Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: System Care Antivirus und SpyHunter 4. wie entfernen?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.06.2013, 10:07   #1
Vanny
 
System Care Antivirus und SpyHunter 4. wie entfernen? - Standard

System Care Antivirus und SpyHunter 4. wie entfernen?



Hallo,

gestern ist beim Starten das Programm System Care Antivirus aufgetaucht. Als ich es als Trojaner erkannt habe, habe ich auf meinem Tablet nach Entfernungsmethoden gesucht bei Google. Leider habe ich auf ein YouTube Video gehört und habe Spyhunter 4 heruntergeladen. Danach habe ich festgestellt dass dies ja auch Malware ist. Wie kann ich beides wieder entfernen? Fliege morgen in die USA und brauche das Laptop ganz dringend. Danke schon Mal im Vorraus für die Hilfe.

Alt 09.06.2013, 10:10   #2
markusg
/// Malware-holic
 
System Care Antivirus und SpyHunter 4. wie entfernen? - Standard

System Care Antivirus und SpyHunter 4. wie entfernen?



hi,
starte den betroffenen pc in den abgesicherten Modus, geht bei neustart via f8, die nun folgenen Programme und logs von einem anderen pc kopieren, bzw auf diesen um uns dann die Logs zu posten.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 09.06.2013, 10:35   #3
Vanny
 
System Care Antivirus und SpyHunter 4. wie entfernen? - Standard

System Care Antivirus und SpyHunter 4. wie entfernen?



wo finde ich denn OTl.txt und Extra.txt?
__________________

Alt 09.06.2013, 10:37   #4
markusg
/// Malware-holic
 
System Care Antivirus und SpyHunter 4. wie entfernen? - Standard

System Care Antivirus und SpyHunter 4. wie entfernen?



werden entweder automatisch geöffnet oder halt mal die windows suche nutzen.b
bzw sollten die auch im selben Ordner wie die otl.exe liegen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.06.2013, 10:43   #5
Vanny
 
System Care Antivirus und SpyHunter 4. wie entfernen? - Standard

System Care Antivirus und SpyHunter 4. wie entfernen?



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.06.2013 11:31:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\userle\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 3,09 Gb Available Physical Memory | 88,35% Memory free
6,99 Gb Paging File | 6,58 Gb Available in Paging File | 94,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 203,27 Gb Free Space | 43,65% Space Free | Partition Type: NTFS
 
Computer Name: USERLE-PC | User Name: userle | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.09 11:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\userle\Desktop\OTL.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.01.30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.29 12:21:55 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.16 14:40:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.07 16:18:42 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2013.03.25 17:20:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.25 17:20:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.03.05 00:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.05.10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.06.08 21:28:06 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013.03.25 17:20:53 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.25 17:20:53 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.25 17:20:53 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.17 21:59:56 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013.02.17 21:34:30 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.12.29 12:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.07.03 11:43:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem)
DRV - [2012.07.03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2012.06.22 12:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2012.03.02 16:03:00 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2012.03.02 16:03:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2012.03.02 16:03:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2011.05.06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009.11.12 15:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2007.10.11 02:01:00 | 000,234,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM04Vid.sys -- (OEM04Vid)
DRV - [2007.05.10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sthda.sys -- (STHDA)
DRV - [2007.03.05 19:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM04Vfx.sys -- (OEM04Vfx)
DRV - [2006.11.15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 99 FC 33 98 64 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7Bf13b157f-b174-47e7-a34d-4815ddfdfeb8%7D:0.9.89
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\userle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.20 20:09:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.16 14:17:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2013.02.17 19:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\userle\AppData\Roaming\mozilla\Extensions
[2013.04.02 16:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\userle\AppData\Roaming\mozilla\Firefox\Profiles\volklsg0.default\extensions
[2013.04.02 16:21:54 | 000,210,138 | ---- | M] () (No name found) -- C:\Users\userle\AppData\Roaming\mozilla\firefox\profiles\volklsg0.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
[2013.05.29 12:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.29 12:21:56 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\userle\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify] C:\Users\userle\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\userle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\RunOnce: [D62395553691AD1D0000D622BF38B359] C:\ProgramData\D62395553691AD1D0000D622BF38B359\D62395553691AD1D0000D622BF38B359.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7F9F026-08A5-4C67-AC9F-FE6597FE36BF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e0b65b7d-9e11-11e2-8a9a-001fe2df87bb}\Shell - "" = AutoRun
O33 - MountPoints2\{e0b65b7d-9e11-11e2-8a9a-001fe2df87bb}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.09 11:28:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\userle\Desktop\OTL.exe
[2013.06.09 00:39:41 | 000,000,000 | ---D | C] -- C:\Users\userle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.06.09 00:39:40 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.06.09 00:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.09 00:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.06.09 00:35:59 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\userle\Desktop\SpyHunter-Installer.exe
[2013.06.08 21:28:23 | 000,000,000 | ---D | C] -- C:\Users\userle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013.06.08 16:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\D62395553691AD1D0000D622BF38B359
[2013.06.08 16:33:55 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.06.02 23:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\avisplit
[2013.06.02 23:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVI Splitter
[2013.06.01 14:10:01 | 000,397,312 | ---- | C] (Koyote Soft) -- C:\Windows\System32\TubeFinder.exe
[2013.06.01 14:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2013.06.01 14:10:00 | 000,000,000 | ---D | C] -- C:\Users\userle\AppData\Roaming\FreeFLVConverter
[2013.06.01 14:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter
[2013.05.29 12:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.17 13:41:11 | 000,000,000 | ---D | C] -- C:\Users\userle\Documents\StreamTransport
[2013.05.17 13:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
[2013.05.17 13:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTransport
[2013.05.16 14:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.09 11:31:44 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.09 11:31:44 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.09 11:31:44 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.09 11:31:44 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.09 11:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\userle\Desktop\OTL.exe
[2013.06.09 11:26:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.09 11:26:08 | 2817,032,192 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.09 04:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.09 04:27:27 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.09 04:27:14 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3788470504-4243836522-2258722930-1000UA.job
[2013.06.09 00:39:42 | 000,002,248 | ---- | M] () -- C:\Users\userle\Desktop\SpyHunter.lnk
[2013.06.09 00:36:00 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\userle\Desktop\SpyHunter-Installer.exe
[2013.06.08 21:28:24 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 21:28:24 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 21:28:24 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013.06.08 21:28:23 | 000,002,048 | ---- | M] () -- C:\Users\userle\Desktop\System Care Antivirus.lnk
[2013.06.08 21:28:06 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013.06.08 21:27:53 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.08 15:23:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3788470504-4243836522-2258722930-1000Core.job
[2013.06.01 14:11:05 | 001,203,951 | ---- | M] () -- C:\Users\userle\Desktop\3satonlineMediathekFragenanJohnHattie.flv
[2013.06.01 14:11:05 | 000,001,638 | ---- | M] () -- C:\Users\userle\Desktop\3satonlineMediathekFragenanJohnHattie.html
[2013.06.01 14:10:01 | 000,001,079 | ---- | M] () -- C:\Users\userle\Desktop\Free FLV Converter.lnk
[2013.05.17 13:51:58 | 103,767,332 | ---- | M] () -- C:\Users\userle\Documents\3sat.online - Mediathek Fragen an John Hattie.flv
[2013.05.17 13:48:57 | 079,182,497 | ---- | M] () -- C:\Users\userle\Documents\3sat.online - Mediathek Lernen sichtbar machen.flv
[2013.05.17 13:42:16 | 000,000,013 | ---- | M] () -- C:\Users\userle\Documents\3sat.online - Mediathek Lernen sichtbar machen_0.flv
[2013.05.17 13:40:04 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\ StreamTransport.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.09 00:39:42 | 000,002,248 | ---- | C] () -- C:\Users\userle\Desktop\SpyHunter.lnk
[2013.06.08 21:28:23 | 000,002,048 | ---- | C] () -- C:\Users\userle\Desktop\System Care Antivirus.lnk
[2013.06.01 14:11:05 | 000,001,638 | ---- | C] () -- C:\Users\userle\Desktop\3satonlineMediathekFragenanJohnHattie.html
[2013.06.01 14:10:58 | 001,203,951 | ---- | C] () -- C:\Users\userle\Desktop\3satonlineMediathekFragenanJohnHattie.flv
[2013.06.01 14:10:08 | 000,001,145 | ---- | C] () -- C:\Users\userle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
[2013.06.01 14:10:01 | 000,001,079 | ---- | C] () -- C:\Users\userle\Desktop\Free FLV Converter.lnk
[2013.06.01 14:10:00 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx
[2013.06.01 14:10:00 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb
[2013.06.01 14:10:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx
[2013.05.17 13:43:20 | 103,767,332 | ---- | C] () -- C:\Users\userle\Documents\3sat.online - Mediathek Fragen an John Hattie.flv
[2013.05.17 13:42:16 | 000,000,013 | ---- | C] () -- C:\Users\userle\Documents\3sat.online - Mediathek Lernen sichtbar machen_0.flv
[2013.05.17 13:41:30 | 079,182,497 | ---- | C] () -- C:\Users\userle\Documents\3sat.online - Mediathek Lernen sichtbar machen.flv
[2013.05.17 13:40:04 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\ StreamTransport.lnk
[2013.04.20 22:56:15 | 000,000,786 | ---- | C] () -- C:\Windows\FWDN_V7_CFG.ini
[2013.04.07 20:01:30 | 000,017,408 | ---- | C] () -- C:\Users\userle\AppData\Local\WebpageIcons.db
[2013.04.07 18:01:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2013.04.07 18:01:48 | 000,002,411 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2013.02.21 23:41:26 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2013.02.18 00:25:31 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013.02.17 19:45:29 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2013.02.17 18:47:49 | 000,007,598 | ---- | C] () -- C:\Users\userle\AppData\Local\Resmon.ResmonCfg
[2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.21 23:41:35 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\Canneverbe Limited
[2013.02.24 18:13:28 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\Canon
[2013.02.17 22:04:00 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\DAEMON Tools Lite
[2013.02.20 20:10:15 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\DVDVideoSoft
[2013.02.20 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.06.01 14:10:09 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\FreeFLVConverter
[2013.06.08 14:36:50 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\ICQ
[2013.04.07 18:30:33 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\LG Electronics
[2013.03.09 18:35:15 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\ManyCam
[2013.02.21 23:41:17 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\OpenCandy
[2013.06.08 21:28:17 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\Spotify
[2013.02.17 21:24:13 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\Thunderbird
[2013.06.05 19:46:40 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.02.17 18:16:48 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013.05.31 20:42:30 | 000,000,000 | ---D | M] -- C:\Bilder
[2013.02.18 00:55:44 | 000,000,000 | ---D | M] -- C:\Dell
[2013.02.17 18:13:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.04.03 20:56:58 | 000,000,000 | ---D | M] -- C:\Filme
[2013.04.07 18:33:53 | 000,000,000 | ---D | M] -- C:\LGMobileUpgrade
[2013.04.07 18:11:41 | 000,000,000 | ---D | M] -- C:\LGP880
[2013.03.28 23:31:16 | 000,000,000 | ---D | M] -- C:\Musik
[2013.04.03 12:36:47 | 000,000,000 | ---D | M] -- C:\Privat
[2013.06.09 00:39:40 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.06.08 16:35:25 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2013.02.17 18:13:17 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.02.17 18:13:17 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.06.09 00:40:11 | 000,000,000 | ---D | M] -- C:\sh4ldr
[2013.06.09 01:50:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.05.12 15:11:44 | 000,000,000 | ---D | M] -- C:\Uni
[2013.02.17 21:25:22 | 000,000,000 | R--D | M] -- C:\Users
[2013.06.09 11:26:08 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:53:46 | 000,032,630 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013.02.18 00:25:36 | 000,000,388 | ---- | C] () -- C:\Windows\Tasks\SlimDrivers Startup.job
[2013.03.26 21:49:22 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.03.31 14:29:55 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.03.31 14:29:56 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.04.24 15:18:20 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3788470504-4243836522-2258722930-1000Core.job
[2013.04.24 15:18:21 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3788470504-4243836522-2258722930-1000UA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\userle\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130217T222744686637\internal_ide_channel\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\userle\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130217T222744686637\pci\cc_010601\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\userle\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130217T222744686637\pci\ven_8086&dev_2850\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.06.09 11:41:01 | 001,572,864 | -HS- | M] () -- C:\Users\userle\NTUSER.DAT
[2013.06.09 11:41:01 | 000,262,144 | -HS- | M] () -- C:\Users\userle\ntuser.dat.LOG1
[2013.02.17 18:16:29 | 000,000,000 | -HS- | M] () -- C:\Users\userle\ntuser.dat.LOG2
[2013.02.17 18:16:29 | 000,065,536 | -HS- | M] () -- C:\Users\userle\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2013.02.17 18:16:29 | 000,524,288 | -HS- | M] () -- C:\Users\userle\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2013.02.17 18:16:29 | 000,524,288 | -HS- | M] () -- C:\Users\userle\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013.02.17 18:16:29 | 000,000,020 | -HS- | M] () -- C:\Users\userle\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 60 bytes -> C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo

< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.06.2013 11:31:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\userle\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 3,09 Gb Available Physical Memory | 88,35% Memory free
6,99 Gb Paging File | 6,58 Gb Available in Paging File | 94,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 203,27 Gb Free Space | 43,65% Space Free | Partition Type: NTFS
 
Computer Name: USERLE-PC | User Name: userle | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C57BBE1-FFEA-4C97-A71D-335C66F24BCD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0FE133CD-B13E-404C-8280-763C031E6B2F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1E8C4E26-BAF8-4AED-BF98-477211B26D01}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{38EC1A9F-F8BD-48D9-AF98-24D986A529B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{488B4167-6AA4-471E-AE66-A56594C47299}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5441954A-4A8A-475A-91C6-C91F32489768}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5D92FB1E-571E-4724-B351-D60187C7F87E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6691E6DF-9E87-4678-8741-B20D05A99AFE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{74FE90DA-4245-4584-BEB8-0E8ABCD5579D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7B48221E-94FC-42CA-80F6-A1BF910C8E33}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{81D01602-4221-4935-80A8-E74FFA180783}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{86B7327C-3929-448E-BFCC-3E9A832E3DCC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8AC9AFEC-7DD9-4188-9718-440000A367A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8C717F28-0C59-41AD-9446-888C37FE45FB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9004FE43-2622-4E93-856C-A42F072CC871}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A81E3D5B-B26D-4751-B951-6DE53FCD258A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AB4BE23D-DA34-4976-AA78-28D0CAE6EB07}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0F7F35C-0207-498B-AC63-D57ABFBA34FC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CAF82307-47E6-4FD1-81E8-FF38259130F4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CD08212D-280B-4CE8-BA70-31C73B0E4446}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D076A6A4-3235-4217-A445-7E781C0E09DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D2E50543-BB5D-4B70-B8BF-8FF912165208}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E835CAE4-8149-4C5D-9D11-EC4C109C0C9B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F740CB8D-A3DF-4456-A4BB-BE4D2EB569E2}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016E6892-5C1C-45D5-B667-CA3F67409AFC}" = protocol=6 | dir=in | app=c:\users\userle\appdata\roaming\spotify\spotify.exe | 
"{0E379AC4-F89B-45A6-90FC-DC2BD6D4BD24}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{13904566-7B9C-41CD-B00B-6AA20C49643D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{14A246A4-E235-4386-9263-DB6C19CB0B6D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{1967BCCA-D703-49F1-B7BD-5547A0A3A4FA}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{25A29EE0-2BA2-4F7B-AD4C-BD7D5518C5D5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{33D8A9C9-5A1A-4A2E-9497-7083FEC7434A}" = dir=in | app=c:\users\userle\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{42A7C406-986F-43EF-B799-EA90D9242C6E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{44E4A6E3-18EE-4519-AB83-112373538A03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{46D2ADAD-FE25-4FD1-B488-F4D75491F346}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{472DB4B4-93A5-4F0F-94F2-E2A9A41B1A84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{488BCE4D-7FCE-446D-8232-8812B292DB8E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5016FE3C-5BF6-4D9A-AF6D-5ABEBB48A936}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{55101CD4-8266-486D-88CF-B8BB62B6911C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5E763E8D-B63E-4E1B-AC99-A4651B9A2FEE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6252FB75-54AB-4481-9969-DCBDBF8535C2}" = protocol=17 | dir=in | app=c:\users\userle\appdata\roaming\spotify\spotify.exe | 
"{6CEF9417-767E-4692-AC4B-2B37ACEDA265}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{723406F7-3DD6-4264-B724-D9924BCC0C66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{79A25013-6405-4131-AD29-2409334CD26D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7BB1A49E-055B-4F56-B735-FD2AF200BC82}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{88DA1809-53A5-452E-B095-CCBBBB5D4513}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8DB44B1B-09CD-49BC-B025-7CC7B7E1431C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{9837E709-1AA8-45F2-959D-C8E4AC0EDBC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9BB01477-F696-494C-810C-C2F5277329C5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{9C813D11-6FE3-45BF-B509-11691FFB9F9C}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{9FB3C2E2-C4AB-42C3-8CD8-72BDD5E7AB75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A2C51D6B-5644-4E2A-9FB7-A9D186F43E54}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B3D8EF61-651D-40FA-AE2B-4EE32BFE96BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C11BBFF1-7795-41D0-AC31-71D086B55E63}" = protocol=6 | dir=in | app=c:\users\userle\appdata\roaming\spotify\spotify.exe | 
"{C79A0FE5-3D6A-4102-92EB-832F4E38A062}" = protocol=6 | dir=out | app=system | 
"{C7EA98DC-C06E-4AF7-B5D0-FBE423B0C603}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{E0E9F962-E777-477F-9442-DEDAA4F6F0CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E1B54B12-67B5-4070-AE4A-D3130754E7F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFA65143-5F77-4B61-9DC6-F3F6097841ED}" = protocol=17 | dir=in | app=c:\users\userle\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{36E55486-5FA0-4FA4-B7D1-2C6605B3B1BB}C:\users\userle\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\userle\appdata\local\temp\rarsfx0\bie_kms.exe | 
"TCP Query User{8B560051-C8F6-44E6-975C-D792162DEF4B}C:\users\userle\appdata\local\temp\rarsfx1\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\userle\appdata\local\temp\rarsfx1\bie_kms.exe | 
"TCP Query User{AB451CD4-21A9-4E59-AFCB-77469E0CFE00}C:\program files\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"UDP Query User{0B5A1D1A-8126-4A08-95A6-F19243E2088B}C:\program files\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"UDP Query User{31BE56E9-16D0-4F6D-8B1E-D526E23AF578}C:\users\userle\appdata\local\temp\rarsfx1\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\userle\appdata\local\temp\rarsfx1\bie_kms.exe | 
"UDP Query User{CC134129-402C-4CCB-92B6-1FBF732E4341}C:\users\userle\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\userle\appdata\local\temp\rarsfx0\bie_kms.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C0508079-0000-4F68-A4DF-29C7ED7182C6}" = SlimDrivers
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E89498D8-1430-4A2B-A76A-4A71326981E9}" = SpyHunter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVI Splitter_is1" = AVI Splitter
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"COWON D3 Plenue Android Upgrade" = COWON D3 Plenue Android Upgrade
"Creative OEM004" = Laptop Integrated Webcam Driver (1.03.01.1011)  
"DAEMON Tools Lite" = DAEMON Tools Lite
"EB80D11E8D7946E220412AE1F2F19A1C5CD5FF7D" = Windows-Treiberpaket - Telechips Inc (vtcdrv) USB  (05/07/2010 5.0.0.1)
"Free FLV Converter_is1" = Free FLV Converter V 7.5.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"LG PC Suite" = LG PC Suite
"ManyCam" = ManyCam 2.6.30 (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Moo0 VoiceRecorder" = Moo0 VoiceRecorder 1.32
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"9204f5692a8faf3b" = Dell System Detect
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.06.2013 07:38:50 | Computer Name = userle-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7316
 
