15.0375 4584  uliagpkx - ok
12:15:15.0390 4584  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:15:15.0390 4584  umbus - ok
12:15:15.0390 4584  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:15:15.0406 4584  UmPass - ok
12:15:15.0406 4584  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:15:15.0437 4584  upnphost - ok
12:15:15.0453 4584  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
12:15:15.0453 4584  usbccgp - ok
12:15:15.0453 4584  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:15:15.0468 4584  usbcir - ok
12:15:15.0484 4584  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:15:15.0484 4584  usbehci - ok
12:15:15.0500 4584  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:15:15.0515 4584  usbhub - ok
12:15:15.0515 4584  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:15:15.0515 4584  usbohci - ok
12:15:15.0515 4584  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:15:15.0531 4584  usbprint - ok
12:15:15.0531 4584  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:15:15.0546 4584  USBSTOR - ok
12:15:15.0546 4584  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:15:15.0562 4584  usbuhci - ok
12:15:15.0562 4584  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:15:15.0593 4584  UxSms - ok
12:15:15.0593 4584  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
12:15:15.0593 4584  VaultSvc - ok
12:15:15.0609 4584  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:15:15.0609 4584  vdrvroot - ok
12:15:15.0624 4584  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:15:15.0656 4584  vds - ok
12:15:15.0656 4584  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:15:15.0671 4584  vga - ok
12:15:15.0671 4584  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:15:15.0687 4584  VgaSave - ok
12:15:15.0687 4584  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:15:15.0702 4584  vhdmp - ok
12:15:15.0718 4584  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:15:15.0718 4584  viaide - ok
12:15:15.0718 4584  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:15:15.0734 4584  volmgr - ok
12:15:15.0734 4584  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:15:15.0749 4584  volmgrx - ok
12:15:15.0765 4584  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:15:15.0780 4584  volsnap - ok
12:15:15.0780 4584  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:15:15.0796 4584  vsmraid - ok
12:15:15.0812 4584  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:15:15.0843 4584  VSS - ok
12:15:15.0858 4584  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:15:15.0858 4584  vwifibus - ok
12:15:15.0874 4584  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:15:15.0905 4584  W32Time - ok
12:15:15.0905 4584  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:15:15.0921 4584  WacomPen - ok
12:15:15.0921 4584  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:15:15.0936 4584  WANARP - ok
12:15:15.0952 4584  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:15:15.0968 4584  Wanarpv6 - ok
12:15:15.0983 4584  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:15:16.0014 4584  WatAdminSvc - ok
12:15:16.0030 4584  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:15:16.0061 4584  wbengine - ok
12:15:16.0061 4584  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:15:16.0077 4584  WbioSrvc - ok
12:15:16.0077 4584  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:15:16.0092 4584  wcncsvc - ok
12:15:16.0108 4584  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:15:16.0108 4584  WcsPlugInService - ok
12:15:16.0124 4584  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:15:16.0124 4584  Wd - ok
12:15:16.0139 4584  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:15:16.0155 4584  Wdf01000 - ok
12:15:16.0155 4584  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:15:16.0186 4584  WdiServiceHost - ok
12:15:16.0186 4584  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:15:16.0186 4584  WdiSystemHost - ok
12:15:16.0202 4584  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
12:15:16.0217 4584  WebClient - ok
12:15:16.0217 4584  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:15:16.0248 4584  Wecsvc - ok