Error - 02.06.2013 07:38:50 | Computer Name = userle-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7316
 
Error - 02.06.2013 15:03:58 | Computer Name = userle-PC | Source = STacSV | ID = 268435455
Description = 
 
Error - 03.06.2013 01:58:46 | Computer Name = userle-PC | Source = STacSV | ID = 268435455
Description = 
 
Error - 03.06.2013 02:21:36 | Computer Name = userle-PC | Source = STacSV | ID = 268435455
Description = 
 
Error - 03.06.2013 03:00:21 | Computer Name = userle-PC | Source = STacSV | ID = 268435455
Description = 
 
Error - 03.06.2013 03:23:05 | Computer Name = userle-PC | Source = Google Update | ID = 20
Description = 
 
Error - 03.06.2013 16:10:55 | Computer Name = userle-PC | Source = STacSV | ID = 268435455
Description = 
 
Error - 04.06.2013 07:19:45 | Computer Name = userle-PC | Source = STacSV | ID = 268435455
Description = 
 
Error - 05.06.2013 04:44:49 | Computer Name = userle-PC | Source = STacSV | ID = 268435455
Description = 
 
[ System Events ]
Error - 20.04.2013 16:25:46 | Computer Name = userle-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.04.2013 16:25:48 | Computer Name = userle-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.04.2013 16:25:48 | Computer Name = userle-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 27.04.2013 16:51:06 | Computer Name = userle-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?04.?2013 um 22:45:53 unerwartet heruntergefahren.
 
Error - 09.05.2013 17:09:02 | Computer Name = userle-PC | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 10.0.1.2 mit 
dem Computer mit der  Netzwerkhardwareadresse 94-44-44-07-DA-4F ermittelt. Netzwerkvorgänge
 könnten daher auf diesem  System unterbrochen werden.
 
Error - 03.06.2013 02:00:29 | Computer Name = userle-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Bluetooth-Unterstützungsdienst erreicht.
 
Error - 03.06.2013 02:00:29 | Computer Name = userle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth-Unterstützungsdienst" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 03.06.2013 03:02:15 | Computer Name = userle-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 03.06.2013 03:02:18 | Computer Name = userle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 03.06.2013 03:02:18 | Computer Name = userle-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
--- --- ---


Alt 09.06.2013, 10:50   #6
markusg
/// Malware-holic
 
System Care Antivirus und SpyHunter 4. wie entfernen? - Standard

System Care Antivirus und SpyHunter 4. wie entfernen?



Hi,
sehe schon in der ersten Zeile n Problem, fehlene Windows Updates!

otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKCU..\RunOnce: [D62395553691AD1D0000D622BF38B359] C:\ProgramData\D62395553691AD1D0000D622BF38B359\D62395553691AD1D0000D622BF38B359.exe ()
[2013.06.08 21:28:23 | 000,000,000 | ---D | C] -- C:\Users\userle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013.06.08 16:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\D62395553691AD1D0000D622BF38B359
[2013.06.08 21:28:23 | 000,002,048 | ---- | C] () -- C:\Users\userle\Desktop\System Care Antivirus.lnk
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
--> System Care Antivirus und SpyHunter 4. wie entfernen?

Alt 09.06.2013, 11:15   #7
Vanny
 
System Care Antivirus und SpyHunter 4. wie entfernen? - Standard

System Care Antivirus und SpyHunter 4. wie entfernen?



All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\D62395553691AD1D0000D622BF38B359 deleted successfully.
C:\ProgramData\D62395553691AD1D0000D622BF38B359\D62395553691AD1D0000D622BF38B359.exe moved successfully.
C:\Users\userle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus folder moved successfully.
Folder C:\ProgramData\D62395553691AD1D0000D622BF38B359\ not found.
C:\Users\userle\Desktop\System Care Antivirus.lnk moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: userle
->Temp folder emptied: 631753708 bytes
->Temporary Internet Files folder emptied: 244530128 bytes
->Java cache emptied: 23978 bytes
->FireFox cache emptied: 392535419 bytes
->Flash cache emptied: 34255 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 180902 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51735798 bytes
RecycleBin emptied: 2974307826 bytes

Total Files Cleaned = 4.096,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06092013_120622

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Upload hat funktioniert. Muss ich jetzt noch etwas machen? Oder ist alles entfernt?

Alt 09.06.2013, 11:20   #8
markusg
/// Malware-holic
 
System Care Antivirus und SpyHunter 4. wie entfernen? - Standard

System Care Antivirus und SpyHunter 4. wie entfernen?



Hi
weiter gehts:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.06.2013, 11:35   #9
Vanny
 
System Care Antivirus und SpyHunter 4. wie entfernen? - Standard

System Care Antivirus und SpyHunter 4. wie entfernen?