12:15:16.0248 4584  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:15:16.0280 4584  wercplsupport - ok
12:15:16.0280 4584  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:15:16.0311 4584  WerSvc - ok
12:15:16.0311 4584  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:15:16.0326 4584  WfpLwf - ok
12:15:16.0326 4584  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:15:16.0342 4584  WIMMount - ok
12:15:16.0342 4584  WinDefend - ok
12:15:16.0342 4584  WinHttpAutoProxySvc - ok
12:15:16.0358 4584  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:15:16.0389 4584  Winmgmt - ok
12:15:16.0404 4584  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:15:16.0451 4584  WinRM - ok
12:15:16.0451 4584  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:15:16.0467 4584  WinUsb - ok
12:15:16.0482 4584  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:15:16.0498 4584  Wlansvc - ok
12:15:16.0498 4584  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:15:16.0514 4584  WmiAcpi - ok
12:15:16.0514 4584  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:15:16.0529 4584  wmiApSrv - ok
12:15:16.0529 4584  WMPNetworkSvc - ok
12:15:16.0529 4584  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:15:16.0545 4584  WPCSvc - ok
12:15:16.0545 4584  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:15:16.0560 4584  WPDBusEnum - ok
12:15:16.0560 4584  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:15:16.0592 4584  ws2ifsl - ok
12:15:16.0592 4584  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
12:15:16.0607 4584  wscsvc - ok
12:15:16.0607 4584  WSearch - ok
12:15:16.0638 4584  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:15:16.0670 4584  wuauserv - ok
12:15:16.0685 4584  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:15:16.0685 4584  WudfPf - ok
12:15:16.0701 4584  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:15:16.0701 4584  WUDFRd - ok
12:15:16.0716 4584  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:15:16.0716 4584  wudfsvc - ok
12:15:16.0732 4584  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:15:16.0748 4584  WwanSvc - ok
12:15:16.0748 4584  [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
12:15:16.0748 4584  xusb21 - ok
12:15:16.0763 4584  [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
12:15:16.0779 4584  yukonw7 - ok
12:15:16.0779 4584  ================ Scan global ===============================
12:15:16.0779 4584  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:15:16.0779 4584  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:15:16.0794 4584  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:15:16.0794 4584  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:15:16.0810 4584  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:15:16.0810 4584  [Global] - ok
12:15:16.0810 4584  ================ Scan MBR ==================================
12:15:16.0810 4584  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:15:16.0872 4584  \Device\Harddisk0\DR0 - ok
12:15:16.0888 4584  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:15:16.0935 4584  \Device\Harddisk1\DR1 - ok
12:15:16.0935 4584  ================ Scan VBR ==================================
12:15:16.0935 4584  [ 97A91E88576642261961BB0C4DD5D0B6 ] \Device\Harddisk0\DR0\Partition1
12:15:16.0935 4584  \Device\Harddisk0\DR0\Partition1 - ok
12:15:16.0935 4584  [ BDDD3CBD262A86DB76C54602C6C045D5 ] \Device\Harddisk0\DR0\Partition2
12:15:16.0935 4584  \Device\Harddisk0\DR0\Partition2 - ok
12:15:16.0935 4584  [ 0816793743801A2CF5745E6D8C7612FF ] \Device\Harddisk1\DR1\Partition1
12:15:16.0935 4584  \Device\Harddisk1\DR1\Partition1 - ok
12:15:16.0935 4584  ============================================================
12:15:16.0935 4584  Scan finished
12:15:16.0935 4584  ============================================================
12:15:16.0935 4376  Detected object count: 1
12:15:16.0935 4376  Actual detected object count: 1
12:15:46.0060 4376  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
12:15:46.0060 4376  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:15:56.0530 2632  Deinitialize success
         