12:31:46.0396 5784 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:31:46.0543 5784 ============================================================
12:31:46.0543 5784 Current date / time: 2013/06/09 12:31:46.0543
12:31:46.0543 5784 SystemInfo:
12:31:46.0543 5784
12:31:46.0543 5784 OS Version: 6.1.7600 ServicePack: 0.0
12:31:46.0543 5784 Product type: Workstation
12:31:46.0543 5784 ComputerName: USERLE-PC
12:31:46.0543 5784 UserName: userle
12:31:46.0543 5784 Windows directory: C:\Windows
12:31:46.0543 5784 System windows directory: C:\Windows
12:31:46.0544 5784 Processor architecture: Intel x86
12:31:46.0544 5784 Number of processors: 2
12:31:46.0544 5784 Page size: 0x1000
12:31:46.0544 5784 Boot type: Normal boot
12:31:46.0544 5784 ============================================================
12:31:49.0825 5784 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:31:49.0826 5784 ============================================================
12:31:49.0826 5784 \Device\Harddisk0\DR0:
12:31:49.0827 5784 MBR partitions:
12:31:49.0827 5784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:31:49.0827 5784 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
12:31:49.0827 5784 ============================================================
12:31:49.0840 5784 C: <-> \Device\Harddisk0\DR0\Partition2
12:31:49.0841 5784 ============================================================
12:31:49.0841 5784 Initialize success
12:31:49.0841 5784 ============================================================
12:32:42.0881 4812 ============================================================
12:32:42.0881 4812 Scan started
12:32:42.0881 4812 Mode: Manual; SigCheck; TDLFS;
12:32:42.0881 4812 ============================================================
12:32:54.0722 4812 ================ Scan system memory ========================
12:32:54.0722 4812 System memory - ok
12:32:54.0722 4812 ================ Scan services =============================
12:32:55.0493 4812 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:32:55.0904 4812 1394ohci - ok
12:32:55.0993 4812 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:32:56.0015 4812 ACPI - ok
12:32:56.0069 4812 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:32:56.0242 4812 AcpiPmi - ok
12:32:56.0434 4812 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:32:56.0447 4812 AdobeARMservice - ok
12:32:56.0531 4812 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:32:56.0547 4812 AdobeFlashPlayerUpdateSvc - ok
12:32:56.0652 4812 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:32:56.0674 4812 adp94xx - ok
12:32:56.0816 4812 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:32:56.0839 4812 adpahci - ok
12:32:57.0080 4812 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:32:57.0095 4812 adpu320 - ok
12:32:57.0303 4812 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:32:57.0389 4812 AeLookupSvc - ok
12:32:57.0526 4812 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
12:32:57.0580 4812 AFD - ok
12:32:57.0634 4812 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:32:57.0648 4812 agp440 - ok
12:32:58.0123 4812 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:32:58.0191 4812 aic78xx - ok
12:32:58.0356 4812 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:32:58.0432 4812 ALG - ok
12:32:58.0552 4812 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:32:58.0567 4812 aliide - ok
12:32:58.0642 4812 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:32:58.0655 4812 amdagp - ok
12:32:58.0669 4812 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:32:58.0681 4812 amdide - ok
12:32:58.0724 4812 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:32:58.0750 4812 AmdK8 - ok
12:32:58.0754 4812 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:32:58.0805 4812 AmdPPM - ok
12:32:58.0939 4812 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:32:58.0952 4812 amdsata - ok
12:32:59.0047 4812 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:32:59.0061 4812 amdsbs - ok
12:32:59.0151 4812 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:32:59.0163 4812 amdxata - ok
12:32:59.0232 4812 [ 39E58CE46F87D039994F20B4295887CC ] AndNetDiag C:\Windows\system32\DRIVERS\lgandnetdiag.sys
12:32:59.0292 4812 AndNetDiag - ok
12:32:59.0311 4812 [ 2D9231585B67DC7432D135F1EA305655 ] ANDNetModem C:\Windows\system32\DRIVERS\lgandnetmodem.sys
12:32:59.0424 4812 ANDNetModem - ok
12:32:59.0630 4812 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:32:59.0670 4812 AntiVirSchedulerService - ok
12:32:59.0776 4812 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:32:59.0786 4812 AntiVirService - ok
12:32:59.0987 4812 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
12:33:00.0090 4812 AppID - ok
12:33:00.0179 4812 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:33:00.0427 4812 AppIDSvc - ok
12:33:00.0612 4812 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
12:33:00.0722 4812 Appinfo - ok
12:33:00.0879 4812 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:33:00.0889 4812 Apple Mobile Device - ok
12:33:00.0948 4812 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
12:33:01.0045 4812 AppMgmt - ok
12:33:01.0211 4812 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:33:01.0224 4812 arc - ok
12:33:01.0246 4812 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:33:01.0262 4812 arcsas - ok
12:33:01.0342 4812 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:33:01.0375 4812 AsyncMac - ok
12:33:01.0401 4812 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:33:01.0414 4812 atapi - ok
12:33:01.0531 4812 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:33:01.0618 4812 AudioEndpointBuilder - ok
12:33:01.0653 4812 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:33:01.0693 4812 Audiosrv - ok
12:33:01.0735 4812 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:33:01.0788 4812 avgntflt - ok
12:33:01.0868 4812 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:33:01.0883 4812 avipbb - ok
12:33:01.0924 4812 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:33:01.0935 4812 avkmgr - ok
12:33:02.0050 4812 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:33:02.0159 4812 AxInstSV - ok
12:33:02.0220 4812 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:33:02.0354 4812 b06bdrv - ok
12:33:02.0416 4812 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:33:02.0443 4812 b57nd60x - ok
12:33:02.0556 4812 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:33:02.0670 4812 BDESVC - ok
12:33:02.0842 4812 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:33:02.0888 4812 Beep - ok
12:33:02.0998 4812 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
12:33:03.0077 4812 BFE - ok
12:33:03.0145 4812 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
12:33:03.0276 4812 BITS - ok
12:33:03.0295 4812 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:33:03.0340 4812 blbdrive - ok
12:33:03.0477 4812 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:33:03.0492 4812 Bonjour Service - ok
12:33:03.0556 4812 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:33:03.0617 4812 bowser - ok
12:33:03.0651 4812 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:33:03.0729 4812 BrFiltLo - ok
12:33:03.0734 4812 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:33:03.0810 4812 BrFiltUp - ok
12:33:03.0907 4812 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
12:33:04.0107 4812 Browser - ok
12:33:04.0237 4812 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:33:04.0380 4812 Brserid - ok
12:33:04.0417 4812 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:33:04.0518 4812 BrSerWdm - ok
12:33:04.0538 4812 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:33:04.0563 4812 BrUsbMdm - ok
12:33:04.0578 4812 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:33:04.0616 4812 BrUsbSer - ok
12:33:04.0735 4812 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:33:04.0762 4812 BthEnum - ok
12:33:04.0808 4812 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:33:04.0835 4812 BTHMODEM - ok
12:33:04.0890 4812 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:33:04.0952 4812 BthPan - ok
12:33:05.0011 4812 [ 4A34888E13224678DD062466AFEC4240 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
12:33:05.0052 4812 BTHPORT - ok
12:33:05.0102 4812 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:33:05.0134 4812 bthserv - ok
12:33:05.0172 4812 [ FA04C63916FA221DBB91FCE153D07A55 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
12:33:05.0254 4812 BTHUSB - ok
12:33:05.0320 4812 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:33:05.0356 4812 cdfs - ok
12:33:05.0424 4812 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:33:05.0483 4812 cdrom - ok
12:33:05.0628 4812 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
12:33:05.0799 4812 CertPropSvc - ok
12:33:05.0946 4812 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:33:05.0985 4812 circlass - ok
12:33:06.0013 4812 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:33:06.0029 4812 CLFS - ok
12:33:06.0254 4812 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:33:06.0265 4812 clr_optimization_v2.0.50727_32 - ok
12:33:06.0466 4812 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:33:06.0477 4812 clr_optimization_v4.0.30319_32 - ok
12:33:06.0513 4812 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:33:06.0577 4812 CmBatt - ok
12:33:06.0623 4812 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:33:06.0636 4812 cmdide - ok
12:33:06.0664 4812 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
12:33:06.0703 4812 CNG - ok
12:33:06.0800 4812 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:33:06.0812 4812 Compbatt - ok
12:33:06.0905 4812 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:33:06.0919 4812 CompositeBus - ok
12:33:06.0937 4812 COMSysApp - ok
12:33:06.0949 4812 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:33:06.0960 4812 crcdisk - ok
12:33:07.0046 4812 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:33:07.0227 4812 CryptSvc - ok
12:33:07.0276 4812 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
12:33:07.0350 4812 CSC - ok
12:33:07.0450 4812 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
12:33:07.0489 4812 CscService - ok
12:33:07.0580 4812 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
12:33:07.0635 4812 DcomLaunch - ok
12:33:07.0686 4812 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:33:07.0808 4812 defragsvc - ok
12:33:07.0919 4812 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:33:07.0957 4812 DfsC - ok
12:33:08.0078 4812 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:33:08.0213 4812 Dhcp - ok
12:33:08.0247 4812 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:33:08.0290 4812 discache - ok
12:33:08.0338 4812 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:33:08.0349 4812 Disk - ok
12:33:08.0450 4812 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:33:08.0563 4812 Dnscache - ok
12:33:08.0604 4812 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
12:33:08.0645 4812 dot3svc - ok
12:33:08.0658 4812 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
12:33:08.0728 4812 DPS - ok
12:33:08.0829 4812 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:33:08.0895 4812 drmkaud - ok
12:33:08.0929 4812 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:33:08.0942 4812 dtsoftbus01 - ok
12:33:09.0026 4812 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:33:09.0087 4812 DXGKrnl - ok
12:33:09.0185 4812 [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:33:09.0203 4812 E1G60 - ok
12:33:09.0363 4812 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:33:09.0528 4812 EapHost - ok
12:33:09.0655 4812 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:33:09.0794 4812 ebdrv - ok
12:33:10.0013 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
12:33:10.0104 4812 EFS - ok
12:33:10.0218 4812 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:33:10.0324 4812 ehRecvr - ok
12:33:10.0443 4812 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
12:33:10.0504 4812 ehSched - ok
12:33:10.0549 4812 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:33:10.0568 4812 elxstor - ok