Muss ich jetzt noch irgendwas machen oder wars das für mich?


Alt 08.06.2013, 18:27   #6
smeenk
/// Malwareteam / Visitor
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Einige kleine Schritte noch

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

Alt 08.06.2013, 19:11   #7
Kensai
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Code:
ATTFilter
# AdwCleaner v2.302 - Datei am 08/06/2013 um 20:07:43 erstellt
# Aktualisiert am 06/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Mandi - MANDI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mandi\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Mandi\AppData\Roaming\dvdvideosoftiehelpers

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Mandi\AppData\Roaming\Mozilla\Firefox\Profiles\tsxap40z.default\prefs.js

Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7BACAA314B-EEBA-48e4-AD47[...]

*************************

AdwCleaner[S1].txt - [1613 octets] - [08/06/2013 20:07:43]

########## EOF - C:\AdwCleaner[S1].txt - [1673 octets] ##########
         
und

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 17  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 10.1.1 Adobe Reader out of Date!  
 Mozilla Firefox (21.0) 
 Mozilla Thunderbird (17.0.3) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 08.06.2013, 19:18   #8
smeenk
/// Malwareteam / Visitor
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Einige Plugins sind veraltet.
Mach diese Check: https://www.mozilla.org/de/plugincheck/‎
Veraltete Plugins Aktualisieren lassen.

Nachher den Rechner neustarten und ein neue SecurityCheck Log-Datei erstellen und mir posten.

Alt 09.06.2013, 09:07   #9
Kensai
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Code:
ATTFilter
 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 21  
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.7.700.202  
 Adobe Reader XI  
 Mozilla Firefox (21.0) 
 Mozilla Thunderbird (17.0.3) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 09.06.2013, 10:07   #10
smeenk
/// Malwareteam / Visitor
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Es wird ein Problem mit der Security Center Service angezeigt, mach folgendes:

Downloade dir bitte Farbar's Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.

Alt 09.06.2013, 11:34   #11
Kensai
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Code:
ATTFilter
Farbar Service Scanner Version: 31-05-2013 01
Ran by Mandi (administrator) on 09-06-2013 at 12:34:00
Running from "C:\Users\Mandi\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
         

Alt 09.06.2013, 21:26   #12
smeenk
/// Malwareteam / Visitor
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Anscheinend sieht alles jetzt Prima aus

Ich denke wir sind fertig

Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich.


Tools deinstallieren

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: jetzt auf re-enable klicken.
  2. Downloade Dir bitte auf jeden Fall delfix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
  3. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Abschließend noch Tipps zu folgenden Themen:
  • Systemupdates
  • Softwareupdates
  • Sicherheitssoftware
  • Sicheres Surfen
Lesestoff:
Systemupdates
Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt:
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.


Lesestoff:
Softwareupdates
Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:Auch nicht gelistete Programme sind natürlich wichtig. Ob es für diese eine neue Version gibt, kannst du auf deren Herstellerwebseite oder ganz bequem mit diesen Tools überprüfen:


Lesestoff:
Sicherheitssoftware
Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
  • Wenn du deine Antivirenlösung wechseln solltest, findest du hier Tools mit denen du die Überreste nach der Deinstallation deines alten Scanners entfernen kannst.
  • Installiere niemals mehr als einen Virenscanner. Deren Hintergrundwächter würden sich gegenseitig behindern und dein System ausbremsen.
  • Ein Browserplugin, das dich vor betrügerischen Webseiten schützt, kann dir gute Dienste leisten, wenn du dich nicht gut auskennst (siehe oben).
  • Sorge dafür, dass deine Sicherheitslösung ständig up-to-date ist und sich automatisch Updates besorgt. Wenn du auf manuelle Updates setzt bist du meistens zu spät, da die Virendatenbanken oft täglich sogar mehrfach erneuert werden.
  • Einen zusätzlichen Schutz (und dieser wäre auch erlaubt) bietet ein spezieller Malwarescanner. Hier empfehle ich dir dringend Malwarebytes und einmal wöchentlich damit zu scannen. In der kostenpflichtigen Version hat es sogar einen Hintergrundwächter. Hierfür haben wir eine Anleitung für dich.
Zuletzt empfehle ich dir deine Daten regelmässig (am besten automatisch) zu sichern. Dies kann eine professionelle Backuplösung, externe Festplatten, Brennen auf DVDs oder Überspielen auf ein Online-Laufwerk wie z.B. Dropbox sein. Erzeuge so viele Kopien wie möglich und halte sie aktuell. Nur so bist du auf den schlimmsten Fall vorbereitet, wenn dein Computer - wodurch auch immer - unbrauchbar werden sollte. Leider passiert das ja immer unangekündigt und immer dann wenn man ihn am Nötigsten braucht. Also sorge vor!