12:33:10.0582 4812 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:33:10.0624 4812 ErrDev - ok
12:33:10.0858 4812 [ 2407B8164E966755BC6A4242FC9DE31E ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
12:33:10.0867 4812 esgiguard - ok
12:33:11.0127 4812 [ 01CE484FF6D70A39479BC6D619DE7ED6 ] EsgScanner C:\Windows\system32\DRIVERS\EsgScanner.sys
12:33:11.0147 4812 EsgScanner - ok
12:33:11.0257 4812 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:33:11.0287 4812 EventSystem - ok
12:33:11.0316 4812 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:33:11.0401 4812 exfat - ok
12:33:11.0487 4812 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:33:11.0524 4812 fastfat - ok
12:33:11.0582 4812 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
12:33:11.0705 4812 Fax - ok
12:33:11.0723 4812 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:33:11.0748 4812 fdc - ok
12:33:11.0752 4812 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:33:11.0788 4812 fdPHost - ok
12:33:11.0797 4812 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:33:11.0842 4812 FDResPub - ok
12:33:11.0881 4812 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:33:11.0893 4812 FileInfo - ok
12:33:11.0922 4812 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:33:11.0962 4812 Filetrace - ok
12:33:12.0036 4812 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:33:12.0110 4812 flpydisk - ok
12:33:12.0150 4812 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:33:12.0164 4812 FltMgr - ok
12:33:12.0216 4812 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
12:33:12.0304 4812 FontCache - ok
12:33:12.0470 4812 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:33:12.0480 4812 FontCache3.0.0.0 - ok
12:33:12.0504 4812 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:33:12.0516 4812 FsDepends - ok
12:33:12.0547 4812 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:33:12.0559 4812 Fs_Rec - ok
12:33:12.0598 4812 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:33:12.0614 4812 fvevol - ok
12:33:12.0654 4812 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:33:12.0666 4812 gagp30kx - ok
12:33:12.0702 4812 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:33:12.0710 4812 GEARAspiWDM - ok
12:33:12.0749 4812 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
12:33:12.0812 4812 gpsvc - ok
12:33:12.0956 4812 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:33:12.0965 4812 gupdate - ok
12:33:12.0970 4812 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:33:12.0981 4812 gupdatem - ok
12:33:13.0074 4812 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:33:13.0125 4812 hcw85cir - ok
12:33:13.0234 4812 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:33:13.0267 4812 HdAudAddService - ok
12:33:13.0349 4812 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:33:13.0383 4812 HDAudBus - ok
12:33:13.0411 4812 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:33:13.0431 4812 HidBatt - ok
12:33:13.0437 4812 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:33:13.0493 4812 HidBth - ok
12:33:13.0527 4812 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:33:13.0554 4812 HidIr - ok
12:33:13.0580 4812 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
12:33:13.0619 4812 hidserv - ok
12:33:13.0643 4812 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:33:13.0669 4812 HidUsb - ok
12:33:13.0731 4812 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:33:13.0771 4812 hkmsvc - ok
12:33:13.0789 4812 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:33:13.0833 4812 HomeGroupListener - ok
12:33:13.0906 4812 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:33:13.0950 4812 HomeGroupProvider - ok
12:33:14.0002 4812 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:33:14.0014 4812 HpSAMD - ok
12:33:14.0059 4812 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:33:14.0145 4812 HTTP - ok
12:33:14.0157 4812 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:33:14.0169 4812 hwpolicy - ok
12:33:14.0227 4812 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:33:14.0294 4812 i8042prt - ok
12:33:14.0358 4812 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:33:14.0375 4812 iaStorV - ok
12:33:14.0504 4812 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:33:14.0543 4812 idsvc - ok
12:33:14.0599 4812 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:33:14.0611 4812 iirsp - ok
12:33:14.0739 4812 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
12:33:14.0897 4812 IKEEXT - ok
12:33:14.0970 4812 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:33:14.0982 4812 intelide - ok
12:33:15.0079 4812 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:33:15.0092 4812 intelppm - ok
12:33:15.0140 4812 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:33:15.0179 4812 IPBusEnum - ok
12:33:15.0207 4812 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:33:15.0264 4812 IpFilterDriver - ok
12:33:15.0413 4812 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:33:15.0568 4812 iphlpsvc - ok
12:33:15.0646 4812 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:33:15.0658 4812 IPMIDRV - ok
12:33:15.0699 4812 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:33:15.0740 4812 IPNAT - ok
12:33:15.0805 4812 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:33:15.0823 4812 iPod Service - ok
12:33:15.0894 4812 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:33:15.0910 4812 IRENUM - ok
12:33:15.0996 4812 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:33:16.0008 4812 isapnp - ok
12:33:16.0048 4812 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:33:16.0062 4812 iScsiPrt - ok
12:33:16.0156 4812 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:33:16.0168 4812 kbdclass - ok
12:33:16.0548 4812 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:33:16.0636 4812 kbdhid - ok
12:33:16.0657 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
12:33:16.0670 4812 KeyIso - ok
12:33:16.0864 4812 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:33:16.0877 4812 KSecDD - ok
12:33:17.0025 4812 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:33:17.0056 4812 KSecPkg - ok
12:33:17.0122 4812 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:33:17.0189 4812 KtmRm - ok
12:33:17.0307 4812 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
12:33:17.0432 4812 LanmanServer - ok
12:33:17.0471 4812 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:33:17.0503 4812 LanmanWorkstation - ok
12:33:17.0584 4812 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:33:17.0610 4812 lltdio - ok
12:33:17.0702 4812 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:33:17.0770 4812 lltdsvc - ok
12:33:17.0831 4812 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:33:17.0872 4812 lmhosts - ok
12:33:18.0062 4812 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:33:18.0075 4812 LSI_FC - ok
12:33:18.0276 4812 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:33:18.0289 4812 LSI_SAS - ok
12:33:18.0307 4812 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:33:18.0319 4812 LSI_SAS2 - ok
12:33:18.0325 4812 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:33:18.0338 4812 LSI_SCSI - ok
12:33:18.0377 4812 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:33:18.0426 4812 luafv - ok
12:33:18.0499 4812 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:33:18.0544 4812 Mcx2Svc - ok
12:33:18.0634 4812 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:33:18.0645 4812 megasas - ok
12:33:18.0981 4812 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:33:18.0996 4812 MegaSR - ok
12:33:19.0070 4812 Microsoft SharePoint Workspace Audit Service - ok
12:33:19.0270 4812 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:33:19.0297 4812 MMCSS - ok
12:33:19.0361 4812 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:33:19.0405 4812 Modem - ok
12:33:19.0450 4812 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:33:19.0599 4812 monitor - ok
12:33:19.0661 4812 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:33:19.0675 4812 mouclass - ok
12:33:19.0749 4812 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:33:19.0769 4812 mouhid - ok
12:33:20.0107 4812 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:33:20.0122 4812 mountmgr - ok
12:33:20.0406 4812 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:33:20.0418 4812 MozillaMaintenance - ok
12:33:20.0633 4812 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\drivers\mpio.sys
12:33:20.0660 4812 mpio - ok
12:33:20.0792 4812 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:33:20.0848 4812 mpsdrv - ok
12:33:21.0024 4812 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
12:33:21.0354 4812 MpsSvc - ok
12:33:21.0380 4812 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:33:21.0404 4812 MRxDAV - ok
12:33:21.0463 4812 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:33:21.0492 4812 mrxsmb - ok
12:33:21.0752 4812 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:33:21.0766 4812 mrxsmb10 - ok
12:33:21.0815 4812 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:33:21.0828 4812 mrxsmb20 - ok
12:33:21.0983 4812 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\drivers\msahci.sys
12:33:21.0996 4812 msahci - ok
12:33:22.0034 4812 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:33:22.0067 4812 msdsm - ok
12:33:22.0217 4812 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:33:22.0277 4812 MSDTC - ok
12:33:22.0337 4812 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:33:22.0363 4812 Msfs - ok
12:33:22.0458 4812 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:33:22.0628 4812 mshidkmdf - ok
12:33:22.0846 4812 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:33:22.0857 4812 msisadrv - ok
12:33:23.0129 4812 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:33:23.0172 4812 MSiSCSI - ok
12:33:23.0181 4812 msiserver - ok
12:33:23.0328 4812 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:33:24.0153 4812 MSKSSRV - ok
12:33:24.0168 4812 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:33:24.0214 4812 MSPCLOCK - ok
12:33:24.0349 4812 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:33:24.0400 4812 MSPQM - ok
12:33:24.0499 4812 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:33:24.0515 4812 MsRPC - ok
12:33:24.0613 4812 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:33:24.0625 4812 mssmbios - ok
12:33:24.0694 4812 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:33:24.0719 4812 MSTEE - ok
12:33:24.0746 4812 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:33:24.0772 4812 MTConfig - ok
12:33:24.0816 4812 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:33:24.0828 4812 Mup - ok
12:33:24.0874 4812 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
12:33:25.0052 4812 napagent - ok
12:33:25.0499 4812 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:33:25.0523 4812 NativeWifiP - ok
12:33:25.0644 4812 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:33:25.0668 4812 NDIS - ok
12:33:25.0717 4812 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:33:25.0808 4812 NdisCap - ok
12:33:25.0851 4812 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:33:25.0885 4812 NdisTapi - ok
12:33:25.0956 4812 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:33:25.0984 4812 Ndisuio - ok
12:33:26.0097 4812 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:33:26.0130 4812 NdisWan - ok
12:33:26.0238 4812 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:33:26.0270 4812 NDProxy - ok
12:33:26.0407 4812 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:33:26.0446 4812 NetBIOS - ok
12:33:26.0669 4812 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:33:26.0757 4812 NetBT - ok
12:33:26.0980 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
12:33:26.0993 4812 Netlogon - ok
12:33:27.0496 4812 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:33:27.0612 4812 Netman - ok
12:33:27.0746 4812 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:33:27.0806 4812 netprofm - ok
12:33:27.0873 4812 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:33:27.0883 4812 NetTcpPortSharing - ok
12:33:27.0979 4812 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
12:33:28.0249 4812 netw5v32 - ok
12:33:28.0635 4812 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:33:28.0649 4812 nfrd960 - ok
12:33:28.0936 4812 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
12:33:29.0044 4812 NlaSvc - ok
12:33:29.0139 4812 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
12:33:29.0210 4812 NMSAccess - ok
12:33:29.0321 4812 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:33:29.0362 4812 Npfs - ok
12:33:29.0467 4812 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:33:29.0495 4812 nsi - ok
12:33:29.0623 4812 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:33:29.0690 4812 nsiproxy - ok
12:33:29.0827 4812 [ 5126C5402C730C2A953275D8497A4715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:33:29.0884 4812 Ntfs - ok
12:33:29.0962 4812 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:33:30.0033 4812 Null - ok
12:33:30.0603 4812 [ 2FA5434344AF84D73F66BA402FF78690 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:33:30.0906 4812 nvlddmkm - ok
12:33:31.0004 4812 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:33:31.0017 4812 nvraid - ok
12:33:31.0219 4812 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:33:31.0236 4812 nvstor - ok
12:33:31.0463 4812 [ B785320CBCF5021DE9945C803696C511 ] nvsvc C:\Windows\system32\nvvsvc.exe
12:33:31.0500 4812 nvsvc - ok
12:33:31.0652 4812 [ D2B064796C369F82E96397F721C4A29D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:33:31.0695 4812 nvUpdatusService - ok
12:33:31.0814 4812 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:33:31.0827 4812 nv_agp - ok
12:33:31.0889 4812 [ 86326062A90494BDD79CE383511D7D69 ] OEM04Vfx C:\Windows\system32\DRIVERS\OEM04Vfx.sys
12:33:31.0908 4812 OEM04Vfx - ok
12:33:32.0099 4812 [ 40E9BFD9F64DFB32C1EAFBAA0576C55D ] OEM04Vid C:\Windows\system32\DRIVERS\OEM04Vid.sys
12:33:32.0121 4812 OEM04Vid - ok
12:33:32.0299 4812 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:33:32.0336 4812 ohci1394 - ok
12:33:32.0688 4812 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:33:32.0699 4812 ose - ok
12:33:33.0040 4812 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:33:33.0197 4812 osppsvc - ok
12:33:33.0282 4812 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:33:33.0392 4812 p2pimsvc - ok
12:33:33.0413 4812 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:33:33.0431 4812 p2psvc - ok
12:33:33.0471 4812 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:33:33.0492 4812 Parport - ok
12:33:33.0600 4812 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:33:33.0612 4812 partmgr - ok
12:33:33.0782 4812 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:33:33.0810 4812 Parvdm - ok
12:33:34.0109 4812 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:33:34.0141 4812 PcaSvc - ok
12:33:34.0193 4812 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\drivers\pci.sys
12:33:34.0206 4812 pci - ok
12:33:34.0418 4812 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
12:33:34.0430 4812 pciide - ok
12:33:34.0703 4812 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:33:34.0723 4812 pcmcia - ok
12:33:34.0893 4812 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:33:34.0906 4812 pcw - ok
12:33:35.0019 4812 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:33:35.0112 4812 PEAUTH - ok
12:33:35.0312 4812 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:33:35.0403 4812 PeerDistSvc - ok
12:33:35.0546 4812 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
12:33:35.0675 4812 pla - ok
12:33:35.0738 4812 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:33:35.0809 4812 PlugPlay - ok
12:33:35.0844 4812 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:33:35.0869 4812 PNRPAutoReg - ok
12:33:35.0904 4812 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:33:35.0919 4812 PNRPsvc - ok
12:33:35.0953 4812 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:33:36.0238 4812 PolicyAgent - ok
12:33:36.0397 4812 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
12:33:36.0425 4812 Power - ok
12:33:36.0666 4812 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:33:36.0766 4812 PptpMiniport - ok
12:33:36.0912 4812 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:33:36.0941 4812 Processor - ok
12:33:37.0271 4812 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
12:33:37.0356 4812 ProfSvc - ok
12:33:37.0457 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:33:37.0481 4812 ProtectedStorage - ok
12:33:37.0755 4812 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:33:37.0790 4812 Psched - ok
12:33:37.0933 4812 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:33:38.0005 4812 ql2300 - ok
12:33:38.0084 4812 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:33:38.0096 4812 ql40xx - ok
12:33:38.0141 4812 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:33:38.0312 4812 QWAVE - ok
12:33:38.0355 4812 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:33:38.0369 4812 QWAVEdrv - ok
12:33:38.0505 4812 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:33:38.0538 4812 RasAcd - ok
12:33:38.0986 4812 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:33:39.0033 4812 RasAgileVpn - ok
12:33:39.0542 4812 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:33:39.0575 4812 RasAuto - ok
12:33:39.0955 4812 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:33:40.0014 4812 Rasl2tp - ok
12:33:40.0327 4812 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
12:33:40.0362 4812 RasMan - ok
12:33:40.0527 4812 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:33:40.0564 4812 RasPppoe - ok
12:33:40.0662 4812 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:33:40.0688 4812 RasSstp - ok
12:33:41.0221 4812 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:33:41.0311 4812 rdbss - ok
12:33:41.0483 4812 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:33:41.0514 4812 rdpbus - ok
12:33:41.0531 4812 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:33:41.0556 4812 RDPCDD - ok
12:33:41.0588 4812 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:33:41.0631 4812 RDPDR - ok
12:33:41.0748 4812 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:33:41.0785 4812 RDPENCDD - ok
12:33:41.0957 4812 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:33:41.0986 4812 RDPREFMP - ok
12:33:42.0177 4812 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:33:42.0225 4812 RDPWD - ok
12:33:42.0330 4812 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:33:42.0344 4812 rdyboost - ok
12:33:42.0521 4812 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:33:42.0556 4812 RemoteAccess - ok
12:33:42.0587 4812 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:33:42.0619 4812 RemoteRegistry - ok
12:33:42.0723 4812 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:33:43.0093 4812 RFCOMM - ok
12:33:43.0157 4812 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
12:33:43.0302 4812 rimmptsk - ok
12:33:43.0466 4812 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
12:33:43.0506 4812 rimsptsk - ok
12:33:43.0511 4812 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
12:33:43.0948 4812 rismxdp - ok
12:33:44.0020 4812 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:33:44.0059 4812 RpcEptMapper - ok
12:33:44.0296 4812 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:33:44.0317 4812 RpcLocator - ok
12:33:44.0681 4812 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
12:33:44.0712 4812 RpcSs - ok
12:33:45.0413 4812 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:33:45.0451 4812 rspndr - ok
12:33:45.0608 4812 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:33:45.0640 4812 s3cap - ok
12:33:45.0757 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
12:33:45.0770 4812 SamSs - ok
12:33:45.0859 4812 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:33:45.0871 4812 sbp2port - ok
12:33:45.0950 4812 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:33:45.0990 4812 SCardSvr - ok
12:33:46.0178 4812 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:33:46.0212 4812 scfilter - ok
12:33:46.0294 4812 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
12:33:46.0560 4812 Schedule - ok
12:33:46.0640 4812 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:33:46.0669 4812 SCPolicySvc - ok
12:33:46.0706 4812 [ AA826E35F6D28A8E5D1EFEB337F24BA2 ] sdbus C:\Windows\system32\drivers\sdbus.sys
12:33:46.0731 4812 sdbus - ok
12:33:47.0120 4812 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:33:47.0211 4812 SDRSVC - ok
12:33:47.0265 4812 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:33:47.0304 4812 secdrv - ok
12:33:47.0457 4812 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:33:47.0671 4812 seclogon - ok
12:33:47.0754 4812 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
12:33:47.0836 4812 SENS - ok
12:33:48.0080 4812 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:33:48.0118 4812 SensrSvc - ok
12:33:48.0194 4812 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:33:48.0207 4812 Serenum - ok
12:33:48.0255 4812 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:33:48.0269 4812 Serial - ok
12:33:48.0666 4812 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:33:48.0687 4812 sermouse - ok
12:33:49.0140 4812 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
12:33:49.0179 4812 SessionEnv - ok
12:33:49.0408 4812 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
12:33:49.0655 4812 sffdisk - ok
12:33:49.0722 4812 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:33:49.0749 4812 sffp_mmc - ok
12:33:50.0023 4812 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
12:33:50.0442 4812 sffp_sd - ok
12:33:50.0461 4812 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:33:50.0503 4812 sfloppy - ok
12:33:50.0537 4812 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:33:50.0566 4812 SharedAccess - ok
12:33:51.0459 4812 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:33:51.0537 4812 ShellHWDetection - ok
12:33:51.0720 4812 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:33:51.0733 4812 sisagp - ok
12:33:52.0173 4812 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:33:52.0185 4812 SiSRaid2 - ok
12:33:52.0220 4812 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:33:52.0236 4812 SiSRaid4 - ok
12:33:52.0639 4812 [ 2F5AF9D91D51E832773D4A9EAF65CB33 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:33:52.0650 4812 SkypeUpdate - ok
12:33:52.0795 4812 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:33:52.0846 4812 Smb - ok
12:33:53.0037 4812 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:33:53.0099 4812 SNMPTRAP - ok
12:33:53.0337 4812 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:33:53.0418 4812 spldr - ok
12:33:53.0651 4812 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
12:33:53.0709 4812 Spooler - ok
12:33:53.0832 4812 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
12:33:53.0932 4812 sppsvc - ok
12:33:54.0016 4812 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:33:54.0054 4812 sppuinotify - ok
12:33:54.0195 4812 [ 85CD5B92052C3D285CC91244C593A1AC ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
12:33:54.0229 4812 SpyHunter 4 Service - ok
12:33:54.0263 4812 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:33:54.0323 4812 srv - ok
12:33:54.0414 4812 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:33:54.0456 4812 srv2 - ok
12:33:54.0516 4812 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:33:54.0541 4812 srvnet - ok
12:33:54.0613 4812 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:33:54.0921 4812 SSDPSRV - ok
12:33:54.0959 4812 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
12:33:54.0968 4812 ssmdrv - ok
12:33:55.0094 4812 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:33:55.0122 4812 SstpSvc - ok
12:33:55.0464 4812 [ 6F855B5625A47F3AC731A262FDC379A6 ] STacSV C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
12:33:55.0492 4812 STacSV - ok
12:33:55.0613 4812 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
12:33:55.0631 4812 StarOpen ( UnsignedFile.Multi.Generic ) - warning