Lesestoff:
Sicheres Surfen
Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
  • Klicke nicht irgendwo hin, nur weil es bunt ist und leuchtet, in einer Ecke aufpoppt oder so aussieht, als wäre es eine Systemmeldung.
  • Lade dir keine illegale Software, keine Cracks, keine Keygens, keine Gametrainer usw ... die Webseiten, die so etwas anbieten, sind meist nicht seriös und die angeblichen Helfer sind meist verseuchter als du es dir ausmalen würdest. Es spielt dabei keine Rolle, ob du diese Dateien über einen Browser oder Filesharingprogramme beziehst.
  • Öffne keine Emailanhänge von Leuten, die du nicht kennst, Emails mit seltsamen Rechtschreibfehlern oder starte Dateien, die dir eine Webseite anbietet, ohne dass du sie wolltest.
  • Lasse niemand an deinem Computer surfen, der diese Regeln nicht auch befolgt.
  • Verlasse dich nicht darauf, dass dein Virenscanner schon alles findet. Keine Sicherheitslösung ist 100% sicher!

Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
  • WOT (Web of trust) Dieses Add-On warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst. Hinweis: Avast enthält ein solches Plugin bereits.
  • Sandboxie schafft eine zusätzliche isolierte Programmumgebung, damit dein Browser wie ein Kleinkind im Sandkasten sicher ist. (Anleitung: Sandboxie)
  • Securebanking ist ein Software, die Verbindungen untersucht und dir meldet, wenn jemand "mithört". Wie der Name sagt, wurde es entwickelt, damit Onlinebanking wirklich sicher ist. Mehr Infos auf der Homepage: Secure Banking

Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.



Damit wünsche ich dir noch viel Spaß beim Surfen im Internet

... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Grüße
Smeenk

Alt 10.06.2013, 11:46   #13
Kensai
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Super

Vielen vielen dank für die schnelle und kompetente Hilfe.

Alt 10.06.2013, 21:58   #14
smeenk
/// Malwareteam / Visitor
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Schön, dass wir helfen konnten

Grüße
Smeenk

Antwort

Themen zu Polizeivirus Österreich
ad-aware, antivir, autorun, avira, bho, browser, cpu-z, desktop, device driver, error, firefox, flash player, format, ftp, helper, home, homepage, iexplore.exe, install.exe, launch, logfile, mozilla, registry, rundll, scan, schannel.dll, security, software, usb



Ähnliche Themen: Polizeivirus Österreich


  1. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (17)
  2. Polizeivirus Österreich
    Alles rund um Windows - 30.03.2013 (1)
  3. Polizeivirus Österreich
    Log-Analyse und Auswertung - 07.02.2013 (9)
  4. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (3)
  5. polizeivirus! österreich
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (10)
  6. Polizeivirus (Österreich)
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (2)
  7. Polizeivirus Österreich, 20.08.12
    Log-Analyse und Auswertung - 05.10.2012 (4)
  8. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (23)
  9. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (11)
  10. Polizeivirus österreich
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  11. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (4)
  12. Polizeivirus Österreich...
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (14)
  13. Polizeivirus Österreich
    Log-Analyse und Auswertung - 02.09.2012 (13)
  14. Polizeivirus Österreich, 20.08.12
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (2)
  15. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (12)
  16. Polizeivirus Österreich vom 2.8.12
    Log-Analyse und Auswertung - 16.08.2012 (49)
  17. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (13)

Zum Thema Polizeivirus Österreich - Hallo liebe Gemeinde. Leider hat es mich vor ner Stunde auch erwischt...weisser Bildschirm. Abgesicherter Modus geht auch nicht. OTL hab ich gemacht und habe hier im Anhang die Logs. Vielen - Polizeivirus Österreich...
Archiv
Du betrachtest: Polizeivirus Österreich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.