12:33:55.0631 4812 StarOpen - detected UnsignedFile.Multi.Generic (1)
12:33:55.0675 4812 [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:33:55.0691 4812 Stereo Service - ok
12:33:55.0718 4812 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:33:55.0730 4812 stexstor - ok
12:33:55.0792 4812 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\Windows\system32\drivers\sthda.sys
12:33:56.0139 4812 STHDA - ok
12:33:56.0413 4812 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
12:33:56.0473 4812 StiSvc - ok
12:33:56.0496 4812 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:33:56.0508 4812 storflt - ok
12:33:56.0548 4812 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:33:56.0561 4812 storvsc - ok
12:33:56.0710 4812 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
12:33:56.0722 4812 swenum - ok
12:33:56.0924 4812 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:33:56.0986 4812 swprv - ok
12:33:57.0178 4812 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
12:33:57.0229 4812 SysMain - ok
12:33:57.0368 4812 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:33:57.0462 4812 TabletInputService - ok
12:33:57.0519 4812 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
12:33:57.0556 4812 TapiSrv - ok
12:33:57.0709 4812 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:33:57.0755 4812 TBS - ok
12:33:57.0846 4812 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:33:57.0901 4812 Tcpip - ok
12:33:58.0080 4812 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:33:58.0109 4812 TCPIP6 - ok
12:33:58.0142 4812 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:33:58.0219 4812 tcpipreg - ok
12:33:58.0284 4812 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:33:58.0331 4812 TDPIPE - ok
12:33:58.0528 4812 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:33:58.0576 4812 TDTCP - ok
12:33:58.0636 4812 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:33:58.0662 4812 tdx - ok
12:33:58.0734 4812 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:33:58.0746 4812 TermDD - ok
12:33:58.0785 4812 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
12:33:58.0934 4812 TermService - ok
12:33:59.0147 4812 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:33:59.0163 4812 Themes - ok
12:33:59.0181 4812 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:33:59.0208 4812 THREADORDER - ok
12:33:59.0527 4812 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:33:59.0696 4812 TrkWks - ok
12:33:59.0760 4812 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:33:59.0776 4812 TrustedInstaller - ok
12:33:59.0811 4812 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:33:59.0837 4812 tssecsrv - ok
12:34:00.0018 4812 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:34:00.0044 4812 tunnel - ok
12:34:00.0151 4812 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:34:00.0164 4812 uagp35 - ok
12:34:00.0179 4812 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:34:00.0221 4812 udfs - ok
12:34:00.0367 4812 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:34:00.0396 4812 UI0Detect - ok
12:34:00.0686 4812 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:34:00.0698 4812 uliagpkx - ok
12:34:00.0756 4812 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\drivers\umbus.sys
12:34:00.0781 4812 umbus - ok
12:34:00.0991 4812 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:34:01.0025 4812 UmPass - ok
12:34:01.0356 4812 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
12:34:01.0423 4812 UmRdpService - ok
12:34:01.0623 4812 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:34:01.0667 4812 upnphost - ok
12:34:01.0885 4812 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
12:34:01.0910 4812 USBAAPL - ok
12:34:02.0269 4812 [ AF9388E736AF0C325067F05EDC350010 ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
12:34:02.0308 4812 usbbus - ok
12:34:02.0437 4812 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:34:02.0451 4812 usbccgp - ok
12:34:02.0726 4812 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:34:02.0740 4812 usbcir - ok
12:34:02.0965 4812 [ AE30EA96E60E823C7B525DA356283AE8 ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys
12:34:02.0985 4812 UsbDiag - ok
12:34:03.0134 4812 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:34:03.0171 4812 usbehci - ok
12:34:03.0358 4812 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\drivers\usbhub.sys
12:34:03.0968 4812 usbhub - ok
12:34:04.0128 4812 [ 46AC66DF3D6EFE81F69BEA823A53AAB5 ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys
12:34:04.0152 4812 USBModem - ok
12:34:04.0186 4812 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:34:04.0214 4812 usbohci - ok
12:34:04.0523 4812 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:34:04.0616 4812 usbprint - ok
12:34:04.0809 4812 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:34:04.0859 4812 USBSTOR - ok
12:34:05.0046 4812 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:34:05.0084 4812 usbuhci - ok
12:34:05.0225 4812 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:34:05.0262 4812 usbvideo - ok
12:34:05.0440 4812 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:34:05.0476 4812 UxSms - ok
12:34:05.0634 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
12:34:05.0792 4812 VaultSvc - ok
12:34:05.0989 4812 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:34:06.0002 4812 vdrvroot - ok
12:34:06.0792 4812 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
12:34:07.0024 4812 vds - ok
12:34:07.0174 4812 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:34:07.0326 4812 vga - ok
12:34:07.0574 4812 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:34:07.0601 4812 VgaSave - ok
12:34:07.0959 4812 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:34:07.0973 4812 vhdmp - ok
12:34:08.0013 4812 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:34:08.0025 4812 viaagp - ok
12:34:08.0502 4812 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:34:08.0732 4812 ViaC7 - ok
12:34:08.0757 4812 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
12:34:08.0769 4812 viaide - ok
12:34:08.0948 4812 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:34:08.0962 4812 vmbus - ok
12:34:08.0990 4812 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:34:09.0017 4812 VMBusHID - ok
12:34:09.0276 4812 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:34:09.0294 4812 volmgr - ok
12:34:09.0440 4812 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:34:09.0457 4812 volmgrx - ok
12:34:09.0812 4812 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:34:09.0827 4812 volsnap - ok
12:34:09.0874 4812 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:34:09.0888 4812 vsmraid - ok
12:34:10.0059 4812 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
12:34:10.0254 4812 VSS - ok
12:34:10.0264 4812 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:34:10.0291 4812 vwifibus - ok
12:34:10.0715 4812 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
12:34:10.0781 4812 W32Time - ok
12:34:11.0146 4812 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:34:11.0159 4812 WacomPen - ok
12:34:11.0194 4812 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:34:11.0220 4812 WANARP - ok
12:34:11.0229 4812 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:34:11.0264 4812 Wanarpv6 - ok
12:34:11.0371 4812 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
12:34:11.0452 4812 wbengine - ok
12:34:11.0487 4812 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:34:11.0516 4812 WbioSrvc - ok
12:34:11.0541 4812 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:34:11.0588 4812 wcncsvc - ok
12:34:11.0631 4812 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:34:11.0666 4812 WcsPlugInService - ok
12:34:11.0789 4812 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:34:11.0804 4812 Wd - ok
12:34:11.0916 4812 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:34:11.0939 4812 Wdf01000 - ok
12:34:12.0124 4812 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:34:12.0157 4812 WdiServiceHost - ok
12:34:12.0160 4812 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:34:12.0177 4812 WdiSystemHost - ok
12:34:12.0437 4812 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
12:34:12.0499 4812 WebClient - ok
12:34:12.0727 4812 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:34:12.0755 4812 Wecsvc - ok
12:34:12.0836 4812 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:34:12.0881 4812 wercplsupport - ok
12:34:12.0943 4812 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:34:12.0976 4812 WerSvc - ok
12:34:13.0281 4812 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:34:13.0308 4812 WfpLwf - ok
12:34:13.0473 4812 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:34:13.0485 4812 WIMMount - ok
12:34:13.0559 4812 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:34:13.0585 4812 WinDefend - ok
12:34:13.0594 4812 WinHttpAutoProxySvc - ok
12:34:13.0954 4812 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:34:13.0996 4812 Winmgmt - ok
12:34:14.0277 4812 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
12:34:14.0345 4812 WinRM - ok
12:34:14.0711 4812 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
12:34:14.0725 4812 WinUsb - ok
12:34:15.0130 4812 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:34:15.0294 4812 Wlansvc - ok
12:34:15.0379 4812 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:34:15.0402 4812 WmiAcpi - ok
12:34:15.0646 4812 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:34:15.0675 4812 wmiApSrv - ok
12:34:15.0942 4812 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:34:16.0528 4812 WMPNetworkSvc - ok
12:34:16.0613 4812 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:34:16.0768 4812 WPCSvc - ok
12:34:16.0821 4812 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:34:16.0859 4812 WPDBusEnum - ok
12:34:17.0062 4812 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:34:17.0229 4812 ws2ifsl - ok
12:34:17.0561 4812 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\System32\wscsvc.dll
12:34:17.0575 4812 wscsvc - ok
12:34:17.0579 4812 WSearch - ok
12:34:17.0824 4812 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:34:17.0897 4812 wuauserv - ok
12:34:18.0056 4812 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:34:18.0082 4812 WudfPf - ok
12:34:18.0238 4812 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:34:18.0252 4812 WUDFRd - ok
12:34:18.0917 4812 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:34:18.0939 4812 wudfsvc - ok
12:34:19.0159 4812 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:34:19.0194 4812 WwanSvc - ok
12:34:19.0399 4812 ================ Scan global ===============================
12:34:19.0436 4812 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
12:34:19.0486 4812 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
12:34:19.0494 4812 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
12:34:19.0676 4812 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:34:19.0712 4812 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:34:19.0716 4812 [Global] - ok
12:34:19.0716 4812 ================ Scan MBR ==================================
12:34:20.0157 4812 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:34:21.0099 4812 \Device\Harddisk0\DR0 - ok
12:34:21.0099 4812 ================ Scan VBR ==================================
12:34:21.0603 4812 [ C18BB8C9C6DFBAAC45D655A0CB759562 ] \Device\Harddisk0\DR0\Partition1
12:34:21.0604 4812 \Device\Harddisk0\DR0\Partition1 - ok
12:34:21.0622 4812 [ B7F5022BCF5251BFF9146270A71377B4 ] \Device\Harddisk0\DR0\Partition2
12:34:21.0626 4812 \Device\Harddisk0\DR0\Partition2 - ok
12:34:21.0626 4812 ============================================================
12:34:21.0627 4812 Scan finished
12:34:21.0627 4812 ============================================================
12:34:21.0640 5272 Detected object count: 1
12:34:21.0640 5272 Actual detected object count: 1
12:34:33.0392 5272 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:33.0392 5272 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 09.06.2013, 11:49   #10
markusg
/// Malware-holic
 
System Care Antivirus und SpyHunter 4. wie entfernen? - Standard

System Care Antivirus und SpyHunter 4. wie entfernen?



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.06.2013, 11:55   #11
Vanny
 
System Care Antivirus und SpyHunter 4. wie entfernen? - Standard

System Care Antivirus und SpyHunter 4. wie entfernen?



Combofix meldet das Avira Desktop noch läuft. Habe den Avira EchtZeit Scanner aber beendet

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-06-08.02 - userle 09.06.2013  12:57:48.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3582.2068 [GMT 2:00]
ausgeführt von:: c:\users\userle\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-09 bis 2013-06-09  ))))))))))))))))))))))))))))))
.
.
2013-06-09 11:03 . 2013-06-09 11:03	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-06-09 11:03 . 2013-06-09 11:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-09 10:06 . 2013-06-09 10:13	--------	d-----w-	C:\_OTL
2013-06-08 22:39 . 2013-06-08 22:39	110080	----a-r-	c:\users\userle\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconF7A21AF7.exe
2013-06-08 22:39 . 2013-06-08 22:39	110080	----a-r-	c:\users\userle\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconD7F16134.exe
2013-06-08 22:39 . 2013-06-08 22:39	110080	----a-r-	c:\users\userle\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconCF33A0CE.exe
2013-06-08 22:39 . 2013-06-08 22:40	--------	d-----w-	C:\sh4ldr
2013-06-08 22:39 . 2013-06-08 22:39	--------	d-----w-	c:\program files\Enigma Software Group
2013-06-08 22:38 . 2013-06-08 22:38	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2013-06-08 14:35 . 2013-06-09 10:06	--------	d-----w-	c:\programdata\D62395553691AD1D0000D622BF38B359
2013-06-08 14:33 . 2013-06-08 14:33	--------	d-----w-	c:\windows\Sun
2013-06-02 21:19 . 2013-06-02 21:19	--------	d-----w-	c:\program files\avisplit
2013-06-01 12:10 . 2012-10-17 14:37	397312	----a-w-	c:\windows\system32\TubeFinder.exe
2013-06-01 12:10 . 2013-06-01 12:10	--------	d-----w-	c:\users\userle\AppData\Roaming\FreeFLVConverter
2013-06-01 12:10 . 2011-09-28 07:18	9728	----a-w-	c:\windows\system32\PCCLPFR.DLL
2013-06-01 12:10 . 2011-09-28 07:18	84512	----a-w-	c:\windows\system32\PICCLP32.OCX
2013-06-01 12:10 . 2011-09-28 07:18	364544	----a-w-	c:\windows\system32\PropertyGrid.ocx
2013-06-01 12:10 . 2011-09-28 07:18	32768	----a-w-	c:\windows\system32\CMDLGFR.DLL
2013-06-01 12:10 . 2011-09-28 07:18	24576	----a-w-	c:\windows\system32\ControlSubX.ocx
2013-06-01 12:10 . 2011-09-28 07:18	152848	----a-w-	c:\windows\system32\COMDLG32.OCX
2013-06-01 12:10 . 2011-09-28 07:18	141312	----a-w-	c:\windows\system32\MSCMCFR.DLL
2013-06-01 12:10 . 2011-09-28 07:18	119568	----a-w-	c:\windows\system32\VB6FR.DLL
2013-06-01 12:10 . 2011-09-28 07:18	101888	----a-w-	c:\windows\system32\VB6STKIT.DLL
2013-06-01 12:09 . 2013-06-01 12:10	--------	d-----w-	c:\program files\Free FLV Converter
2013-05-17 11:40 . 2013-05-17 11:40	--------	d-----w-	c:\program files\StreamTransport
2013-05-17 11:40 . 2009-10-27 17:31	3982240	----a-w-	c:\windows\system32\Flash10d.ocx
2013-05-16 12:17 . 2013-05-16 14:04	--------	d-----w-	c:\program files\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 12:40 . 2013-02-17 21:58	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-16 12:40 . 2013-02-17 21:58	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-06 10:49 . 2013-05-06 10:49	66656	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-04-02 13:38 . 2013-04-02 13:38	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-04-02 13:38 . 2013-04-02 13:38	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-04-02 13:38 . 2013-04-02 13:38	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-25 15:20 . 2013-02-17 19:37	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-25 15:20 . 2013-02-17 19:37	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-25 15:20 . 2013-02-17 19:37	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:49	281760	----a-w-	c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-05-09 18678376]
"ICQ"="c:\program files\ICQ7.7\ICQ.exe" [2012-01-23 127040]
"Spotify Web Helper"="c:\users\userle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-03 1105408]
"Spotify"="c:\users\userle\AppData\Roaming\Spotify\Spotify.exe" [2013-05-03 4573184]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Facebook Update"="c:\users\userle\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-24 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM04Mon.exe"="c:\windows\OEM04Mon.exe" [2007-06-11 36864]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-06 345312]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-01-24 1646216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [2012-07-03 23040]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [2012-07-03 27776]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-05-06 13904]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 19984]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-25 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-03-25 86752]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-17 242240]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\DRIVERS\OEM04Vfx.sys [2007-03-05 7424]
S3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\DRIVERS\OEM04Vid.sys [2007-10-11 234720]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 87246055
*Deregistered* - 87246055
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-17 12:40]
.
2013-06-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3788470504-4243836522-2258722930-1000Core.job
- c:\users\userle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-24 13:18]
.
2013-06-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3788470504-4243836522-2258722930-1000UA.job
- c:\users\userle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-24 13:18]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-31 12:29]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-31 12:29]
.
2013-06-09 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2013-02-08 13:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\userle\AppData\Roaming\Mozilla\Firefox\Profiles\volklsg0.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-09  13:05:27
ComboFix-quarantined-files.txt  2013-06-09 11:05
.
Vor Suchlauf: 14 Verzeichnis(se), 221.590.601.728 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 221.262.155.776 Bytes frei
.
- - End Of File - - 77754A060ED049B85147A6A701EE72A3
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

muss ich jetzt noch etwas machen?

ist die Reinigung abgeschlossen?

Alt 09.06.2013, 18:16   #12
markusg
/// Malware-holic
 
System Care Antivirus und SpyHunter 4. wie entfernen? - Standard

System Care Antivirus und SpyHunter 4. wie entfernen?



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.06.2013, 20:55   #13
Vanny
 
System Care Antivirus und SpyHunter 4. wie entfernen? - Standard

System Care Antivirus und SpyHunter 4. wie entfernen?



Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.06.09.04

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
userle :: USERLE-PC [Administrator]

09.06.2013 20:37:50
mbam-log-2013-06-09 (20-37-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 383595
Laufzeit: 1 Stunde(n), 15 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Program Files\AIDA\Keymaker-ZWT.rar (Backdoor.RBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\AIDA\Keymaker-ZWT\keygen.exe (Backdoor.RBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Microsoft Office\BIE\os_x64\bie_o10install64.exe (Hacktool.Keygen.KMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Microsoft Office\BIE\os_x86\bie_o10install86.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles.zip (Trojan.Agent.SG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\06092013_120622\C_ProgramData\D62395553691AD1D0000D622BF38B359\D62395553691AD1D0000D622BF38B359.exe (Trojan.Agent.SG) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 09.06.2013, 21:32   #14
markusg
/// Malware-holic
 
System Care Antivirus und SpyHunter 4. wie entfernen? - Standard

System Care Antivirus und SpyHunter 4. wie entfernen?



C:\Program Files\AIDA\Keymaker-ZWT\keygen.exe (Backdoor.RBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Microsoft Office\BIE\os_x64\bie_o10install64.exe (Hacktool.Keygen.KMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Microsoft Office\BIE\os_x86\bie_o10install86.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

http://www.trojaner-board.de/95393-c...-software.html
deswegen gibts hier nur Hilfe beim neu aufsetzen.
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu System Care Antivirus und SpyHunter 4. wie entfernen?
antivirus, arten, backdoor.rbot, beim starten, brauche, entferne, entfernen, erkannt, festgestellt, gesucht, hacktool.keygen.kms, malware, programm, spyhunter, spyhunter entfernen, starte, starten, system care, system care antivirus backdoor spyware, tablet, trojan.agent.ck, trojan.agent.sg, trojaner, video, wie entfernen, wie entfernen?, youtube



Ähnliche Themen: System Care Antivirus und SpyHunter 4. wie entfernen?


  1. System Care Antivirus - wie kann ich es entfernen?
    Log-Analyse und Auswertung - 09.09.2013 (15)
  2. System Care Antivirus entfernen
    Log-Analyse und Auswertung - 14.08.2013 (5)
  3. System Care Antivirus entfernen, Windows 7
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (14)
  4. System Care Antivirus - wie entfernen? Bezug Thread vom 30.05.2013
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (23)
  5. System Care Antivirus entfernen
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (11)
  6. System Care Antivirus und Spyhunter
    Log-Analyse und Auswertung - 03.07.2013 (5)
  7. System Care Antivirus wie entfernen?
    Log-Analyse und Auswertung - 25.06.2013 (9)
  8. System Care Antivirus - Windows Vista infiziert - Wie entfernen?
    Log-Analyse und Auswertung - 09.06.2013 (11)
  9. System Care Antivirus wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (29)
  10. System Care Antivirus & Spyhunter
    Plagegeister aller Art und deren Bekämpfung - 30.05.2013 (11)
  11. System Care Antivirus auf Laptop -Windows 7- endgültig entfernen!
    Log-Analyse und Auswertung - 26.05.2013 (17)
  12. System Care Antivirus - entfernen mit KillProc sicher?
    Plagegeister aller Art und deren Bekämpfung - 25.05.2013 (13)
  13. System Care Antivirus - komplett entfernen?
    Log-Analyse und Auswertung - 24.05.2013 (4)
  14. System Care Antivirus & SpyHunter
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (3)
  15. Spyhunter 4 wegen "System care Antivirus" runtergeladen wie werde ich es wieder los
    Plagegeister aller Art und deren Bekämpfung - 10.05.2013 (10)
  16. System Care Antivirus mit Spyhunter entfernt - reicht das?
    Log-Analyse und Auswertung - 07.05.2013 (3)
  17. System Care Antivirus entfernen
    Anleitungen, FAQs & Links - 10.04.2013 (2)

Zum Thema System Care Antivirus und SpyHunter 4. wie entfernen? - Hallo, gestern ist beim Starten das Programm System Care Antivirus aufgetaucht. Als ich es als Trojaner erkannt habe, habe ich auf meinem Tablet nach Entfernungsmethoden gesucht bei Google. Leider habe - System Care Antivirus und SpyHunter 4. wie entfernen?...
Archiv
Du betrachtest: System Care Antivirus und SpyHunter 4. wie entfernen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.